last executing test programs: 6m17.44213833s ago: executing program 2 (id=846): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x54, 0x2c, 0xf3f, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x25cb}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x2}, @TCA_FLOW_XOR={0x8, 0x7, 0x3}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000200)={@loopback, @rand_addr=0x64010100, r1}, 0xc) 6m17.439046298s ago: executing program 2 (id=848): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB='7'], 0x0}, 0x94) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0x6) syz_emit_vhci(0x0, 0x0) 6m17.329218639s ago: executing program 2 (id=851): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r0) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r0) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="030f00000000000000000800000015000100002c"], 0x2c}}, 0x0) 6m17.320094388s ago: executing program 2 (id=853): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00') 6m17.2424149s ago: executing program 2 (id=854): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001000010025bd7000fddbdf2500000000", @ANYRES32=r1, @ANYBLOB="38030600400202002c0012801100010056726964672c0b79ba617665000000001400058008002a"], 0x4c}, 0x1, 0x0, 0x0, 0x80c5}, 0x40040c4) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) 6m16.991720584s ago: executing program 2 (id=860): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000780)={0x7, 0x0, [{0x4, 0xffffffff, 0x1, 0x7, 0x6, 0x6, 0x2}, {0x40000000, 0x4, 0x0, 0x7fff, 0x27, 0x7, 0x5}, {0x7, 0x8, 0x0, 0x2, 0x5, 0x5, 0xffff}, {0xb, 0xe5f, 0x0, 0x7, 0x8001, 0x6, 0x80000001}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0x400}, {0x2, 0x1, 0x4, 0x6, 0x4, 0x4, 0x3}, {0x1, 0x8d3d, 0x6, 0x9, 0x3ff, 0x1, 0x3}]}) 6m16.943715054s ago: executing program 32 (id=860): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000780)={0x7, 0x0, [{0x4, 0xffffffff, 0x1, 0x7, 0x6, 0x6, 0x2}, {0x40000000, 0x4, 0x0, 0x7fff, 0x27, 0x7, 0x5}, {0x7, 0x8, 0x0, 0x2, 0x5, 0x5, 0xffff}, {0xb, 0xe5f, 0x0, 0x7, 0x8001, 0x6, 0x80000001}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0x400}, {0x2, 0x1, 0x4, 0x6, 0x4, 0x4, 0x3}, {0x1, 0x8d3d, 0x6, 0x9, 0x3ff, 0x1, 0x3}]}) 3m56.429549152s ago: executing program 1 (id=2837): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) unshare(0x2c020400) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m56.328343029s ago: executing program 1 (id=2838): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x2}) 3m56.327936969s ago: executing program 1 (id=2840): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x80) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000210000000000000000000000000a6c000000160a3f360000000000000000020000000900010073797a30000000004000038008000240000000002c0003801400010076657468305f746f5f626f6e64000000140001007665746830000000000000000000000008000140000000000900020073797a300000000014000000110001"], 0x94}}, 0x8000) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000170a0101"], 0x14}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000) read(r0, &(0x7f0000000400)=""/96, 0x60) 3m56.250072057s ago: executing program 1 (id=2841): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x103011, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) 3m56.249558813s ago: executing program 1 (id=2842): mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f00000001c0)={@hyper}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f00000000c0)={&(0x7f0000000f00)=[0x2, 0xe0, 0x20400000, 0xff, 0x7, 0x2, 0x9, 0x5, 0x80, 0x4, 0x2, 0x0, 0x5, 0x3a4d, 0x2800, 0x486, 0x5, 0x5a, 0x7, 0x7, 0xfffffff9, 0x4, 0x2, 0x0, 0xfff, 0x9, 0xffff0001, 0x3, 0x4, 0xb9b2, 0x441, 0x6, 0x3, 0x7, 0x8, 0xfffffff8, 0x0, 0xfffffffe, 0x9, 0x8, 0x3, 0x2, 0x1ff, 0x9, 0x2, 0x8, 0x1000, 0x7, 0x1, 0x5, 0x1, 0xf91, 0x0, 0x9, 0x9, 0x7, 0xb, 0x7, 0x7, 0x8000, 0xb80, 0x4, 0x9f, 0x1, 0x5, 0xc41, 0x8, 0x2, 0x1ff, 0x5, 0x7, 0xff76, 0x4, 0xf, 0x6, 0x7, 0x8, 0x3, 0x4, 0x6, 0x4, 0x7fffffff, 0x3, 0x47, 0x7, 0x8, 0x101, 0xfffff046, 0x9, 0x400, 0xfffffffa, 0x5, 0x0, 0x6, 0x4, 0x7, 0x36, 0x157, 0x7d1, 0x8b96, 0xf, 0x20005, 0x0, 0x7, 0x6, 0x2, 0x8, 0x925, 0x4, 0x9, 0x7, 0xb, 0x5a17cff6, 0x0, 0xb6, 0x2, 0x3, 0x2, 0x7f, 0xffffff7f, 0x7, 0x10000, 0x3, 0x1c2a, 0x3ff, 0x0, 0x10, 0x7f, 0x6, 0x3, 0x14, 0x80, 0x7, 0x4, 0x2, 0x0, 0x2f6, 0x5, 0x9, 0xa7, 0x0, 0x9, 0xc, 0x40, 0x8000006, 0x200, 0x1, 0x2, 0x1, 0x401, 0xaa0, 0x2, 0x6, 0x9, 0x400, 0xe, 0x0, 0xfffeffff, 0x5, 0x7fffffff, 0x7ff6, 0x3, 0x1, 0x4, 0x7, 0x400, 0x0, 0x6, 0x6, 0x101, 0x2, 0x5, 0xfffffff8, 0x3, 0x7fff, 0x6d, 0x7, 0x1, 0x8, 0x6, 0x10001, 0x0, 0xffffffff, 0x8, 0xd, 0x2, 0x200, 0x7bd, 0xa2, 0x2, 0x7, 0x9, 0x6, 0x2, 0x4ec, 0x3, 0x401, 0x5, 0xb, 0x1, 0x948, 0x7, 0x8001, 0xff, 0x200, 0xb67, 0x6, 0x5b, 0x2, 0x1, 0x8, 0x6, 0x2, 0x2, 0x1, 0x10, 0x7f, 0xa07, 0xc0bf, 0x40, 0xa4f, 0x8, 0x8001, 0x8, 0x6, 0x10000, 0x1000, 0x8, 0x1, 0x6, 0xab5, 0x4, 0x9da, 0x800000, 0x7, 0x4, 0xf8, 0x7, 0x7fffffff, 0xfffeffff, 0x401, 0x1, 0x101, 0x2, 0x3, 0xe, 0x6, 0x9, 0x401, 0x7, 0x0, 0x7, 0xfffffffc, 0x5, 0x4, 0x8, 0x3f39, 0xbaa, 0x2, 0x6, 0xcb7, 0x4, 0x8, 0x7f, 0x53b, 0xc, 0x1, 0x2, 0x8, 0xc, 0xfffffff8, 0x0, 0x2, 0x3, 0x5, 0x3, 0x400, 0x6b, 0x7ae, 0x1, 0x6f0, 0xffff, 0x7, 0x9, 0x4, 0xfff, 0x2, 0x7f, 0x3, 0x6, 0x544040be, 0x2, 0xc, 0x8, 0x9, 0x8, 0x7, 0x10001, 0xff, 0x7, 0x10000, 0x2, 0x818, 0x4, 0x3, 0x5af, 0x2, 0x5, 0x7, 0x2, 0xd, 0x2, 0x8d, 0xb8c5, 0xfffffffe, 0x202, 0x3, 0x2, 0xa0, 0x9, 0x7, 0x1, 0x4000000, 0xffffffff, 0x4, 0x40, 0x0, 0x1, 0x7, 0x6, 0x4, 0x8, 0x5, 0x6, 0x8, 0x8, 0x1, 0x5, 0x3, 0x9, 0xb1, 0x5, 0x7, 0xe, 0x9, 0x100, 0x3, 0x5, 0x6, 0x7, 0x2, 0x3, 0xec, 0x5, 0x7, 0xff, 0x5, 0x0, 0x9cf, 0xaef8, 0xffff, 0x5, 0x1, 0x5, 0xc, 0x18a, 0xc, 0x0, 0x0, 0x6, 0x7, 0x4, 0xf2ed, 0x6, 0x4, 0x1, 0x7, 0x5, 0x8, 0x10000, 0xb, 0x9, 0xec852fda, 0x2, 0x9, 0x2, 0x3620, 0x9, 0x3, 0x3, 0x7, 0x74, 0x0, 0x9, 0x0, 0x2, 0x7, 0x8, 0x3, 0x5, 0x21000000, 0x4, 0x5, 0x9, 0x356d28dc, 0x8, 0x999, 0x6, 0x24, 0x6, 0x3, 0x2772, 0x4, 0x1, 0x8, 0xffff, 0x8, 0x6, 0x0, 0x8001, 0x2, 0x2, 0x101, 0x9cf, 0x10001, 0xd1, 0x0, 0x5, 0x3, 0x6, 0x40004, 0x80000001, 0x2, 0x5, 0x9, 0xe, 0xfff, 0x7, 0x10000, 0xffff, 0x7, 0x9, 0xfffffff7, 0x6, 0xa8, 0x9, 0x7ff, 0xd8a, 0x5, 0x929, 0x0, 0x8, 0xfffffffe, 0x40, 0x4, 0x2, 0x6, 0x1, 0x7, 0x7, 0x7fffffff, 0x33, 0x5, 0xa7, 0x7d8e, 0x2, 0x5, 0x4, 0x5, 0x3, 0x4, 0x1, 0x5, 0x96, 0x80, 0x8000, 0x0, 0x7, 0xfffffffc, 0x3, 0x3, 0x5, 0x0, 0x4, 0x100000, 0x6, 0x1, 0x9, 0x2, 0x4, 0x5, 0x3ff, 0x9, 0x6, 0x4, 0x5, 0x40, 0x800, 0xfffffffb, 0x5, 0x0, 0x0, 0x80, 0x6, 0x10, 0x0, 0x0, 0x3, 0x4, 0x4, 0x80000001, 0x81, 0x1, 0x0, 0x6, 0x2, 0x7, 0xff, 0x7fff, 0x7, 0x0, 0x3, 0x1, 0x3, 0xb, 0x3, 0x6c, 0xffffffff, 0x8, 0x1ff, 0x10, 0xf, 0x81, 0x292e, 0x2ac9, 0x9, 0xb42, 0x7, 0xd015, 0x3, 0xff, 0x8001, 0x6, 0x0, 0xe, 0x5, 0xfffffffb, 0x6, 0x0, 0x9, 0x5, 0x80000000, 0x6, 0xfffffffb, 0x8, 0x6, 0x3, 0xd, 0x8001, 0x100, 0xffffffa1, 0xb, 0x1, 0x25fa, 0xd4, 0x2, 0xffffffd6, 0x976, 0x7, 0x4, 0x0, 0x5, 0xff, 0x3, 0xe6, 0x74c, 0x4, 0x7, 0xb0a, 0x6, 0x862d, 0x40, 0xffffffff, 0x5, 0x5, 0xd8c, 0x9, 0x7fffffff, 0x7, 0xe11, 0x4, 0x8, 0x1ff, 0x6, 0x10, 0x8001, 0x0, 0x8, 0xffffffff, 0x40, 0xe8, 0xb, 0x2, 0x9, 0x8, 0x5, 0x5, 0x80000001, 0xe, 0x4, 0x9, 0xb, 0x1, 0x3, 0x9, 0x9, 0xa0000000, 0xc390, 0x4, 0x791, 0xfff, 0x4, 0x54f, 0x4, 0x4, 0x80, 0x6, 0xfffffe00, 0xb, 0x5, 0x4, 0x7, 0x401, 0x4, 0x2, 0x8, 0x2, 0x3, 0xfffffff7, 0x9, 0x5, 0x6, 0x6, 0x4, 0x8, 0x0, 0x6f616b2e, 0x8, 0x101, 0x1ff, 0x2, 0x0, 0x4, 0xa25, 0x7, 0x8001, 0x9, 0xdd4, 0x4, 0x9, 0x7ff, 0x9, 0xffffffff, 0x80, 0x1, 0x4, 0x7, 0xfffffff7, 0x8, 0x2f69, 0x1, 0x7, 0x766b, 0x8, 0x1, 0xb, 0x8, 0xffffce7d, 0x6, 0x2, 0xffff349c, 0x9c1, 0x2, 0x1, 0x1, 0x2, 0x52, 0x9, 0x10000, 0x5, 0x4, 0x35, 0x9, 0x9088, 0xfff, 0x8, 0xb, 0x8000, 0x7, 0x80000001, 0x8, 0x800, 0x6, 0x5, 0x6, 0xd1, 0x8, 0x8000, 0x3, 0x6, 0x4, 0x5, 0x10000, 0x5, 0x7fff, 0xff, 0x607, 0x6, 0x3, 0x4, 0x7, 0x8, 0xc0000000, 0x9, 0xf035, 0x5aa8, 0x1, 0x7, 0x3, 0x3, 0x5, 0x5, 0x2, 0x20, 0x101, 0x6, 0xb, 0x5fa5, 0x8, 0x5, 0xfffffffd, 0x7fffffff, 0x4, 0x5, 0x8, 0x1000, 0x3, 0xd, 0x3, 0x9, 0x2, 0x9a5, 0x8, 0x8, 0xff, 0x7, 0x4, 0x7fffffff, 0x4b8, 0x3, 0x5, 0x2, 0x4, 0x6, 0x40, 0x1, 0xe07, 0x8, 0x340, 0x3, 0x5, 0x1, 0x7, 0xfb3f, 0x100000, 0x3, 0x9, 0x4, 0xa, 0x100, 0x1a, 0xfffffffa, 0x7, 0x39, 0x7ff, 0xe, 0x835, 0x7, 0x1, 0x2b, 0x2, 0x1d1c, 0x10, 0x6, 0x10000, 0x7, 0x7f, 0x4, 0x5, 0x5, 0x2, 0x4, 0xffffff00, 0xee5b, 0x1, 0x1, 0x0, 0x8, 0xfffffffc, 0x29f0, 0x6, 0x8, 0x7, 0x769, 0x0, 0x4, 0xe6f, 0x3, 0xf2a, 0x6, 0x93ad, 0x5, 0x9, 0x400, 0x8000, 0x7, 0x6, 0x5, 0x80000001, 0x4, 0x9, 0x1, 0xf4, 0x100, 0x7, 0x1, 0x400, 0x401, 0x4, 0x3, 0xb, 0x7, 0x10, 0x2, 0x2, 0x7f, 0x5, 0x7f, 0x54bf, 0x10, 0xd, 0x8, 0xff, 0x73a3, 0xdc, 0x3, 0x9, 0x3, 0x3b, 0x400000, 0x4, 0x2, 0xfaea, 0x3, 0x80000001, 0x6, 0x7, 0x4, 0x4b, 0x8, 0x6, 0x2, 0xffff, 0x8, 0x8, 0x2, 0xb, 0x9, 0x7fffffff, 0x80, 0x0, 0x1, 0x2, 0x9, 0x5b40000, 0x32bb, 0x200, 0x8, 0xffffffff, 0xf3d, 0x8a, 0x4, 0x3, 0x5, 0x5, 0x81, 0x5, 0xef, 0x6, 0x6, 0xac, 0x7, 0x4, 0x64, 0x6, 0x9, 0x8, 0x3, 0x300000, 0x3, 0x0, 0x4a1, 0xcd9, 0x3e77, 0x854, 0xee8, 0x3, 0x7fffffff, 0x400, 0x5, 0x3, 0x4, 0x2, 0x2, 0x81c, 0x3ff, 0x800, 0xe7d, 0x40, 0x1ff, 0x0, 0x4, 0x3, 0x400, 0xfffffffe, 0xffffffff, 0x800, 0x41c, 0x9, 0xfffffffc, 0x800009, 0x1bcb, 0x9, 0x4, 0x2, 0xf4a, 0x8, 0x1ff, 0x3, 0x401, 0x3, 0x9, 0x7, 0x2b4, 0x91, 0x7, 0x8c, 0x1, 0xffffffff, 0x2, 0xb, 0x9, 0x7, 0x3, 0x0, 0x9, 0xb, 0x3, 0x1f, 0x8, 0x9, 0x0, 0x4, 0x0, 0x7, 0x8, 0xd3, 0x5, 0xf, 0x3, 0x8, 0x7, 0x3, 0x7ff, 0x104, 0x6, 0x5, 0x2, 0x7, 0x8, 0x6ee5, 0xfffffffb, 0x401, 0x7, 0x7fffffff, 0x1, 0x0, 0x1, 0x5, 0xc0000000, 0x1, 0x2, 0x76ac8333, 0xe, 0xff, 0x3ff, 0x66680, 0x7ff, 0x9, 0x9, 0x2, 0x230c, 0x2, 0x51c4ea0d, 0xbd, 0x9c, 0xd, 0x401, 0x0, 0x0, 0x3, 0xe6, 0x2, 0x4], 0x2, 0x400, 0x38}) 3m56.071363516s ago: executing program 1 (id=2843): r0 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400, 0x0, 0x2}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x14, 0x0, 0x701, 0x70bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x100000000000000, 0x0, 0x20004074}, 0x8010) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) 3m56.034606878s ago: executing program 33 (id=2843): r0 = io_uring_setup(0x1684, &(0x7f0000000080)={0x0, 0xcc3d, 0x400, 0x0, 0x2}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x14, 0x0, 0x701, 0x70bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x100000000000000, 0x0, 0x20004074}, 0x8010) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x11a}, 0x20) 3m11.92229245s ago: executing program 5 (id=3420): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000) write$char_usb(r1, 0x0, 0x0) 3m10.530795489s ago: executing program 5 (id=3438): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a54000000030a0fdb00000000000000000a0060050900030073797a30000000000900010073797a310000000014000480080002403cb140bb08000140000000030a000700726f757465000000080005400000000014000000110001"], 0x7c}}, 0x24000840) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)={0x14, 0x4, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x10) 3m10.450278605s ago: executing program 5 (id=3441): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r1, &(0x7f0000000100)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x12) 3m10.411142789s ago: executing program 5 (id=3442): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000001900)='.\x00', &(0x7f0000000380)='./file0/file0\x00', 0x0, 0x2a05004, 0x0) mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) 3m10.351248484s ago: executing program 5 (id=3445): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0xf, 0x4, 0x8, 0x2}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\a'], 0x10) close(0x3) close(0x4) 3m9.956937456s ago: executing program 5 (id=3453): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000c70000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r0, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xe5d, &(0x7f0000000b80)=ANY=[], 0x0) 3m9.898037976s ago: executing program 34 (id=3453): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x6, 0x5, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000c70000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000240)={r0, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xe5d, &(0x7f0000000b80)=ANY=[], 0x0) 3.848119472s ago: executing program 3 (id=6689): r0 = socket(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r0, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r0, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4) write(r0, &(0x7f0000000000)='\"', 0x1) recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) 2.107378018s ago: executing program 3 (id=6716): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x2200, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1a5}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 1.97977312s ago: executing program 3 (id=6718): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000056000100000000f70000000007020000", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x8000) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) 1.607604743s ago: executing program 4 (id=6720): r0 = socket$kcm(0x10, 0x400000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x49, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040)={0x3, 0x0, 0x8, 0xb5e}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x8, &(0x7f0000000380)=0x0) io_submit(r2, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r1, 0x0}]) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029ea69801d76ab0a272a2a788bab6c95f79725074", 0xd5}], 0x1}, 0x0) 1.367506979s ago: executing program 4 (id=6721): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x28, 0x66, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4, 0x6071, 0x0, 0xe7}}}}}}, 0x0) 1.317850916s ago: executing program 4 (id=6722): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1d19cb307b3472ab9cdb042d2", "643fcbb2c5a57df67d074af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2b}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f0000002680)=[{{0x0, 0x0, &(0x7f0000002580)=[{0x0}, {&(0x7f00000014c0)=""/4096, 0x94}], 0x2}, 0x200}], 0x1, 0x0, 0x0) 1.054729787s ago: executing program 3 (id=6727): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x4004004, &(0x7f0000000180)={0xc9, 0x4, r3, 0x1, 0x12, 0x6, @remote}, 0x14) 1.021584662s ago: executing program 3 (id=6730): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r0, 0x604ae000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000fff000/0x1000)=nil, 0x3000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffc4, 0x0, 0x0}, &(0x7f0000000100)=0x35) 951.884562ms ago: executing program 3 (id=6731): r0 = getpgid(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1200000004000000080000000280000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"], 0x50) 748.561604ms ago: executing program 6 (id=6736): bpf$PROG_LOAD(0x5, &(0x7f0000001740)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63) write$P9_RLERRORu(r0, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40) write$P9_RSTATu(r0, &(0x7f0000000540)={0xfffffffffffffec4, 0x7d, 0xa, {{0x0, 0x21a, 0x3, 0x5, {0x0, 0x1, 0x8}, 0x40000000, 0x8, 0x7, 0x8, 0x1, '\x99', 0x8f, '\x004\xbe\xa3\x98\xbbV\"T\xfd-\xa7\xfes\x1b\xae`\x94q\xad\xfd\xb9+\x9f\xd2T\xd2\xfc\xa29\xf3\xae8p<\xde6YK~\xf5H\xe1\xe9\xf1v\'\xd7i\xf2x\xbe\xed\x145vC3m:\x98\xc6G\x81\xde\r\xb2\xc9I\xf3\x19\xc0\x12H\x9b\x9a*\xe8\xd4L\xa6\xc1\x1b\xdeTp\xcdB\xbc\xba\x00M,\aZ\xd1\xbf\f\xcb\x19\x18\xad)\xb5/\x93\xf8\xe5\xf9\x15rh\xc9\xac\x02h\xce\xd4k\x13t\x03\xdf\x9c\x86\xbb\xf6\xf4\xaf\xa2\xf3\x82\xba\xc5\x97y\x17\x00\xd8\x11\xbb\xf0\xfa', 0x73, '\x17\xe0_|s/\xec\xcf\x1e|~\xf4*wIX\xbe[\a\xcd_\x12\xd4zZsV/\xa2?\xbc=\x82O\xc7\xf7\xf1\r\xd0\x06\x14\xbb\xf1\xbb\x99\xaa\xdb\xf1\xf0\xe3\xdf\x1c\x16{\"\f\x8c0\xd0I\xff\x02):9\xe7\xa6\x9e~\xa9\xa3\xf7\xaaW)\x00\x96\x1bm+\xcb\xf1\xbf\x0e\xaa\xd6|\"\xf73r+F\x10\xf2P\xcc\x1f\xd7\x7f\xfc\x0e,x\xe5\x10^\xff\xf9\x12\x00\x00\x00\x00\x00', 0xe4, '\xb1\xeb\b\x15\xa6\xa4\xbe\xbb\x7f\x17\xac\xa4\x06\xf8\xbc\xb2Cca\xac\xca\xf8d\x81\x8a\x12\x99\xf2\xc3\xa6\x19\x7f\r_%\xb5\xc0\xbc\xe7A\xef\xfbr\xab\xff\xf0\x80\xfa\xe2\xc4)5\xb8\xe5\r\x8a\xaem\x8b\x1a\a_\x01A\xeb\xee\xf2->\xf0\xe7\xb3K\xb2\xd6\xc1\x1a\x8b\xacn\xf0\x14\x884\xd3\xf5\x80\x8a\x9c2\xd2\x06\x82!\ri\xa2\xd7\xd8|I\xd1\xf3\x9b\x9b\xff\x97\x87\xbf(\x80\x90\xcc$\x9a\xba\"\xbf\x1dY@Z\xc2\x81\xa0\xd6+\xcb\x80KC\xff\x8c\bM\xd7\r\xd8g\x17-X\xbdW\xf4\\9,\xb3\x1fr(\xc2\xb6\b\xfc\x8d\xa4SC|\vl!