last executing test programs: 12.562060602s ago: executing program 0 (id=3107): socket(0x1d, 0x2, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x16, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x2, 0xb42, 0x0, 0x0}) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x1) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 9.926727664s ago: executing program 0 (id=3118): r0 = io_uring_setup(0x68af, &(0x7f0000000200)={0x0, 0x6367, 0x10000}) close(0x3) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) close_range(r0, 0xffffffffffffffff, 0x0) 9.08124537s ago: executing program 0 (id=3124): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001640)=ANY=[@ANYBLOB="1201000000000040ac057d02000000000001090224000100005000090400fefd030101000921040008012208000905810300000705033d06c66bbd7cb0c848aa5d73fd978411d965fd32feb36c2057704dc526802d924e2d1328babfb8a8eed550f88ba6"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x22, 0x8, {[@global=@item_4={0x3, 0x1, 0x1, "e0c1c41e"}, @local=@item_012={0