\x135\xc6\xbf\'\xc8\xdb\xbeT\x1a{\xe6\x92V\xeb\xa1O\xa60\xda&<[\x16\xc5_\xb8\x9d\xb8O\xb9\x87\xb4\x1b\x0f\x12<\x05\xb8v\xb5\r\xb7\x8c#\xecj\x17\x149\xb2Y\x15kCs\xa0\x9bKd\xe22\xb4\xba'}, 0x7, '\x97\xfe\xef\x85z\x03\x86'}}, 0x236) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r0, 0x0) 728.805294ms ago: executing program 0 (id=6737): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x78b}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000000)=0x3) fcntl$lock(0xffffffffffffffff, 0x7, 0x0) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f00000002c0)) 672.569984ms ago: executing program 6 (id=6738): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet(0x2, 0x3, 0x33) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) getsockopt$inet_mreqsrc(r0, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) 671.052061ms ago: executing program 0 (id=6739): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000100)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x3f46137792f68265) r1 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x0) syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0xc0049364, &(0x7f00000001c0)) 581.497795ms ago: executing program 0 (id=6740): r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x0) lseek(r2, 0x101, 0x1) getdents64(r2, 0x0, 0x0) 579.769136ms ago: executing program 6 (id=6741): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x10, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000091}, 0x20000000) 507.677466ms ago: executing program 0 (id=6742): r0 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x402) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7, 0xfffffffffffffffd, 0x0, 0xffff, 0x1, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0xfffffffffffffffd], 0x30000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x25000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 485.342413ms ago: executing program 0 (id=6743): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r0 = timerfd_create(0x0, 0x0) readv(r0, &(0x7f0000000040)=[{0x0}], 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) 478.998208ms ago: executing program 4 (id=6744): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000500), 0x8, 0x0) r1 = syz_io_uring_setup(0x437d, &(0x7f0000000580)={0x0, 0x8b2, 0x13500, 0xfffffffe, 0x304}, &(0x7f0000000240), &(0x7f0000001880), &(0x7f0000000000)) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000380)={0x0, 0x79ad, 0x10000, 0x3, 0x26c}, &(0x7f0000000340), &(0x7f0000000040), &(0x7f0000000000)) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30) io_uring_register$IORING_UNREGISTER_RING_FDS(r2, 0x15, &(0x7f00000022c0)=[{0x0, 0x1, 0x0, 0x0, &(0x7f0000000340)=[0x101]}, {0x4, 0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000dc0)=""/16, 0x10}, {&(0x7f0000000840)=""/200, 0xc8}, {&(0x7f0000000940)=""/202, 0xca}, {&(0x7f0000000a40)=""/70, 0x46}], 0x0}, {0x0, 0x1, 0x0, &(0x7f0000000d80), &(0x7f0000000b00)=[0xf003, 0x5, 0xf, 0x8, 0x40]}, {0x0, 0x1, 0x0, &(0x7f0000000fc0), &(0x7f0000001000)=[0x53]}, {0x6, 0x1, 0x0, &(0x7f0000001500)=[{&(0x7f0000001040)=""/237, 0xed}, {&(0x7f0000001140)=""/189, 0xbd}, {&(0x7f0000001200)=""/110, 0x6e}, {&(0x7f0000002400)=""/208, 0xd0}, {&(0x7f0000001380)=""/182, 0xb6}, {&(0x7f0000001440)=""/186, 0xba}], &(0x7f0000001580)}, {0x4, 0x1, 0x0, &(0x7f0000001800)=[{&(0x7f0000000e00)=""/261, 0x105}, {&(0x7f00000016c0)=""/94, 0x5e}, {&(0x7f0000001740)=""/82, 0x52}, {&(0x7f00000017c0)=""/35, 0x23}], &(0x7f0000001840)=[0x2, 0x36, 0x8]}, {0x9, 0x1, 0x0, &(0x7f0000001f80)=[{&(0x7f0000001c00)}, {&(0x7f0000001a40)=""/175, 0xaf}, {&(0x7f0000001c80)=""/47, 0x2f}, {&(0x7f0000001cc0)=""/66, 0x42}, {&(0x7f00000018c0)=""/191, 0xbf}, {&(0x7f0000001c40)}, {&(0x7f0000001980)=""/184, 0xb8}, {&(0x7f0000001d40)=""/18, 0x12}, {&(0x7f0000001c00)=""/123, 0x7b}], &(0x7f0000001e40)=[0x80000000, 0xa3c8, 0x400, 0x8000000000000001]}], 0x7) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x21, &(0x7f0000000440)=r0, 0x1) 417.803721ms ago: executing program 6 (id=6745): r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r1, 0x406, r1) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0x20000002}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x20000001}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000580)={0xa0002008}) 347.411998ms ago: executing program 4 (id=6746): socket$unix(0x1, 0x1, 0x0) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x185b2000) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000040)={0x1, 0x1, 0x2, 0x4b, @vifc_lcl_addr=@private=0xa010100, @broadcast}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x40000) 346.0641ms ago: executing program 0 (id=6747): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88ce359bdb00143c, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_usb_connect$uac1(0x0, 0x9e, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 267.609584ms ago: executing program 6 (id=6748): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4000) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x3c, 0x7, 0x6, 0x201, 0x0, 0x0, {0x91f8a0d13a97bc3e, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40000) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 207.281128ms ago: executing program 6 (id=6749): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r0 = socket$inet_sctp(0x2, 0x5, 0x84) close(r0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f00000002c0)="85", 0x890c}], 0x20, &(0x7f00000000c0)=[@sndinfo={0x1c, 0x84, 0x2, {0x6, 0x4, 0x29, 0x200000e, r2}}], 0x1c, 0x2400e044}, 0x6) 0s ago: executing program 4 (id=6750): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x3, &(0x7f0000000080)=0x0) io_submit(r2, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f00000000c0)="6c2b4aeadd1f66b8083d09c4aac83db8657a", 0x12, 0x0, 0x0, 0x2}]) sendmmsg$alg(r1, &(0x7f0000003840)=[{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="972fd1ebe125a60ab6d6b3fdf725be36", 0x10}], 0x1, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x8040}], 0x1, 0x200080d0) kernel console output (not intermixed with test programs): usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 352.708058][ T39] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 352.712156][ T39] usb 11-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 352.714964][ T39] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.718933][ T39] usb 11-1: config 0 descriptor?? [ 352.743258][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 352.747917][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 352.752603][ T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 352.757718][ T10] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 352.761279][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.769521][ T10] usb 8-1: config 0 descriptor?? [ 353.136585][ T39] input: HID 0458:5013 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5013.0034/input/input60 [ 353.180854][ T10] hid_parser_main: 10 callbacks suppressed [ 353.180868][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.185044][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.187398][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.189628][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.191947][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.194201][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.196485][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.198848][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.201201][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.204198][ T10] plantronics 0003:047F:FFFF.0035: unknown main item tag 0x0 [ 353.205406][ T39] input: HID 0458:5013 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5013.0034/input/input61 [ 353.217613][ T10] plantronics 0003:047F:FFFF.0035: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 353.277109][ T39] kye 0003:0458:5013.0034: input,hiddev1,hidraw2: USB HID vff.fa Device [HID 0458:5013] on usb-dummy_hcd.6-1/input0 [ 353.334401][ T39] usb 11-1: USB disconnect, device number 10 [ 353.411701][T12729] usb 9-1: new high-speed USB device number 35 using dummy_hcd [ 353.435805][ T7833] usb 8-1: USB disconnect, device number 46 [ 353.563083][T12729] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 353.567138][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.570718][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.575110][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.578593][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.582191][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.586457][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.589909][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.593406][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.597708][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.601191][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.604710][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.608973][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.612521][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.616017][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.620270][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.623731][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.627247][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.631604][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.635115][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.638825][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.643686][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.647183][T12729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.650765][T12729] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.655099][T12729] usb 9-1: config 0 interface 0 has no altsetting 0 [ 353.659444][T12729] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 353.663136][T12729] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 353.666334][T12729] usb 9-1: Product: syz [ 353.667932][T12729] usb 9-1: Manufacturer: syz [ 353.669734][T12729] usb 9-1: SerialNumber: syz [ 353.673439][T12729] usb 9-1: config 0 descriptor?? [ 353.679507][T12729] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0 [ 353.888860][T12729] usb 9-1: USB disconnect, device number 35 [ 353.896409][T12729] yurex 9-1:0.0: USB YUREX #0 now disconnected [ 354.427281][T16080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4089'. [ 354.770844][T16104] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4099'. [ 354.981633][ T39] usb 8-1: new high-speed USB device number 47 using dummy_hcd [ 355.132319][ T39] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 355.136304][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.140165][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.144664][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.148294][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.152396][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.156776][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.160460][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.164327][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.168790][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.172684][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.176636][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.181185][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.185036][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.188635][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.193271][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.196865][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.200188][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.203564][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.206413][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.209193][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.211605][ T7833] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 355.212640][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.218401][ T39] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 355.221165][ T39] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 355.224531][ T39] usb 8-1: config 0 interface 0 has no altsetting 0 [ 355.228173][ T39] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 355.231013][ T39] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 355.233623][ T39] usb 8-1: Product: syz [ 355.234994][ T39] usb 8-1: Manufacturer: syz [ 355.236527][ T39] usb 8-1: SerialNumber: syz [ 355.239818][ T39] usb 8-1: config 0 descriptor?? [ 355.245137][ T39] yurex 8-1:0.0: USB YUREX device now attached to Yurex #0 [ 355.361626][ T7833] usb 5-1: Using ep0 maxpacket: 8 [ 355.365270][ T7833] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 355.368870][ T7833] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 355.373554][ T7833] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 355.377654][ T7833] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 355.381944][ T7833] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 355.387014][ T7833] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 355.389913][ T7833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.459479][ T5814] usb 8-1: USB disconnect, device number 47 [ 355.463155][ T5814] yurex 8-1:0.0: USB YUREX #0 now disconnected [ 355.603160][ T7833] usb 5-1: usb_control_msg returned -32 [ 355.605021][ T7833] usbtmc 5-1:16.0: can't read capabilities [ 355.955248][T16135] usbtmc 5-1:16.0: usb_control_msg returned -32 [ 355.960617][ T39] usb 5-1: USB disconnect, device number 35 [ 356.029981][T16140] vivid-003: disconnect [ 356.033291][T16139] vivid-003: reconnect [ 356.116383][T16146] 9pnet: p9_errstr2errno: server reported unknown error [ 356.621578][T12729] usb 8-1: new high-speed USB device number 48 using dummy_hcd [ 356.747714][T16196] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input62 [ 356.792801][T12729] usb 8-1: config index 0 descriptor too short (expected 45, got 36) [ 356.796974][T12729] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 356.800293][T12729] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 356.803439][T12729] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 356.807396][T12729] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 356.810214][T12729] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.814831][T12729] usb 8-1: config 0 descriptor?? [ 357.237052][T12729] plantronics 0003:047F:FFFF.0036: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 357.331187][ T5840] kernel read not supported for file /admmidi2 (pid: 5840 comm: kworker/1:4) [ 357.493589][ T39] usb 8-1: USB disconnect, device number 48 [ 358.055814][T16262] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 358.396336][T16288] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4181'. [ 358.574331][T16298] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4186'. [ 358.578110][T16298] netlink: 75 bytes leftover after parsing attributes in process `syz.4.4186'. [ 358.921639][T12729] usb 11-1: new high-speed USB device number 11 using dummy_hcd [ 359.072127][T12729] usb 11-1: too many configurations: 9, using maximum allowed: 8 [ 359.077466][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.080495][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.084377][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.087531][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.092228][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.096305][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.099616][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.103149][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.106768][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.110230][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.114064][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.117087][ T5814] kernel read not supported for file /rfkill (pid: 5814 comm: kworker/3:3) [ 359.117918][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.124561][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.127641][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.131847][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.135075][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.138114][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.142356][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.145416][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.148421][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.152586][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.157842][T12729] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 359.160781][T12729] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 359.164565][T12729] usb 11-1: config 0 interface 0 has no altsetting 0 [ 359.170673][T12729] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 359.174182][T12729] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 359.177147][T12729] usb 11-1: Product: syz [ 359.178591][T12729] usb 11-1: Manufacturer: syz [ 359.180151][T12729] usb 11-1: SerialNumber: syz [ 359.183899][T12729] usb 11-1: config 0 descriptor?? [ 359.190712][T12729] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0 [ 359.310911][T16342] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.4207'. [ 359.406422][T12729] usb 11-1: USB disconnect, device number 11 [ 359.410675][T12729] yurex 11-1:0.0: USB YUREX #0 now disconnected [ 359.751594][ T5812] usb 8-1: new high-speed USB device number 49 using dummy_hcd [ 359.902117][ T5812] usb 8-1: Using ep0 maxpacket: 8 [ 359.906533][ T5812] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 359.909268][ T5812] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 359.912527][ T5812] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 359.915699][ T5812] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 359.918844][ T5812] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 359.927985][ T5812] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 359.930911][ T5812] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.055549][T16379] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 360.097382][T16384] netlink: 'syz.6.4227': attribute type 12 has an invalid length. [ 360.099984][T16384] netlink: 'syz.6.4227': attribute type 29 has an invalid length. [ 360.102800][T16384] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4227'. [ 360.106192][T16384] netlink: 'syz.6.4227': attribute type 1 has an invalid length. [ 360.108916][T16384] netlink: 'syz.6.4227': attribute type 2 has an invalid length. [ 360.112547][T16384] netlink: 15 bytes leftover after parsing attributes in process `syz.6.4227'. [ 360.142382][ T5812] usb 8-1: GET_CAPABILITIES returned 0 [ 360.144215][ T5812] usbtmc 8-1:16.0: can't read capabilities [ 360.181923][T12729] libceph: connect (1)[c::]:6789 error -101 [ 360.184615][T12729] libceph: mon0 (1)[c::]:6789 connect error [ 360.306114][T16386] ceph: No mds server is up or the cluster is laggy [ 360.377388][T16402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4234'. [ 360.651139][T16416] tipc: Started in network mode [ 360.654978][T16416] tipc: Node identity 4, cluster identity 4711 [ 360.658408][T16416] tipc: Node number set to 4 [ 360.915573][ T5884] usb 8-1: USB disconnect, device number 49 [ 360.950187][T16440] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4252'. [ 361.014072][T16444] pim6reg1: entered promiscuous mode [ 361.015818][T16444] pim6reg1: entered allmulticast mode [ 361.197043][T16460] kernel profiling enabled (shift: 9) [ 361.341576][T16478] Invalid ELF header len 8 [ 361.404442][T16483] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4272'. [ 361.407347][T16483] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4272'. [ 361.416915][ T101] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 361.444307][ T13] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 361.447364][ T101] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 361.450170][ T101] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 361.652201][ T5812] usb 8-1: new high-speed USB device number 50 using dummy_hcd [ 361.701871][ T5814] usb 11-1: new high-speed USB device number 12 using dummy_hcd [ 361.827105][ T5812] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 361.837447][ T5812] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 361.841950][ T5812] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 361.845526][ T5812] usb 8-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00 [ 361.848927][ T5812] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.854006][ T5812] usb 8-1: config 0 descriptor?? [ 361.886016][ T5814] usb 11-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 361.889766][ T5814] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 361.893527][ T5814] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 361.896644][ T5814] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 361.900712][ T5814] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 361.904082][ T5814] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.908515][ T5814] usb 11-1: config 0 descriptor?? [ 361.943882][T12729] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 362.113392][T12729] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.117922][T12729] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.122132][T12729] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 362.125891][T12729] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.129941][T12729] usb 5-1: config 0 descriptor?? [ 362.151655][ T39] usb 9-1: new high-speed USB device number 36 using dummy_hcd [ 362.262221][ T5812] wacom 0003:056A:0010.0037: Unknown device_type for 'HID 056a:0010'. Assuming pen. [ 362.267045][ T5812] wacom 0003:056A:0010.0037: hidraw1: USB HID v0.00 Device [HID 056a:0010] on usb-dummy_hcd.3-1/input0 [ 362.271730][ T5812] input: Wacom Graphire Pen as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:056A:0010.0037/input/input63 [ 362.301586][ T39] usb 9-1: Using ep0 maxpacket: 8 [ 362.304486][ T39] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.307905][ T39] usb 9-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.310978][ T39] usb 9-1: config 0 interface 0 has no altsetting 0 [ 362.313233][ T39] usb 9-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 362.316076][ T39] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.316884][ T5814] hid_parser_main: 20 callbacks suppressed [ 362.316902][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.322979][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.324376][ T39] usb 9-1: config 0 descriptor?? [ 362.325335][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.329105][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.331596][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.334036][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.336453][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.338837][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.341283][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.344557][ T5814] plantronics 0003:047F:FFFF.0038: unknown main item tag 0x0 [ 362.351590][ T5814] plantronics 0003:047F:FFFF.0038: hiddev0,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 362.552398][T12729] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0D8C:0022.0039/input/input66 [ 362.575352][T12729] cm6533_jd 0003:0D8C:0022.0039: input,hiddev1,hidraw3: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 362.580329][ T5884] usb 11-1: USB disconnect, device number 12 [ 362.749930][T12729] usb 5-1: USB disconnect, device number 36 [ 362.757063][ T39] mcp2221 0003:04D8:00DD.003A: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 362.962758][ T5814] usb 9-1: USB disconnect, device number 36 [ 363.385269][T16532] sctp: [Deprecated]: syz.6.4294 (pid 16532) Use of struct sctp_assoc_value in delayed_ack socket option. [ 363.385269][T16532] Use struct sctp_sack_info instead [ 363.392915][T16532] sctp: [Deprecated]: syz.6.4294 (pid 16532) Use of struct sctp_assoc_value in delayed_ack socket option. [ 363.392915][T16532] Use struct sctp_sack_info instead [ 363.525484][T16539] syzkaller1: entered promiscuous mode [ 363.527320][T16539] syzkaller1: entered allmulticast mode [ 363.592981][T16547] vlan3: entered allmulticast mode [ 363.594804][T16547] gretap0: entered allmulticast mode [ 363.750379][T16566] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4310'. [ 364.241656][ T5814] usb 11-1: new high-speed USB device number 13 using dummy_hcd [ 364.401630][ T5814] usb 11-1: Using ep0 maxpacket: 8 [ 364.405504][ T5814] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 364.408331][ T5814] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 364.411453][ T5814] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 364.414564][ T39] usb 8-1: USB disconnect, device number 50 [ 364.418213][ T5814] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 364.422307][ T5814] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 364.427827][ T5814] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 364.431650][ T5814] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.663470][ T5814] usb 11-1: usb_control_msg returned -32 [ 364.665324][ T5814] usbtmc 11-1:16.0: can't read capabilities [ 365.014194][T16626] usbtmc 11-1:16.0: usb_control_msg returned -32 [ 365.017187][ T5814] usb 11-1: USB disconnect, device number 13 [ 365.840103][T16674] loop2: detected capacity change from 0 to 7 [ 365.844016][T16674] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 365.846284][T16674] loop2: partition table partially beyond EOD, truncated [ 365.849236][T16674] loop2: p1 size 1898597519 extends beyond EOD, truncated [ 365.883236][T13548] udevd[13548]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 365.910944][T16689] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4367'. [ 366.085102][T16710] netlink: 'syz.3.4378': attribute type 2 has an invalid length. [ 366.105739][T16710] ‚#{6c: entered promiscuous mode [ 366.110145][T16710] netlink: 'syz.3.4378': attribute type 2 has an invalid length. [ 366.121004][T16710] ‚#{6c: left promiscuous mode [ 366.162379][T16716] netlink: 208 bytes leftover after parsing attributes in process `syz.3.4378'. [ 366.351604][ T5814] usb 11-1: new high-speed USB device number 14 using dummy_hcd [ 366.511609][ T5814] usb 11-1: Using ep0 maxpacket: 32 [ 366.514578][ T5814] usb 11-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 366.517464][ T5814] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.521185][ T5814] usb 11-1: config 0 descriptor?? [ 366.537694][ T5814] as10x_usb: device has been detected [ 366.542102][ T5814] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 366.555116][ T5814] usb 11-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 366.583744][ T5814] as10x_usb: error during firmware upload part1 [ 366.586026][ T5814] Registered device nBox DVB-T Dongle [ 366.729481][ T5812] usb 11-1: USB disconnect, device number 14 [ 367.341886][ T5812] Unregistered device nBox DVB-T Dongle [ 367.342750][ T5812] as10x_usb: device has been disconnected [ 367.465980][ T5747] Bluetooth: hci4: sending frame failed (-49) [ 367.472307][ T5096] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 367.831605][ T5812] usb 8-1: new high-speed USB device number 51 using dummy_hcd [ 368.004036][ T5812] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.009629][ T5812] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.013487][ T5812] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 368.017466][ T5812] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.025279][ T5812] usb 8-1: config 0 descriptor?? [ 368.101360][ T5747] Bluetooth: hci4: sending frame failed (-49) [ 368.106243][ T5096] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 368.175779][T16767] sctp: [Deprecated]: syz.0.4402 (pid 16767) Use of struct sctp_assoc_value in delayed_ack socket option. [ 368.175779][T16767] Use struct sctp_sack_info instead [ 368.181291][T16767] sctp: [Deprecated]: syz.0.4402 (pid 16767) Use of struct sctp_assoc_value in delayed_ack socket option. [ 368.181291][T16767] Use struct sctp_sack_info instead [ 368.446992][ T5812] hid_parser_main: 12 callbacks suppressed [ 368.447006][ T5812] cm6533_jd 0003:0D8C:0022.003B: unknown main item tag 0x0 [ 368.451265][ T5812] cm6533_jd 0003:0D8C:0022.003B: unknown main item tag 0x0 [ 368.456090][ T5812] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:0D8C:0022.003B/input/input67 [ 368.483286][ T5812] cm6533_jd 0003:0D8C:0022.003B: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 368.641912][ T5884] usb 8-1: USB disconnect, device number 51 [ 368.811284][T16788] sctp: [Deprecated]: syz.4.4411 (pid 16788) Use of struct sctp_assoc_value in delayed_ack socket option. [ 368.811284][T16788] Use struct sctp_sack_info instead [ 368.818534][T16788] sctp: [Deprecated]: syz.4.4411 (pid 16788) Use of struct sctp_assoc_value in delayed_ack socket option. [ 368.818534][T16788] Use struct sctp_sack_info instead [ 369.161637][ T40] kauditd_printk_skb: 259 callbacks suppressed [ 369.161653][ T40] audit: type=1326 audit(1778373476.826:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16802 comm="syz.6.4418" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff2fcc code=0x0 [ 369.227188][T16814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4422'. [ 370.192464][T16839] pim6reg1: entered promiscuous mode [ 370.194425][T16839] pim6reg1: entered allmulticast mode [ 370.199529][T16839] pim6reg1: tun_chr_ioctl cmd 1074025677 [ 370.201381][T16839] pim6reg1: Linktype set failed because interface is up [ 370.262386][ T5884] usb 9-1: new high-speed USB device number 37 using dummy_hcd [ 370.351857][ T5812] usb 11-1: new high-speed USB device number 15 using dummy_hcd [ 370.421888][ T5884] usb 9-1: Using ep0 maxpacket: 8 [ 370.424931][ T5884] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 370.428301][ T5884] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 370.432774][ T5884] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 370.435963][ T5884] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 370.439220][ T5884] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 370.443538][ T5884] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 370.446631][ T5884] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.524333][ T5812] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.528046][ T5812] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.531283][ T5812] usb 11-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 370.534331][ T5812] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.539668][ T5812] usb 11-1: config 0 descriptor?? [ 370.661624][ T5884] usb 9-1: usb_control_msg returned -32 [ 370.664540][ T5884] usbtmc 9-1:16.0: can't read capabilities [ 370.721727][T12729] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 370.881703][T12729] usb 5-1: Using ep0 maxpacket: 32 [ 370.884876][T12729] usb 5-1: config 4 has an invalid interface number: 201 but max is 0 [ 370.887697][T12729] usb 5-1: config 4 has no interface number 0 [ 370.889841][T12729] usb 5-1: config 4 interface 201 has no altsetting 0 [ 370.894102][T12729] usb 5-1: New USB device found, idVendor=47ed, idProduct=31ab, bcdDevice=a6.55 [ 370.897071][T12729] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.899648][T12729] usb 5-1: Product: syz [ 370.901003][T12729] usb 5-1: Manufacturer: syz [ 370.902576][T12729] usb 5-1: SerialNumber: syz [ 370.942865][T16859] syz.3.4442 (16859): drop_caches: 1 [ 370.956313][ T5812] cm6533_jd 0003:0D8C:0022.003C: unknown main item tag 0x0 [ 370.959644][ T5812] cm6533_jd 0003:0D8C:0022.003C: unknown main item tag 0x0 [ 370.965412][ T5812] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0D8C:0022.003C/input/input68 [ 370.978806][ T5812] cm6533_jd 0003:0D8C:0022.003C: input,hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0 [ 371.018452][T16863] usbtmc 9-1:16.0: INITIATE_CLEAR returned 0 [ 371.041146][T16859] syz.3.4442 (16859): drop_caches: 1 [ 371.123868][T12729] usb 5-1: USB disconnect, device number 37 [ 371.158880][ T5812] usb 11-1: USB disconnect, device number 15 [ 371.238131][ T5884] usb 9-1: USB disconnect, device number 37 [ 372.277311][T16911] veth3: entered allmulticast mode [ 373.315175][T16947] hsr0: entered promiscuous mode [ 373.333265][ T5096] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 373.333874][ T5747] Bluetooth: hci4: command 0x1003 tx timeout [ 373.418254][T16952] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4480'. [ 373.656295][ T40] audit: type=1326 audit(1778373481.326:1265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16963 comm="syz.4.4487" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6fdefcc code=0x0 [ 373.724694][T16969] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 374.168326][T16983] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 374.228165][T16986] input: syz1 as /devices/virtual/input/input69 [ 374.230320][T16986] input: failed to attach handler leds to device input69, error: -6 [ 374.653237][ T5882] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 374.821766][ T5882] usb 5-1: Using ep0 maxpacket: 8 [ 374.825846][ T5882] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 374.829133][ T5882] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 374.832998][ T5882] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 374.836962][ T5882] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 374.840828][ T5882] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 374.846142][ T5882] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 374.849847][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.064072][ T5882] usb 5-1: usb_control_msg returned -32 [ 375.066003][ T5882] usbtmc 5-1:16.0: can't read capabilities [ 375.318669][T16996] usbtmc 5-1:16.0: INITIATE_ABORT_BULK_IN returned 0 [ 375.412550][T17027] netlink: 'syz.6.4509': attribute type 1 has an invalid length. [ 375.431381][T17027] bond1: entered promiscuous mode [ 375.435185][T17027] 8021q: adding VLAN 0 to HW filter on device bond1 [ 375.540398][ T7833] usb 5-1: USB disconnect, device number 38 [ 375.919540][T17041] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4514'. [ 376.191595][ T7833] usb 8-1: new full-speed USB device number 52 using dummy_hcd [ 376.386406][ T7833] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 376.392827][ T7833] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 376.400771][ T7833] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 376.407141][ T7833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.634220][ T7833] usb 8-1: usb_control_msg returned -32 [ 376.636306][ T7833] usbtmc 8-1:16.0: can't read capabilities [ 376.697144][T17074] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.4527'. [ 376.758617][T17076] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 376.765327][T17076] bond2: (slave lo): Enslaving as an active interface with an up link [ 376.774261][T17076] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 376.811261][T17081] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4530'. [ 376.988194][T17096] usbtmc 8-1:16.0: usbtmc_ioctl_request failed -32 [ 376.993650][ T39] usb 8-1: USB disconnect, device number 52 [ 377.100063][T17098] syzkaller1: entered promiscuous mode [ 377.102258][T17098] syzkaller1: entered allmulticast mode [ 377.147021][ T40] audit: type=1326 audit(1778373484.816:1266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17104 comm="syz.0.4539" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff8fcc code=0x0 [ 378.215063][T17130] macvlan2: entered promiscuous mode [ 378.216853][T17130] dummy0: entered promiscuous mode [ 378.218795][T17130] macvlan2: entered allmulticast mode [ 378.220538][T17130] dummy0: entered allmulticast mode [ 378.360995][T17141] netlink: 'syz.4.4552': attribute type 1 has an invalid length. [ 378.372414][T17141] bond0: entered promiscuous mode [ 378.394071][T17141] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.510952][T17154] input: syz0 as /devices/virtual/input/input70 [ 378.998885][T17174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4563'. [ 379.951606][ T5882] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 380.111721][ T5882] usb 5-1: Using ep0 maxpacket: 32 [ 380.115348][ T5882] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 380.118427][ T5882] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 380.121258][ T5882] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 380.124337][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 380.127369][ T5882] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 380.130414][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 380.134687][ T5882] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 380.137539][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.143577][ T7833] libceph: connect (1)[c::]:6789 error -101 [ 380.143945][ T5882] usb 5-1: config 0 descriptor?? [ 380.149898][ T7833] libceph: mon0 (1)[c::]:6789 connect error [ 380.201323][ T5821] libceph: connect (1)[c::]:6789 error -101 [ 380.204122][ T5821] libceph: mon0 (1)[c::]:6789 connect error [ 380.281573][ T5884] usb 11-1: new high-speed USB device number 16 using dummy_hcd [ 380.354233][ T5882] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 39 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 380.423656][ T7833] libceph: connect (1)[c::]:6789 error -101 [ 380.425617][ T7833] libceph: mon0 (1)[c::]:6789 connect error [ 380.441584][ T5884] usb 11-1: Using ep0 maxpacket: 8 [ 380.444529][ T5884] usb 11-1: config index 0 descriptor too short (expected 301, got 45) [ 380.447213][ T5884] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 380.450795][ T5884] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 380.454276][ T5884] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 380.458128][ T5884] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 380.461997][ T5821] libceph: connect (1)[c::]:6789 error -101 [ 380.464795][ T5821] libceph: mon0 (1)[c::]:6789 connect error [ 380.466123][ T5884] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 380.469597][ T5884] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.554893][ T5821] usb 5-1: USB disconnect, device number 39 [ 380.562499][ T5821] usblp0: removed [ 380.677562][ T5884] usb 11-1: usb_control_msg returned -32 [ 380.679626][ T5884] usbtmc 11-1:16.0: can't read capabilities [ 380.932066][ T5821] libceph: connect (1)[c::]:6789 error -101 [ 380.934230][ T5821] libceph: mon0 (1)[c::]:6789 connect error [ 380.964036][T17218] ceph: No mds server is up or the cluster is laggy [ 380.965546][T17223] ceph: No mds server is up or the cluster is laggy [ 380.974602][ T5821] libceph: connect (1)[c::]:6789 error -101 [ 380.980148][ T5821] libceph: mon0 (1)[c::]:6789 connect error [ 381.387404][T17241] usbtmc 11-1:16.0: CHECK_CLEAR_STATUS returned 3 [ 381.589588][ T5884] usb 11-1: USB disconnect, device number 16 [ 382.002728][T17251] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.4593'. [ 382.084940][T17257] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 382.207490][ T40] audit: type=1326 audit(1778373489.876:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17271 comm="syz.0.4602" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff8fcc code=0x0 [ 382.380493][ T40] audit: type=1326 audit(1778373490.046:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.6.4605" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff2fcc code=0x0 [ 383.186284][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 383.201769][ T5884] usb 9-1: new high-speed USB device number 38 using dummy_hcd [ 383.361607][ T5884] usb 9-1: Using ep0 maxpacket: 32 [ 383.366176][ T5884] usb 9-1: config 4 has an invalid interface number: 201 but max is 0 [ 383.369763][ T5884] usb 9-1: config 4 has no interface number 0 [ 383.372577][ T5884] usb 9-1: config 4 interface 201 has no altsetting 0 [ 383.377741][ T5884] usb 9-1: New USB device found, idVendor=47ed, idProduct=31ab, bcdDevice=a6.55 [ 383.381677][ T5884] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.384974][ T5884] usb 9-1: Product: syz [ 383.386894][ T5884] usb 9-1: Manufacturer: syz [ 383.388935][ T5884] usb 9-1: SerialNumber: syz [ 383.604107][ T5884] usb 9-1: USB disconnect, device number 38 [ 384.184476][T17331] macvlan0: entered promiscuous mode [ 384.186215][T17331] dummy0: entered promiscuous mode [ 384.188118][T17331] macvlan0: entered allmulticast mode [ 384.189848][T17331] dummy0: entered allmulticast mode [ 384.219507][T17334] input: syz0 as /devices/virtual/input/input71 [ 384.505714][ T5884] usb 5-1: new full-speed USB device number 40 using dummy_hcd [ 384.591614][ T39] usb 9-1: new high-speed USB device number 39 using dummy_hcd [ 384.641636][ T5882] usb 8-1: new high-speed USB device number 53 using dummy_hcd [ 384.684773][ T5884] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 384.706969][ T5884] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 384.716618][ T5884] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 384.719455][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.743715][ T39] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 384.748266][ T39] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 384.759831][ T39] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 384.763963][ T39] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.769694][ T39] usb 9-1: config 0 descriptor?? [ 384.781039][ T7833] libceph: connect (1)[c::]:6789 error -101 [ 384.783318][ T7833] libceph: mon0 (1)[c::]:6789 connect error [ 384.815153][ T5882] usb 8-1: Using ep0 maxpacket: 32 [ 384.818904][ T5882] usb 8-1: config 4 has an invalid interface number: 201 but max is 0 [ 384.821621][ T5882] usb 8-1: config 4 has no interface number 0 [ 384.823595][ T5882] usb 8-1: config 4 interface 201 has no altsetting 0 [ 384.827336][ T5882] usb 8-1: New USB device found, idVendor=47ed, idProduct=31ab, bcdDevice=a6.55 [ 384.830347][ T5882] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.832113][ T39] libceph: connect (1)[c::]:6789 error -101 [ 384.833388][ T5882] usb 8-1: Product: syz [ 384.835083][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 384.836354][ T5882] usb 8-1: Manufacturer: syz [ 384.839921][ T5882] usb 8-1: SerialNumber: syz [ 384.936725][ T5884] usb 5-1: usb_control_msg returned -32 [ 384.938580][ T5884] usbtmc 5-1:16.0: can't read capabilities [ 385.051253][ T5882] usb 8-1: USB disconnect, device number 53 [ 385.052197][ T7833] libceph: connect (1)[c::]:6789 error -101 [ 385.055415][ T7833] libceph: mon0 (1)[c::]:6789 connect error [ 385.092415][ T39] libceph: connect (1)[c::]:6789 error -101 [ 385.095063][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 385.290335][T17362] usbtmc 5-1:16.0: usbtmc_ioctl_request failed -32 [ 385.294488][ T5882] usb 5-1: USB disconnect, device number 40 [ 385.561974][ T7833] libceph: connect (1)[c::]:6789 error -101 [ 385.564966][ T7833] libceph: mon0 (1)[c::]:6789 connect error [ 385.585250][T17364] netlink: 51 bytes leftover after parsing attributes in process `syz.3.4634'. [ 385.601819][ T39] libceph: connect (1)[c::]:6789 error -101 [ 385.604180][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 385.611859][T17355] ceph: No mds server is up or the cluster is laggy [ 385.612034][T17358] ceph: No mds server is up or the cluster is laggy [ 385.713877][T17372] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4637'. [ 385.723911][T17374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 385.727851][T17374] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.191666][T12729] usb 11-1: new high-speed USB device number 17 using dummy_hcd [ 386.352958][T12729] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.356708][T12729] usb 11-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 386.359811][T12729] usb 11-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 386.363467][T12729] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.367433][T12729] usb 11-1: config 0 descriptor?? [ 387.412004][ T39] usb 8-1: new high-speed USB device number 54 using dummy_hcd [ 387.561722][ T39] usb 8-1: Using ep0 maxpacket: 8 [ 387.565041][ T39] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 387.568207][ T39] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 387.580181][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 387.592903][ T39] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 387.601074][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 387.606145][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 387.609831][ T39] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 387.614496][ T39] usb 8-1: config 168 interface 0 has no altsetting 0 [ 387.617498][ T39] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 387.617802][T17456] input: syz1 as /devices/virtual/input/input72 [ 387.620022][ T39] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 387.629870][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 387.633754][ T39] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 387.638080][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 387.641974][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 387.645786][ T39] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 387.650180][ T39] usb 8-1: config 168 interface 0 has no altsetting 0 [ 387.653605][ T39] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 387.668036][ T39] usb 8-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 387.672865][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 387.676425][ T39] usb 8-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 387.680769][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 387.685106][ T39] usb 8-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 387.689359][ T39] usb 8-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 387.693785][ T39] usb 8-1: config 168 interface 0 has no altsetting 0 [ 387.698319][ T39] usb 8-1: string descriptor 0 read error: -22 [ 387.700772][ T39] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 387.704236][ T39] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.714742][ T39] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 387.969319][ T5882] usb 8-1: USB disconnect, device number 54 [ 388.061655][ T5840] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 388.213271][ T5840] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 388.217970][ T5840] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 388.231641][ T5840] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 388.234846][ T5840] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.239472][ T5840] usb 5-1: config 0 descriptor?? [ 390.155959][T17528] netlink: 'syz.4.4697': attribute type 1 has an invalid length. [ 390.158486][T17528] netlink: 'syz.4.4697': attribute type 4 has an invalid length. [ 390.160943][T17528] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.4697'. [ 390.780121][T17534] bridge0: port 1(syz_tun) entered blocking state [ 390.783012][T17534] bridge0: port 1(syz_tun) entered listening state [ 390.792737][T17534] 8021q: adding VLAN 0 to HW filter on device team0 [ 390.803130][T17534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 390.839201][T17534] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 390.843642][T17534] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 390.855424][T17534] veth1_macvtap: left promiscuous mode [ 390.858790][T17534] veth0_macvtap: left promiscuous mode [ 390.862149][T17534] veth0_macvtap: entered promiscuous mode [ 390.865471][T17534] veth1_macvtap: entered promiscuous mode [ 390.877107][T17534] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 390.881112][T17534] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 390.885127][T17534] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 390.889031][T17534] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 390.897019][T17534] 8021q: adding VLAN 0 to HW filter on device bond1 [ 390.933087][ T58] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.936900][ T58] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.940794][ T58] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.945480][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.951638][ T58] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.955513][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.959324][ T58] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 390.963277][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.266924][T17552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.269981][T17552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.495186][T17561] A link change request failed with some changes committed already. Interface sit1 may have been left with an inconsistent configuration, please check. [ 391.614438][T17571] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 391.723469][T17574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4717'. [ 391.934784][T13548] udevd[13548]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 392.032077][T17585] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4720'. [ 392.256612][T17601] binder: 17598:17601 ioctl c0306201 800003c0 returned -14 [ 392.256937][T17603] input: syz0 as /devices/virtual/input/input73 [ 392.300735][T17605] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.304570][T17605] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 392.650399][T17620] kvm: user requested TSC rate below hardware speed [ 392.924571][ T5821] usb 8-1: new high-speed USB device number 55 using dummy_hcd [ 392.979087][T17623] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.4737'. [ 392.982371][T17623] netlink: Unknown conntrack attr (type=2304, max=9) [ 393.102310][ T5821] usb 8-1: Using ep0 maxpacket: 32 [ 393.105249][ T5821] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 393.108604][ T5821] usb 8-1: config 0 has no interfaces? [ 393.110891][ T5821] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 393.114724][ T5821] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.119611][ T5821] usb 8-1: config 0 descriptor?? [ 395.381334][ T5840] usb 8-1: USB disconnect, device number 55 [ 395.571666][T17657] input: syz1 as /devices/virtual/input/input74 [ 396.014123][T17690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4766'. [ 396.018357][T17690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4766'. [ 396.026201][T17690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4766'. [ 396.155366][T17702] netlink: 'syz.0.4772': attribute type 1 has an invalid length. [ 396.174114][T17702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.203695][T17702] bond0: (slave geneve2): making interface the new active one [ 396.207106][T17702] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 396.408585][T17716] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 396.851626][ T5840] usb 8-1: new high-speed USB device number 56 using dummy_hcd [ 397.023658][ T5840] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 397.030465][ T5840] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 397.035977][ T5840] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 397.051639][ T5840] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 397.055589][ T5840] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.060330][ T5840] usb 8-1: config 0 descriptor?? [ 397.116028][T17760] netlink: 164 bytes leftover after parsing attributes in process `syz.4.4796'. [ 397.126793][T17760] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4796'. [ 397.471927][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.478011][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.480478][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.483020][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.485740][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.488686][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.491112][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.493715][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.497108][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.499641][ T5840] plantronics 0003:047F:FFFF.003D: unknown main item tag 0x0 [ 397.510452][ T5840] plantronics 0003:047F:FFFF.003D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 397.525875][T17768] kernel read not supported for file /cpuacct.usage_percpu (pid: 17768 comm: syz.0.4799) [ 397.531766][ T40] audit: type=1800 audit(1778373505.206:1269): pid=17768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4799" name="cpuacct.usage_percpu" dev="mqueue" ino=80650 res=0 errno=0 [ 397.746635][ T39] usb 8-1: USB disconnect, device number 56 [ 397.780699][T17784] netlink: 84 bytes leftover after parsing attributes in process `syz.6.4806'. [ 397.829746][T17786] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4807'. [ 397.840390][T17786] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4807'. [ 398.720706][T17848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.726609][T17848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 398.765793][T17874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.771487][T17874] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.090474][T17888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.094907][T17888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.561705][ T5884] usb 8-1: new high-speed USB device number 57 using dummy_hcd [ 399.635983][T17916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.640112][T17916] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.655155][T17918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.659613][T17918] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.713795][ T5884] usb 8-1: unable to get BOS descriptor or descriptor too short [ 399.718322][ T5884] usb 8-1: config 129 has an invalid interface number: 135 but max is 0 [ 399.722377][ T5884] usb 8-1: config 129 has an invalid interface number: 5 but max is 0 [ 399.725739][ T5884] usb 8-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 399.729555][ T5884] usb 8-1: config 129 has no interface number 0 [ 399.732680][ T5884] usb 8-1: config 129 has no interface number 1 [ 399.735265][ T5884] usb 8-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 399.739356][ T5884] usb 8-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 399.743006][ T5884] usb 8-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 399.747040][ T5884] usb 8-1: config 129 interface 135 has no altsetting 0 [ 399.749107][ T5884] usb 8-1: config 129 interface 5 has no altsetting 0 [ 399.754075][ T5884] usb 8-1: string descriptor 0 read error: -22 [ 399.756351][ T5884] usb 8-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00 [ 399.759064][ T5884] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.771826][ T5884] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 399.774723][ T5884] usb 8-1: MIDIStreaming interface descriptor not found [ 399.809885][T17914] Set syz1 is full, maxelem 6117 reached [ 399.937650][T17928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.941772][T17928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 400.028569][ T7833] usb 8-1: USB disconnect, device number 57 [ 401.348289][T17990] tipc: Started in network mode [ 401.349999][T17990] tipc: Node identity 2007ff, cluster identity 4711 [ 401.352846][T17990] tipc: Node number set to 2099199 [ 401.539321][T17998] loop9: detected capacity change from 0 to 524287936 [ 401.765212][T18017] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.4893'. [ 401.769874][T18017] netlink: Unknown conntrack attr (0) [ 403.068569][ T40] audit: type=1326 audit(1778373510.736:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18071 comm="syz.4.4914" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6fdefcc code=0x0 [ 403.749858][T18081] netlink: 'syz.0.4916': attribute type 1 has an invalid length. [ 403.764383][T18081] bond2: entered promiscuous mode [ 403.766394][T18081] 8021q: adding VLAN 0 to HW filter on device bond2 [ 403.793133][T18081] bond2: (slave bridge1): making interface the new active one [ 403.795783][T18081] bridge1: entered promiscuous mode [ 403.798195][T18081] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 404.049230][ T10] libceph: connect (1)[c::]:6789 error -101 [ 404.053571][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 404.148632][T18113] ceph: No mds server is up or the cluster is laggy [ 404.526526][T18153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.531355][T18153] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.652763][T18164] Context (ID=0x0) not attached to queue pair (handle=0xffffffff:0x0) [ 404.732043][ T40] audit: type=1326 audit(1778373512.406:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18173 comm="syz.6.4951" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff2fcc code=0x0 [ 404.768105][T18179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4953'. [ 404.777107][T18179] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 404.818691][T18183] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4954'. [ 404.822365][T18183] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4954'. [ 405.236789][T18211] input: syz0 as /devices/virtual/input/input75 [ 405.707453][T18226] syz.6.4971 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 405.988062][T18240] input: syz0 as /devices/virtual/input/input76 [ 406.459628][T18284] input: syz0 as /devices/virtual/input/input77 [ 407.258187][ T40] audit: type=1326 audit(1778373514.926:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18310 comm="syz.3.5000" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701efcc code=0x0 [ 407.293935][T18314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.296881][T18314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.360947][T18314] Set syz1 is full, maxelem 6117 reached [ 407.565094][T18323] input: syz0 as /devices/virtual/input/input78 [ 408.177397][T18343] netlink: 'syz.3.5014': attribute type 1 has an invalid length. [ 408.179884][T18343] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5014'. [ 409.221660][T18395] netlink: 'syz.4.5033': attribute type 1 has an invalid length. [ 409.224236][T18395] netlink: 224 bytes leftover after parsing attributes in process `syz.4.5033'. [ 409.549293][T18419] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5044'. [ 409.555384][T18419] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5044'. [ 409.562911][T18419] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5044'. [ 409.763045][T18432] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 409.864268][T18451] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.879626][T18451] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.974485][T18451] Set syz1 is full, maxelem 6117 reached [ 410.235204][T18477] netlink: 'syz.4.5070': attribute type 1 has an invalid length. [ 410.246574][T18477] bond1: entered promiscuous mode [ 410.248493][T18477] 8021q: adding VLAN 0 to HW filter on device bond1 [ 410.260676][T18477] 8021q: adding VLAN 0 to HW filter on device bond1 [ 410.265864][T18477] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 410.269073][T18477] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 410.273640][T18477] bond1: (slave vcan1): making interface the new active one [ 410.275903][T18477] vcan1: entered promiscuous mode [ 410.294641][T18477] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 410.431576][ T5882] usb 8-1: new high-speed USB device number 58 using dummy_hcd [ 410.524777][T18489] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5075'. [ 410.528807][T18489] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5075'. [ 410.581597][ T5882] usb 8-1: Using ep0 maxpacket: 16 [ 410.584569][ T5882] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 410.588056][ T5882] usb 8-1: config 0 has no interface number 0 [ 410.592515][ T5882] usb 8-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 410.596130][ T5882] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.605567][T18491] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 410.607193][ T5882] usb 8-1: Product: syz [ 410.610425][ T5882] usb 8-1: Manufacturer: syz [ 410.612363][ T5882] usb 8-1: SerialNumber: syz [ 410.616299][ T5882] usb 8-1: config 0 descriptor?? [ 410.620247][ T5882] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 410.915856][ T5882] gspca_spca1528: reg_w err -71 [ 410.942353][ T5882] spca1528 8-1:0.1: probe with driver spca1528 failed with error -71 [ 410.946862][ T5882] usb 8-1: USB disconnect, device number 58 [ 411.008061][T18505] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 412.527084][T18546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 412.531104][T18546] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 412.603700][T18553] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5094'. [ 412.608573][T18553] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5094'. [ 412.611701][ T5747] Bluetooth: hci4: command 0x1003 tx timeout [ 412.613523][ T5096] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 412.858375][T18570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 412.861253][T18570] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 412.874823][T18572] netlink: 'syz.3.5102': attribute type 1 has an invalid length. [ 412.886522][T18572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 412.917758][T18572] bond0: (slave geneve2): making interface the new active one [ 412.921391][T18572] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 412.924721][T17869] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.928365][T17869] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.932989][T17869] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.936333][T17869] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.376075][T18603] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5107'. [ 413.381853][T18603] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5107'. [ 415.561724][ T50] usb 8-1: new full-speed USB device number 59 using dummy_hcd [ 415.739864][ T50] usb 8-1: unable to get BOS descriptor or descriptor too short [ 415.749396][ T50] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 415.753068][ T50] usb 8-1: can't read configurations, error -71 [ 416.354270][T18706] netlink: 'syz.4.5148': attribute type 2 has an invalid length. [ 417.256237][T18722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.259319][T18722] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.396507][T18726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.400236][T18726] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.517738][T18730] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5157'. [ 417.547874][T18734] dummy0: left allmulticast mode [ 417.552934][T18734] macvlan0: left promiscuous mode [ 417.554988][T18734] macvlan0: left allmulticast mode [ 417.561469][T18734] netlink: 'syz.0.5161': attribute type 2 has an invalid length. [ 417.565251][ T39] dummy0: left promiscuous mode [ 418.988718][T18766] netlink: 212328 bytes leftover after parsing attributes in process `syz.4.5183'. [ 419.001747][T18766] netlink: Conntrack attr has 4 unknown bytes [ 419.491397][T18787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.496541][T18787] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.535809][T18789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.540264][T18789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.573852][ T50] usb 8-1: new high-speed USB device number 61 using dummy_hcd [ 419.721730][ T50] usb 8-1: Using ep0 maxpacket: 16 [ 419.725831][ T50] usb 8-1: config 0 has no interfaces? [ 419.729165][ T50] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 419.733268][ T50] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 419.736637][ T50] usb 8-1: Manufacturer: syz [ 419.740476][ T50] usb 8-1: config 0 descriptor?? [ 420.105217][T18775] Set syz1 is full, maxelem 6117 reached [ 420.126229][T18799] netlink: 164 bytes leftover after parsing attributes in process `syz.6.5185'. [ 420.130133][T18799] netlink: 36 bytes leftover after parsing attributes in process `syz.6.5185'. [ 420.160746][ T50] usb 8-1: USB disconnect, device number 61 [ 420.712775][T18805] tipc: Started in network mode [ 420.714936][T18805] tipc: Node identity 2007ff, cluster identity 4711 [ 420.717141][T18805] tipc: Node number set to 2099199 [ 420.778649][T18812] input: syz0 as /devices/virtual/input/input79 [ 420.847802][T18818] netlink: 'syz.0.5196': attribute type 10 has an invalid length. [ 420.864879][T18818] bridge0: port 1(syz_tun) entered disabled state [ 420.869112][T18818] syz_tun: left allmulticast mode [ 420.872916][T18818] bridge0: port 1(syz_tun) entered disabled state [ 421.263344][T18841] IPv6: sit3: Disabled Multicast RS [ 421.665886][T18855] A link change request failed with some changes committed already. Interface sit1 may have been left with an inconsistent configuration, please check. [ 421.871139][T18857] netlink: 'syz.3.5220': attribute type 10 has an invalid length. [ 421.875007][T18857] syz_tun: entered promiscuous mode [ 422.239092][T18880] dummy0: left allmulticast mode [ 422.241642][T18880] dummy0: left promiscuous mode [ 422.288664][T18883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.294519][T18883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.756006][T18902] kvm: user requested TSC rate below hardware speed [ 422.850536][T18904] netlink: 'syz.6.5235': attribute type 1 has an invalid length. [ 422.868287][T18904] bond3: entered promiscuous mode [ 422.874344][T18904] 8021q: adding VLAN 0 to HW filter on device bond3 [ 422.925339][T18904] bond3: (slave bridge1): making interface the new active one [ 422.928451][T18904] bridge1: entered promiscuous mode [ 422.932201][T18904] bond3: (slave bridge1): Enslaving as an active interface with an up link [ 423.096544][T18916] overlayfs: failed to verify upper (445/file1, ino=2350, err=-116) [ 423.101196][T18916] overlayfs: failed to verify index dir 'upper' xattr [ 423.104490][T18916] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 423.233496][T18924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 423.238315][T18924] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 423.794445][T18932] netlink: 'syz.4.5246': attribute type 1 has an invalid length. [ 423.810034][T18932] bond2: entered promiscuous mode [ 423.812971][T18932] 8021q: adding VLAN 0 to HW filter on device bond2 [ 423.851370][T18932] bond2: (slave bridge1): making interface the new active one [ 423.861575][T18932] bridge1: entered promiscuous mode [ 423.868063][T18932] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 424.007523][T18941] sit1: entered allmulticast mode [ 424.194453][ T5821] kernel read not supported for file /ppp (pid: 5821 comm: kworker/2:3) [ 424.413736][T18970] netlink: 'syz.3.5261': attribute type 1 has an invalid length. [ 424.456193][T18968] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 424.460827][T18968] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.534274][T18970] bond1: entered promiscuous mode [ 424.537418][T18970] 8021q: adding VLAN 0 to HW filter on device bond1 [ 424.572816][T18971] bond1: (slave bridge1): making interface the new active one [ 424.576211][T18971] bridge1: entered promiscuous mode [ 424.579478][T18971] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 425.092039][T18968] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 425.095365][T18968] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.179293][T18968] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 425.185557][T18968] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.308701][T18968] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 425.313237][T18968] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.509486][T17857] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 425.512609][T17857] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.527272][T17857] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 425.530744][T17857] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.553305][T17857] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 425.556713][T17857] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.569714][T17857] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 425.574385][T17857] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.597008][T19019] fuse: Bad value for 'fd' [ 425.612237][T19021] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5284'. [ 425.621340][T19021] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5284'. [ 426.330525][ T40] audit: type=1800 audit(1778373533.996:1273): pid=19047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5291" name="nullb0" dev="tmpfs" ino=4296 res=0 errno=0 [ 427.091500][T19064] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5299'. [ 428.277984][T19099] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.5314'. [ 429.362575][T17872] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 429.367802][T17872] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.371059][T17872] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 429.374795][T17872] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.378053][T17872] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 429.381280][T17872] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.385071][T17872] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 429.389290][T17872] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.369346][T19142] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.372086][T19142] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.419257][T19142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 430.425462][T19142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 430.464965][T17872] netdevsim netdevsim6 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.466472][T19149] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5334'. [ 430.467953][T17872] netdevsim netdevsim6 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.478591][T17872] netdevsim netdevsim6 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.481408][T17872] netdevsim netdevsim6 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.489950][T19149] hsr_slave_1 (unregistering): left promiscuous mode [ 430.505561][T17872] netdevsim netdevsim6 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.509090][T17872] netdevsim netdevsim6 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.512594][T17872] netdevsim netdevsim6 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.516076][T17872] netdevsim netdevsim6 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.620050][T19156] 8021q: adding VLAN 0 to HW filter on device bond0 [ 430.623016][T19156] 8021q: adding VLAN 0 to HW filter on device team0 [ 430.627707][T19156] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 430.644725][T19156] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 430.648133][T19156] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 430.654362][T19156] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 430.657712][T19156] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 430.661796][T19156] hsr0: left promiscuous mode [ 430.671637][T19156] 8021q: adding VLAN 0 to HW filter on device bond1 [ 430.674421][T19156] 8021q: adding VLAN 0 to HW filter on device bond2 [ 430.678681][T19156] 8021q: adding VLAN 0 to HW filter on device bond3 [ 430.691883][T19156] 8021q: adding VLAN 0 to HW filter on device eth0 [ 430.694889][T19156] 8021q: adding VLAN 0 to HW filter on device eth1 [ 430.697884][T19156] 8021q: adding VLAN 0 to HW filter on device eth2 [ 430.700878][T19156] 8021q: adding VLAN 0 to HW filter on device eth3 [ 430.706067][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.709020][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 430.715391][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.717957][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 430.730914][T17872] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 430.734059][T17872] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.739316][T17872] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 430.742676][T17872] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.745595][T17872] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 430.748407][T17872] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.767513][T17872] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 430.770455][T17872] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.067089][T19163] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5341'. [ 431.070126][T19163] netlink: 'syz.6.5341': attribute type 7 has an invalid length. [ 431.072749][T19163] netlink: 'syz.6.5341': attribute type 8 has an invalid length. [ 431.075360][T19163] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5341'. [ 431.133350][T19167] netlink: 'syz.6.5343': attribute type 1 has an invalid length. [ 431.168899][T19167] 8021q: adding VLAN 0 to HW filter on device bond5 [ 431.174442][T19167] bond4: (slave bond5): making interface the new active one [ 431.181939][T19167] bond4: (slave bond5): Enslaving as an active interface with an up link [ 431.431825][T19184] 9p: Bad value for 'rfdno' [ 431.712525][ T1127] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 431.714719][ T1127] ata1: failed to read log page 10h (errno=-5) [ 431.716681][ T1127] ata1.00: exception Emask 0x1 SAct 0x2000 SErr 0x0 action 0x0 [ 431.719141][ T1127] ata1.00: irq_stat 0x40000000 [ 431.720804][ T1127] ata1.00: failed command: WRITE FPDMA QUEUED [ 431.723839][ T1127] ata1.00: cmd 61/30:68:3e:11:10/00:00:00:00:00/40 tag 13 ncq dma 24576 out [ 431.723839][ T1127] res 50/04:00:00:00:00/00:00:00:00:00/a0 Emask 0x1 (device error) [ 431.730166][ T1127] ata1.00: status: { DRDY } [ 431.731978][ T1127] ata1.00: error: { ABRT } [ 431.734210][ T1127] ata1.00: configured for UDMA/100 [ 431.736082][ T1127] ata1: EH complete [ 432.209825][T19211] 9p: Bad value for 'rfdno' [ 433.058665][T19248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5376'. [ 433.748012][T19290] netlink: 212348 bytes leftover after parsing attributes in process `syz.6.5393'. [ 434.026228][T19310] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5402'. [ 434.056623][T19310] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5402'. [ 434.140006][T19316] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5405'. [ 434.957444][T19345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5417'. [ 434.980302][T19345] vxlan1: entered promiscuous mode [ 434.985222][T17862] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 434.988130][T17862] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 434.990985][T17862] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 434.994138][T17862] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 436.443704][T19386] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.5435'. [ 437.963227][T19428] syz.4.5450 (19428) used greatest stack depth: 19456 bytes left [ 438.219042][T19446] netlink: 'syz.3.5457': attribute type 1 has an invalid length. [ 438.232130][T19446] 8021q: adding VLAN 0 to HW filter on device bond2 [ 438.256874][T19446] bond2: (slave ip6erspan0): making interface the new active one [ 438.260546][T19446] bond2: (slave ip6erspan0): Enslaving as an active interface with an up link [ 438.438173][T19466] input: syz0 as /devices/virtual/input/input80 [ 438.544348][T19471] netlink: 'syz.6.5466': attribute type 3 has an invalid length. [ 438.625506][T19475] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 439.088851][T19504] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5477'. [ 439.126724][T19506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.130861][T19506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.375637][T19518] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5486'. [ 439.587200][T19530] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5491'. [ 439.999654][T19547] fuse: Bad value for 'fd' [ 440.269388][T19555] netlink: 'syz.3.5502': attribute type 3 has an invalid length. [ 440.722996][T19578] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5510'. [ 440.771660][ T5096] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 440.774164][ T5747] Bluetooth: hci4: command 0xfc11 tx timeout [ 441.759744][T19594] overlayfs: failed to clone lowerpath [ 442.502652][T19612] overlayfs: failed to clone upperpath [ 442.726750][T19620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5528'. [ 443.799261][ T5747] Bluetooth: hci4: sending frame failed (-49) [ 443.803000][ T5096] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 444.366076][ T40] audit: type=1800 audit(1778373808.030:1274): pid=19644 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5534" name=06 dev="tmpfs" ino=5934 res=0 errno=0 [ 444.438824][T19657] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5544'. [ 444.623317][ T1430] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.059518][T19684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5554'. [ 445.065383][T19684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5554'. [ 445.669216][T19704] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5563'. [ 446.583198][T19753] bridge0: port 1(syz_tun) entered blocking state [ 446.585386][T19753] bridge0: port 1(syz_tun) entered disabled state [ 446.587573][T19753] syz_tun: entered allmulticast mode [ 446.590421][T19753] syz_tun: entered promiscuous mode [ 446.710132][T19761] fuse: fd is not a fuse device [ 446.836198][T19773] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5594'. [ 447.671937][T19793] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5602'. [ 447.816246][T19803] veth0_macvtap: Caught tx_queue_len zero misconfig [ 447.838485][T19803] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5605'. [ 447.844635][T19803] netlink: 'syz.3.5605': attribute type 4 has an invalid length. [ 447.862606][T19805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.867735][T19805] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 448.359952][T19822] fuse: Bad value for 'fd' [ 448.622629][T19838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 448.625806][T19838] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.072162][T19845] bridge0: port 1(syz_tun) entered blocking state [ 449.074776][T19845] bridge0: port 1(syz_tun) entered disabled state [ 449.077802][T19845] syz_tun: entered allmulticast mode [ 450.275059][T19901] lo: Caught tx_queue_len zero misconfig [ 450.478356][T19919] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5655'. [ 452.022154][T19978] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.089704][T19978] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.110960][T19987] loop5: detected capacity change from 0 to 7 [ 452.114674][T19987] Dev loop5: unable to read RDB block 7 [ 452.117759][T19987] loop5: unable to read partition table [ 452.119709][T19987] loop5: partition table beyond EOD, truncated [ 452.123296][T19987] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 452.166435][T19978] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.238793][T19978] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.318952][T17866] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.330900][T17866] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.354865][T20000] 9pnet: p9_errstr2errno: server reported unknown error ÿÿ [ 452.355384][T17857] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.367543][T17857] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.594127][T20027] kvm: user requested TSC rate below hardware speed [ 452.599544][T20027] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4180564684 (8361129368 ns) > initial count (6590827116 ns). Using initial count to start timer. [ 452.794851][T20038] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 452.955288][T20038] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.075825][T20038] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.320126][T20038] vlan2 (unregistering): left promiscuous mode [ 453.326545][T20038] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode [ 453.338409][T20038] bridge0: port 3(vlan2) entered disabled state [ 453.355202][T20038] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.431345][T20061] netdevsim netdevsim6 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.434839][T20061] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.479010][T17869] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.492286][T17869] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.507456][T17869] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.521068][T17869] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.556257][T20061] netdevsim netdevsim6 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.560305][T20061] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.662609][T20061] netdevsim netdevsim6 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.666896][T20061] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.760736][T20061] netdevsim netdevsim6 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 453.764965][T20061] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.802327][T20070] 9pnet: p9_errstr2errno: server reported unknown error ./file0 [ 453.878028][T17866] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.891703][T17866] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.907438][T17866] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.912380][T17866] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.924406][T17857] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.929340][T17857] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.941004][T17857] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 453.945345][T17857] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.212429][T20137] netlink: 'syz.0.5749': attribute type 4 has an invalid length. [ 455.223381][T20137] netlink: 'syz.0.5749': attribute type 4 has an invalid length. [ 455.302119][T20143] ip6gre2: entered promiscuous mode [ 455.303984][T20143] ip6gre2: entered allmulticast mode [ 455.314093][T20145] overlayfs: failed to clone lowerpath [ 455.322374][T20145] overlayfs: failed to clone upperpath [ 455.604884][T20171] syz_tun: left allmulticast mode [ 455.608175][T20171] bridge0: port 1(syz_tun) entered disabled state [ 455.634092][T20171] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 455.648001][T20171] bridge0: port 1(syz_tun) entered blocking state [ 455.651981][T20171] bridge0: port 1(syz_tun) entered disabled state [ 455.654876][T20171] syz_tun: entered allmulticast mode [ 455.659210][T20178] overlayfs: failed to clone upperpath [ 455.782903][T20190] syz_tun: left promiscuous mode [ 455.802113][T20190] team0: Port device syz_tun added [ 456.096622][T20226] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5790'. [ 456.208878][T20237] overlayfs: failed to clone upperpath [ 456.371830][T20245] 9pnet: p9_errstr2errno: server reported unknown error ÿÿÿ [ 456.517868][ T10] libceph: connect (1)[c::]:6789 error -101 [ 456.520970][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 456.569498][ T5812] libceph: connect (1)[c::]:6789 error -101 [ 456.575320][ T5812] libceph: mon0 (1)[c::]:6789 connect error [ 456.791860][ T10] libceph: connect (1)[c::]:6789 error -101 [ 456.794536][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 456.831709][ T5812] libceph: connect (1)[c::]:6789 error -101 [ 456.833741][ T5812] libceph: mon0 (1)[c::]:6789 connect error [ 457.254847][T20271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5807'. [ 457.259705][T20271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5807'. [ 457.264140][T20271] netlink: 173 bytes leftover after parsing attributes in process `syz.0.5807'. [ 457.302616][ T10] libceph: connect (1)[c::]:6789 error -101 [ 457.306417][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 457.341077][T20255] ceph: No mds server is up or the cluster is laggy [ 457.347606][ T5812] libceph: connect (1)[c::]:6789 error -101 [ 457.349892][T20258] ceph: No mds server is up or the cluster is laggy [ 457.350075][ T5812] libceph: mon0 (1)[c::]:6789 connect error [ 458.144677][T20342] team0: Port device syz_tun removed [ 458.148203][T20342] bond0: (slave geneve2): Releasing active interface [ 458.160849][T20342] bond1: (slave bridge1): Releasing backup interface [ 458.163965][T20342] bridge1: left promiscuous mode [ 458.180175][T20342] bond2: (slave ip6erspan0): Releasing active interface [ 458.197897][T17869] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.200779][T17869] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.206965][T17869] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.209973][T17869] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.234964][T20342] bridge0: port 1(syz_tun) entered blocking state [ 458.237265][T20342] bridge0: port 1(syz_tun) entered disabled state [ 458.239667][T20342] syz_tun: entered allmulticast mode [ 458.245595][T20342] syz_tun: entered promiscuous mode [ 458.328740][T20350] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5848'. [ 458.335838][T20350] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5848'. [ 459.228219][ T39] libceph: connect (1)[c::]:6789 error -101 [ 459.231293][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 459.257969][T20384] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5855'. [ 459.280563][ T34] libceph: connect (1)[b::]:6789 error -101 [ 459.285937][ T34] libceph: mon0 (1)[b::]:6789 connect error [ 459.502434][ T39] libceph: connect (1)[c::]:6789 error -101 [ 459.505072][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 459.551854][ T34] libceph: connect (1)[b::]:6789 error -101 [ 459.556672][ T34] libceph: mon0 (1)[b::]:6789 connect error [ 460.015229][ T39] libceph: connect (1)[c::]:6789 error -101 [ 460.017299][ T39] libceph: mon0 (1)[c::]:6789 connect error [ 460.054891][T20378] ceph: No mds server is up or the cluster is laggy [ 460.058616][T20387] ceph: No mds server is up or the cluster is laggy [ 460.061720][ T34] libceph: connect (1)[b::]:6789 error -101 [ 460.064749][ T34] libceph: mon0 (1)[b::]:6789 connect error [ 461.001201][T20477] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5892'. [ 461.009142][T20477] ip6gre1: entered promiscuous mode [ 461.010768][T20477] ip6gre1: entered allmulticast mode [ 461.514345][T20517] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5911'. [ 461.988379][T20540] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5922'. [ 462.116967][T20549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.120599][T20549] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.713422][ T40] audit: type=1326 audit(1778373826.380:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.722341][ T40] audit: type=1326 audit(1778373826.380:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.730591][ T40] audit: type=1326 audit(1778373826.390:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.740855][ T40] audit: type=1326 audit(1778373826.390:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.749629][ T40] audit: type=1326 audit(1778373826.390:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.758011][ T40] audit: type=1326 audit(1778373826.390:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.766350][ T40] audit: type=1326 audit(1778373826.390:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.775083][ T40] audit: type=1326 audit(1778373826.390:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.783655][ T40] audit: type=1326 audit(1778373826.390:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=61 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 462.791197][ T40] audit: type=1326 audit(1778373826.390:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20579 comm="syz.4.5938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 463.047838][ T5096] Bluetooth: hci1: unexpected event for opcode 0x204e [ 463.857656][T20642] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 464.157796][T20659] netlink: 208240 bytes leftover after parsing attributes in process `syz.6.5971'. [ 464.295417][T20669] overlayfs: failed to clone upperpath [ 464.547552][T20688] netlink: 51 bytes leftover after parsing attributes in process `syz.6.5980'. [ 464.565734][T20681] nbd4: detected capacity change from 0 to 63 [ 464.573818][T20684] block nbd4: NBD_DISCONNECT [ 464.597371][T20684] block nbd4: Disconnected due to user request. [ 464.603358][T20684] block nbd4: shutting down sockets [ 464.610335][ C1] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.614055][ C1] buffer_io_error: 4 callbacks suppressed [ 464.614067][ C1] Buffer I/O error on dev nbd4, logical block 0, async page read [ 464.621487][ C0] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.625209][ C0] Buffer I/O error on dev nbd4, logical block 1, async page read [ 464.628911][ C0] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.632732][ C0] Buffer I/O error on dev nbd4, logical block 2, async page read [ 464.635885][ C0] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.639097][ C0] Buffer I/O error on dev nbd4, logical block 3, async page read [ 464.642497][T13548] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.654290][T13548] Buffer I/O error on dev nbd4, logical block 0, async page read [ 464.657651][T13548] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.660981][T13548] Buffer I/O error on dev nbd4, logical block 1, async page read [ 464.664159][T13548] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.667852][T13548] Buffer I/O error on dev nbd4, logical block 2, async page read [ 464.671082][T13548] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.674995][T13548] Buffer I/O error on dev nbd4, logical block 3, async page read [ 464.678340][T13548] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.684866][T13548] Buffer I/O error on dev nbd4, logical block 0, async page read [ 464.688196][T13548] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 464.691866][T13548] Buffer I/O error on dev nbd4, logical block 1, async page read [ 464.698353][T13548] ldm_validate_partition_table(): Disk read failed. [ 464.704729][T13548] Dev nbd4: unable to read RDB block 0 [ 464.712056][T13548] nbd4: unable to read partition table [ 464.721255][T13548] ldm_validate_partition_table(): Disk read failed. [ 464.724574][T13548] Dev nbd4: unable to read RDB block 0 [ 464.727277][T13548] nbd4: unable to read partition table [ 465.011432][T20709] netlink: 'syz.6.5991': attribute type 1 has an invalid length. [ 465.084664][T20709] 8021q: adding VLAN 0 to HW filter on device bond6 [ 465.099237][T20716] bond6: (slave geneve2): making interface the new active one [ 465.107569][T20716] bond6: (slave geneve2): Enslaving as an active interface with an up link [ 465.119971][ T5812] hid-generic 0005:0005:5508.003E: item fetching failed at offset 0/1 [ 465.126442][ T5812] hid-generic 0005:0005:5508.003E: probe with driver hid-generic failed with error -22 [ 465.155001][T20722] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 465.159593][T20722] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 465.184927][T20722] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3) [ 465.189584][T20722] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3) [ 465.193701][T20722] overlayfs: d_ino too big (1262, ino=9223372036854782409, xinobits=3) [ 465.196930][T20722] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3) [ 465.206753][T20722] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3) [ 465.211847][T20722] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3) [ 465.214613][T20722] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3) [ 465.217388][T20722] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3) [ 465.220062][T20722] overlayfs: d_ino too big (dev, ino=9223372036854775811, xinobits=3) [ 465.227449][T20722] overlayfs: d_ino too big (instances, ino=4611686018427389232, xinobits=3) [ 465.283351][T20734] fuse: Bad value for 'fd' [ 465.340571][T20744] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 465.351190][T20744] batman_adv: batadv0: Adding interface: ip6gretap1 [ 465.356601][T20744] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1568 would solve the problem. [ 465.371199][T20744] batman_adv: batadv0: Interface activated: ip6gretap1 [ 465.448131][T20757] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6010'. [ 465.725770][T20780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 465.734041][T20780] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 465.833076][T20782] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6019'. [ 465.838171][T20782] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6019'. [ 467.013361][T20835] overlayfs: failed to clone upperpath [ 467.914769][T20862] netlink: 'syz.3.6053': attribute type 1 has an invalid length. [ 467.929251][T20862] 8021q: adding VLAN 0 to HW filter on device bond3 [ 467.966160][T20862] bond3: (slave geneve3): making interface the new active one [ 467.969937][T20862] bond3: (slave geneve3): Enslaving as an active interface with an up link [ 467.978006][ T43] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.985356][ T43] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.991703][ T43] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.998405][ T43] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.099021][T20867] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 468.164274][T20867] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 468.247267][T20867] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 468.310630][T20867] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 468.378753][ T43] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 468.388384][ T43] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 468.409455][ T43] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 468.417786][ T43] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 469.031585][T20878] netlink: 'syz.3.6059': attribute type 4 has an invalid length. [ 469.342376][T20897] netlink: 'syz.4.6068': attribute type 30 has an invalid length. [ 469.396377][T20898] netlink: 'syz.4.6068': attribute type 30 has an invalid length. [ 469.494899][T20902] batadv_slave_1: entered promiscuous mode [ 469.510384][T20901] batadv_slave_1: left promiscuous mode [ 469.852126][T20918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6078'. [ 470.086412][T20932] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6086'. [ 470.937041][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 470.937059][ T40] audit: type=1326 audit(1778373834.600:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20983 comm="syz.6.6106" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff2fcc code=0x0 [ 471.205921][T20994] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.270062][T20994] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.406154][T21004] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6113'. [ 471.409317][T21004] netlink: 'syz.4.6113': attribute type 6 has an invalid length. [ 471.423948][T21004] vxlan2: entered promiscuous mode [ 471.447877][T20994] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.536955][T20994] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.622507][T17869] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.628392][T17869] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.649825][T17869] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.660512][T17869] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.711778][T21013] 9pnet: p9_errstr2errno: server reported unknown error 0x0000 [ 471.792528][T21020] overlayfs: failed to clone upperpath [ 472.438999][T21055] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 472.515610][T21063] netlink: 'syz.3.6139': attribute type 2 has an invalid length. [ 472.518263][T21063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6139'. [ 472.815113][T21076] overlayfs: failed to clone upperpath [ 472.881031][ T40] audit: type=1800 audit(1778373836.540:1294): pid=21084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.6149" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 473.007226][T21094] overlayfs: failed to clone upperpath [ 473.021313][T21095] kernel read not supported for file /file0 (pid: 21095 comm: syz.4.6154) [ 473.026354][ T40] audit: type=1800 audit(1778373836.690:1295): pid=21095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6154" name="file0" dev="mqueue" ino=92924 res=0 errno=0 [ 473.863866][T21157] tipc: New replicast peer: 255.255.255.255 [ 473.867340][T21157] tipc: Enabled bearer , priority 10 [ 473.870966][T21157] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6180'. [ 473.876279][T21157] tipc: Disabling bearer [ 474.447563][T21182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 474.451457][T21182] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 474.573797][T21185] syz.6.6193 (21185): drop_caches: 2 [ 474.700705][T21204] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6195'. [ 474.961420][T21236] netlink: 212344 bytes leftover after parsing attributes in process `syz.6.6204'. [ 475.045967][T21248] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.6207'. [ 475.889413][T21313] overlayfs: failed to clone upperpath [ 476.743736][ T40] audit: type=1326 audit(1778373840.410:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8fcc code=0x7ffc0000 [ 476.753079][ T40] audit: type=1326 audit(1778373840.410:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8fcc code=0x7ffc0000 [ 476.762362][ T40] audit: type=1326 audit(1778373840.410:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7ff8fcc code=0x7ffc0000 [ 476.774214][ T40] audit: type=1326 audit(1778373840.410:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8fcc code=0x7ffc0000 [ 476.783268][ T40] audit: type=1326 audit(1778373840.410:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7ff8fcc code=0x7ffc0000 [ 476.792468][ T40] audit: type=1326 audit(1778373840.410:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff8fe8 code=0x7ffc0000 [ 476.801473][ T40] audit: type=1326 audit(1778373840.410:1302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff8fe8 code=0x7ffc0000 [ 476.810540][ T40] audit: type=1326 audit(1778373840.410:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff8fe8 code=0x7ffc0000 [ 476.816957][T21348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 476.819997][ T40] audit: type=1326 audit(1778373840.410:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff8fe8 code=0x7ffc0000 [ 476.824393][T21348] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 476.833128][ T40] audit: type=1326 audit(1778373840.410:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21345 comm="syz.0.6247" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff8fe8 code=0x7ffc0000 [ 476.941074][T21352] geneve1: Caught tx_queue_len zero misconfig [ 477.304497][T21366] dummy0: Caught tx_queue_len zero misconfig [ 477.319190][T21368] macvtap0: entered promiscuous mode [ 477.321875][T21368] dummy0: entered promiscuous mode [ 477.323902][T21368] macvtap0: entered allmulticast mode [ 477.326534][T21368] dummy0: entered allmulticast mode [ 477.339475][T21368] macvtap1: entered promiscuous mode [ 477.341203][T21368] macvtap1: entered allmulticast mode [ 477.474077][T21380] netlink: 'syz.3.6263': attribute type 1 has an invalid length. [ 477.481721][T21380] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.6263'. [ 477.484825][T21379] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6261'. [ 477.603654][T21391] fuse: fd is not a fuse device [ 477.605033][T21389] netlink: 876 bytes leftover after parsing attributes in process `syz.0.6267'. [ 477.609290][T21389] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6267'. [ 477.708617][ T43] tipc: Subscription rejected, illegal request [ 477.834453][T21405] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.918798][T21405] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.999079][T21405] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.099120][T21405] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.190267][T21425] block nbd4: shutting down sockets [ 478.214775][ T43] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.239730][ T43] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.250890][ T43] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.269475][ T43] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.940576][T21488] input: syz1 as /devices/virtual/input/input81 [ 479.580561][T21516] overlayfs: failed to clone upperpath [ 479.601027][T21518] vivid-002: disconnect [ 479.612869][T21517] vivid-002: reconnect [ 480.287522][T21565] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 481.325545][T21591] overlayfs: failed to clone upperpath [ 481.329259][T21591] overlayfs: failed to clone upperpath [ 481.611777][T21612] overlayfs: failed to clone upperpath [ 481.647349][T21616] fuse: fd is not a fuse device [ 482.135162][T21657] IPVS: ovf: UDP 224.0.0.1:0 - no destination available [ 482.463919][T21672] only policy match revision 0 supported [ 482.463936][T21672] unable to load match [ 483.738362][T21717] netlink: 'syz.3.6402': attribute type 1 has an invalid length. [ 483.741678][T21717] netlink: 'syz.3.6402': attribute type 4 has an invalid length. [ 483.744437][T21717] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.6402'. [ 483.800030][T21725] netlink: 7 bytes leftover after parsing attributes in process `syz.3.6405'. [ 483.848799][T21729] overlayfs: failed to clone upperpath [ 484.054681][T21743] gtp1: entered promiscuous mode [ 484.070420][T21743] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6414'. [ 484.193531][T21751] fuse: fd is not a fuse device [ 484.603395][T21772] pimreg: entered allmulticast mode [ 484.611088][T21772] pimreg: left allmulticast mode [ 484.825082][T21777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6429'. [ 484.872070][T21779] IPv6: sit3: Disabled Multicast RS [ 484.873938][T21779] sit3: entered allmulticast mode [ 485.254829][T21817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6446'. [ 485.259286][T21817] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6446'. [ 485.373796][T21833] netlink: 'syz.4.6452': attribute type 1 has an invalid length. [ 485.388863][T21833] bond3: entered promiscuous mode [ 485.393163][T21833] 8021q: adding VLAN 0 to HW filter on device bond3 [ 485.427637][T21833] 8021q: adding VLAN 0 to HW filter on device bond3 [ 485.430783][T21833] bond3: (slave vti0): The slave device specified does not support setting the MAC address [ 485.440927][T21833] bond3: (slave vti0): Setting fail_over_mac to active for active-backup mode [ 485.447504][T21833] bond3: (slave vti0): making interface the new active one [ 485.450472][T21833] vti0: entered promiscuous mode [ 485.453549][T21833] bond3: (slave vti0): Enslaving as an active interface with an up link [ 485.507310][T21844] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6457'. [ 485.597508][T21852] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6460'. [ 485.847392][ T40] kauditd_printk_skb: 318 callbacks suppressed [ 485.847407][ T40] audit: type=1800 audit(1778373849.510:1624): pid=21863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.6465" name="nullb0" dev="tmpfs" ino=8125 res=0 errno=0 [ 486.239000][T21884] overlayfs: failed to clone upperpath [ 486.408348][T21893] gre0: left allmulticast mode [ 486.604412][T21899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6479'. [ 486.620200][T21899] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6479'. [ 487.117627][T21923] IPv6: sit4: Disabled Multicast RS [ 487.894971][T21964] input: syz1 as /devices/virtual/input/input82 [ 488.054742][ T40] audit: type=1326 audit(1778373851.720:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 488.063026][ T40] audit: type=1326 audit(1778373851.720:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 488.071018][ T40] audit: type=1326 audit(1778373851.720:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf6fdeff7 code=0x7ffc0000 [ 488.079823][ T40] audit: type=1326 audit(1778373851.720:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 488.087943][ T40] audit: type=1326 audit(1778373851.720:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 488.096403][ T40] audit: type=1326 audit(1778373851.720:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf6fdeff7 code=0x7ffc0000 [ 488.105097][ T40] audit: type=1326 audit(1778373851.720:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 488.113412][ T40] audit: type=1326 audit(1778373851.720:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf6fdefcc code=0x7ffc0000 [ 488.121436][ T40] audit: type=1326 audit(1778373851.720:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21973 comm="syz.4.6512" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf6fdeff7 code=0x7ffc0000 [ 488.396212][T21989] "syz.4.6518" (21989) uses obsolete ecb(arc4) skcipher [ 489.263433][T22029] __nla_validate_parse: 1 callbacks suppressed [ 489.263445][T22029] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6532'. [ 489.348224][T22033] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 489.351984][T22033] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 490.277948][T22081] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6552'. [ 490.634767][T22099] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6559'. [ 490.688932][T22099] netlink: 20 bytes leftover after parsing attributes in process `syz.6.6559'. [ 490.692004][T22099] nbd: device at index 64 is going down [ 490.748589][T13548] udevd[13548]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 490.764635][T22110] bond0: entered promiscuous mode [ 490.767425][T22110] batadv0: entered promiscuous mode [ 490.769932][T22110] debugfs: 'hsr0' already exists in 'hsr' [ 490.772921][T22110] Cannot create hsr debugfs directory [ 490.775189][T22110] hsr0: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 490.779048][T22110] hsr0: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 490.785749][T22110] 8021q: adding VLAN 0 to HW filter on device hsr0 [ 490.799434][T22110] netlink: 'syz.3.6563': attribute type 10 has an invalid length. [ 490.802481][T22110] syz_tun: left allmulticast mode [ 490.804286][T22110] bridge0: port 1(syz_tun) entered disabled state [ 490.883401][T22114] netlink: 212344 bytes leftover after parsing attributes in process `syz.3.6565'. [ 491.100269][T22136] netlink: 212360 bytes leftover after parsing attributes in process `syz.0.6573'. [ 491.448834][T22162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6584'. [ 491.457752][T22162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6584'. [ 491.848288][T22182] netlink: 27 bytes leftover after parsing attributes in process `syz.4.6593'. [ 491.972837][T22190] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6596'. [ 492.034683][T22194] nbd: device at index 64 is going down [ 492.156324][T13548] udevd[13548]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 492.161917][T13548] udevd[13548]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 492.226172][T22200] bond0: entered promiscuous mode [ 492.228325][T22200] bond_slave_0: entered promiscuous mode [ 492.230971][T22200] bond_slave_1: entered promiscuous mode [ 492.244596][T22200] batadv0: entered promiscuous mode [ 492.262458][T22200] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 492.264533][T22204] netlink: 'syz.6.6599': attribute type 10 has an invalid length. [ 492.275978][T22204] syz_tun: entered promiscuous mode [ 492.281456][T22204] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 492.672923][T22229] fuse: fd is not a fuse device [ 492.716539][ T40] kauditd_printk_skb: 1557 callbacks suppressed [ 492.716556][ T40] audit: type=1326 audit(1778373856.380:3191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22233 comm="syz.3.6612" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701efcc code=0x0 [ 493.486631][T22247] fuse: fd is not a fuse device [ 493.517955][T22249] netlink: 'syz.0.6617': attribute type 1 has an invalid length. [ 493.529473][T22249] bond3: entered promiscuous mode [ 493.531307][T22249] bond3: entered allmulticast mode [ 493.534711][T22249] 8021q: adding VLAN 0 to HW filter on device bond3 [ 493.554885][T22249] erspan1: entered allmulticast mode [ 493.560631][T22249] bond3: (slave erspan1): making interface the new active one [ 493.563492][T22249] erspan1: entered promiscuous mode [ 493.566844][T22249] bond3: (slave erspan1): Enslaving as an active interface with an up link [ 493.627717][T22252] netlink: 'syz.3.6618': attribute type 10 has an invalid length. [ 493.633243][T22252] team0: Failed to send options change via netlink (err -105) [ 493.635759][T22252] team0: Port device dummy0 added [ 493.640480][T22252] netlink: 'syz.3.6618': attribute type 10 has an invalid length. [ 493.647417][T22252] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 493.656997][T22252] team0: Failed to send options change via netlink (err -105) [ 493.659767][T22252] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 493.663213][T22252] team0: Port device dummy0 removed [ 493.737648][T22258] netlink: 'syz.0.6621': attribute type 12 has an invalid length. [ 493.773528][T22262] netlink: 'syz.3.6623': attribute type 1 has an invalid length. [ 493.842250][T22262] bond4: (slave geneve4): making interface the new active one [ 493.863524][T22262] bond4: (slave geneve4): Enslaving as an active interface with an up link [ 493.871033][T17869] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 493.876061][T17869] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 493.878677][T17869] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 493.888978][T17869] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 494.361482][T13548] udevd[13548]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 494.632416][T22314] overlayfs: failed to clone lowerpath [ 494.635344][T22314] overlayfs: failed to clone lowerpath [ 495.024338][ T40] audit: type=1800 audit(1778373858.690:3192): pid=22335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.6651" name="nullb0" dev="tmpfs" ino=4296 res=0 errno=0 [ 495.158218][T22342] fuse: fd is not a fuse device [ 495.458769][T22362] netlink: 'syz.3.6663': attribute type 1 has an invalid length. [ 495.480928][T22362] 8021q: adding VLAN 0 to HW filter on device bond5 [ 495.517208][T22362] bond5: (slave gretap1): making interface the new active one [ 495.522900][T22362] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 495.808269][T22382] netlink: 'syz.6.6671': attribute type 1 has an invalid length. [ 495.851054][T22382] bond7: (slave geneve3): making interface the new active one [ 495.855471][T22382] bond7: (slave geneve3): Enslaving as an active interface with an up link [ 495.859193][T17862] netdevsim netdevsim6 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 495.862967][T17862] netdevsim netdevsim6 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 495.866550][T17862] netdevsim netdevsim6 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 495.870150][T17862] netdevsim netdevsim6 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 496.208383][T22417] __nla_validate_parse: 3 callbacks suppressed [ 496.208397][T22417] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6683'. [ 496.252570][T22417] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6683'. [ 496.255400][T22417] nbd: device at index 64 is going down [ 496.310892][T13548] udevd[13548]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 497.414186][T22452] fuse: Bad value for 'fd' [ 497.809994][T22476] netlink: 'syz.4.6706': attribute type 11 has an invalid length. [ 497.813480][T22476] netlink: 56 bytes leftover after parsing attributes in process `syz.4.6706'. [ 497.819300][T22476] netlink: 'syz.4.6706': attribute type 11 has an invalid length. [ 497.824989][T22476] netlink: 56 bytes leftover after parsing attributes in process `syz.4.6706'. [ 498.335236][T22493] dvmrp1: entered allmulticast mode [ 498.369201][T22493] netlink: 'syz.0.6713': attribute type 39 has an invalid length. [ 498.383332][T22493] dvmrp1 (unregistering): left allmulticast mode [ 499.117017][T22521] overlayfs: failed to clone upperpath [ 499.322617][ T40] audit: type=1804 audit(1778373862.990:3193): pid=22533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.6729" name="file0" dev="tmpfs" ino=4108 res=1 errno=0 [ 499.500472][T22545] netlink: 'syz.0.6735': attribute type 1 has an invalid length. [ 499.513642][T22545] 8021q: adding VLAN 0 to HW filter on device bond4 [ 499.543262][T22545] erspan0: entered allmulticast mode [ 499.552538][T22545] bond4: (slave erspan0): making interface the new active one [ 499.557475][T22545] bond4: (slave erspan0): Enslaving as an active interface with an up link [ 500.119978][T22574] dvmrp1: entered allmulticast mode [ 500.171217][T22574] netlink: 'syz.4.6746': attribute type 39 has an invalid length. [ 500.178366][T22574] dvmrp1 (unregistering): left allmulticast mode [ 500.366495][T17872] [ 500.367531][T17872] ============================================ [ 500.370035][T17872] WARNING: possible recursive locking detected [ 500.372596][T17872] syzkaller #0 Tainted: G L [ 500.375183][T17872] -------------------------------------------- [ 500.377417][T17872] kworker/u32:31/17872 is trying to acquire lock: [ 500.379467][T17872] ffff888076aa3158 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc60 [ 500.382897][T17872] [ 500.382897][T17872] but task is already holding lock: [ 500.385632][T17872] ffff88805f4b0d58 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc60 [ 500.389445][T17872] [ 500.389445][T17872] other info that might help us debug this: [ 500.392617][T17872] Possible unsafe locking scenario: [ 500.392617][T17872] [ 500.395601][T17872] CPU0 [ 500.396954][T17872] ---- [ 500.398367][T17872] lock(&qdisc_xmit_lock_key#4); [ 500.400059][T17872] lock(&qdisc_xmit_lock_key#4); [ 500.401708][T17872] [ 500.401708][T17872] *** DEADLOCK *** [ 500.401708][T17872] [ 500.404278][T17872] May be due to missing lock nesting notation [ 500.404278][T17872] [ 500.407331][T17872] 11 locks held by kworker/u32:31/17872: [ 500.409276][T17872] #0: ffff888029bce940 ((wq_completion)bond3#4){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 500.412643][T17872] #1: ffffc900030e7d08 ((work_completion)(&(&bond->alb_work)->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 500.416447][T17872] #2: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: bond_alb_monitor+0xec/0x1700 [ 500.419652][T17872] #3: ffffffff8e7e5280 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x296/0x4950 [ 500.422875][T17872] #4: ffff888021188228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#5){+...}-{3:3}, at: __dev_queue_xmit+0x24ef/0x4950 [ 500.426843][T17872] #5: ffff88805f4b0d58 (&qdisc_xmit_lock_key#4){+.-.}-{3:3}, at: sch_direct_xmit+0x3b5/0xc60 [ 500.430208][T17872] #6: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: ip_output+0xb3/0xc10 [ 500.432972][T17872] #7: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x356/0x2400 [ 500.436038][T17872] #8: ffffffff8e7e52e0 (rcu_read_lock){....}-{1:3}, at: arp_xmit+0x26/0x2e0 [ 500.438889][T17872] #9: ffffffff8e7e5280 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x296/0x4950 [ 500.442075][T17872] #10: ffff8880764b6228 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#5){+...}-{3:3}, at: __dev_queue_xmit+0x24ef/0x4950 [ 500.446047][T17872] [ 500.446047][T17872] stack backtrace: [ 500.447935][T17872] CPU: 1 UID: 0 PID: 17872 Comm: kworker/u32:31 Tainted: G L syzkaller #0 PREEMPT(full) [ 500.447952][T17872] Tainted: [L]=SOFTLOCKUP [ 500.447956][T17872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 500.447964][T17872] Workqueue: bond3 bond_alb_monitor [ 500.447980][T17872] Call Trace: [ 500.447985][T17872] [ 500.447990][T17872] dump_stack_lvl+0x100/0x190 [ 500.448003][T17872] print_deadlock_bug.cold+0xbd/0xca [ 500.448020][T17872] __lock_acquire+0x12bb/0x2630 [ 500.448033][T17872] ? kmalloc_reserve+0x148/0x350 [ 500.448049][T17872] lock_acquire+0x1b1/0x370 [ 500.448059][T17872] ? sch_direct_xmit+0x3b5/0xc60 [ 500.448074][T17872] _raw_spin_lock+0x2e/0x40 [ 500.448097][T17872] ? sch_direct_xmit+0x3b5/0xc60 [ 500.448109][T17872] sch_direct_xmit+0x3b5/0xc60 [ 500.448122][T17872] ? lock_acquire+0x1b1/0x370 [ 500.448131][T17872] ? __pfx_sch_direct_xmit+0x10/0x10 [ 500.448144][T17872] ? __pfx_do_raw_spin_trylock+0x10/0x10 [ 500.448160][T17872] __dev_queue_xmit+0x2794/0x4950 [ 500.448177][T17872] ? __pfx_arpt_do_table+0x10/0x10 [ 500.448192][T17872] ? __pfx___dev_queue_xmit+0x10/0x10 [ 500.448208][T17872] ? lock_acquire+0xc0/0x370 [ 500.448218][T17872] ? find_held_lock+0x2b/0x80 [ 500.448232][T17872] ? nf_hook.constprop.0+0x2f0/0x760 [ 500.448242][T17872] ? nf_hook.constprop.0+0x2f0/0x760 [ 500.448253][T17872] ? nf_hook.constprop.0+0x2fa/0x760 [ 500.448264][T17872] ? __pfx_arp_xmit_finish+0x10/0x10 [ 500.448284][T17872] arp_xmit+0x106/0x2e0 [ 500.448294][T17872] arp_send_dst+0x200/0x280 [ 500.448305][T17872] arp_solicit+0x672/0x1070 [ 500.448316][T17872] ? rcu_is_watching+0x12/0xc0 [ 500.448330][T17872] ? __pfx_arp_solicit+0x10/0x10 [ 500.448341][T17872] ? neigh_probe+0x72/0x110 [ 500.448368][T17872] ? __pfx_arp_solicit+0x10/0x10 [ 500.448380][T17872] neigh_probe+0xce/0x110 [ 500.448391][T17872] __neigh_event_send+0xacf/0x13f0 [ 500.448407][T17872] neigh_resolve_output+0x550/0x8f0 [ 500.448423][T17872] ? __pfx____neigh_create+0x10/0x10 [ 500.448439][T17872] ip_finish_output2+0x851/0x2400 [ 500.448457][T17872] ? __pfx_ip_finish_output2+0x10/0x10 [ 500.448473][T17872] ? __pfx_ip_dst_mtu_maybe_forward+0x10/0x10 [ 500.448489][T17872] ? nf_nat_ipv4_out+0xb2/0x510 [ 500.448501][T17872] ? find_held_lock+0x2b/0x80 [ 500.448515][T17872] __ip_finish_output.part.0+0x444/0x6f0 [ 500.448533][T17872] ip_output+0x39b/0xc10 [ 500.448548][T17872] ? __pfx_ip_output+0x10/0x10 [ 500.448563][T17872] ? __pfx_get_random_u32+0x10/0x10 [ 500.448577][T17872] ? __pfx_ip_finish_output+0x10/0x10 [ 500.448594][T17872] ? __pfx_ip_output+0x10/0x10 [ 500.448610][T17872] ip_local_out+0x193/0x1f0 [ 500.448626][T17872] iptunnel_xmit+0x722/0xd20 [ 500.448639][T17872] ip_tunnel_xmit+0x1b85/0x3200 [ 500.448658][T17872] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 500.448673][T17872] ? mark_held_locks+0x40/0x70 [ 500.448682][T17872] ? kasan_quarantine_put+0x10f/0x240 [ 500.448693][T17872] ? lockdep_hardirqs_on+0x78/0x100 [ 500.448713][T17872] __gre_xmit+0x820/0xb20 [ 500.448728][T17872] ? __pfx___gre_xmit+0x10/0x10 [ 500.448742][T17872] ? __pfx_pskb_expand_head+0x10/0x10 [ 500.448754][T17872] ? netif_skb_features+0x9cf/0x13f0 [ 500.448771][T17872] erspan_xmit+0x55a/0x1ec0 [ 500.448785][T17872] ? __pfx_stack_trace_save+0x10/0x10 [ 500.448801][T17872] ? __pfx_erspan_xmit+0x10/0x10 [ 500.448817][T17872] dev_hard_start_xmit+0x128/0x7a0 [ 500.448839][T17872] sch_direct_xmit+0x1b2/0xc60 [ 500.448852][T17872] ? lock_acquire+0x1b1/0x370 [ 500.448862][T17872] ? __pfx_sch_direct_xmit+0x10/0x10 [ 500.448874][T17872] ? __pfx_do_raw_spin_trylock+0x10/0x10 [ 500.448889][T17872] __dev_queue_xmit+0x2794/0x4950 [ 500.448907][T17872] ? rcu_is_watching+0x12/0xc0 [ 500.448920][T17872] ? __pfx___dev_queue_xmit+0x10/0x10 [ 500.448936][T17872] ? __kasan_slab_alloc+0x89/0x90 [ 500.448948][T17872] ? __kasan_kfree_large+0x40/0x80 [ 500.448960][T17872] ? kmalloc_reserve+0xf9/0x350 [ 500.448975][T17872] ? __asan_memset+0x23/0x50 [ 500.448991][T17872] ? __alloc_skb+0x4e9/0x710 [ 500.449004][T17872] ? __netdev_alloc_skb+0x10d/0x960 [ 500.449015][T17872] alb_send_lp_vid+0x31e/0x540 [ 500.449029][T17872] ? __pfx_alb_send_lp_vid+0x10/0x10 [ 500.449042][T17872] ? __lock_acquire+0x4a5/0x2630 [ 500.449052][T17872] ? __pfx___resched_curr+0x10/0x10 [ 500.449067][T17872] alb_send_learning_packets+0xe0/0x2f0 [ 500.449080][T17872] ? __pfx_alb_send_learning_packets+0x10/0x10 [ 500.449097][T17872] bond_alb_monitor+0x9a0/0x1700 [ 500.449113][T17872] ? __pfx_bond_alb_monitor+0x10/0x10 [ 500.449127][T17872] ? rcu_is_watching+0x12/0xc0 [ 500.449140][T17872] process_one_work+0xa0e/0x1980 [ 500.449155][T17872] ? __pfx_process_one_work+0x10/0x10 [ 500.449167][T17872] ? __pfx_bond_alb_monitor+0x10/0x10 [ 500.449181][T17872] worker_thread+0x5ef/0xe50 [ 500.449194][T17872] ? kthread+0x13a/0x450 [ 500.449203][T17872] ? __pfx_worker_thread+0x10/0x10 [ 500.449213][T17872] kthread+0x370/0x450 [ 500.449222][T17872] ? __pfx_kthread+0x10/0x10 [ 500.449231][T17872] ret_from_fork+0x72b/0xd50 [ 500.449243][T17872] ? __pfx_ret_from_fork+0x10/0x10 [ 500.449255][T17872] ? __switch_to+0x800/0x1100 [ 500.449270][T17872] ? __pfx_kthread+0x10/0x10 [ 500.449280][T17872] ret_from_fork_asm+0x1a/0x30 [ 500.449298][T17872] [ 506.052785][ T1430] ieee802154 phy1 wpan1: encryption failed: -22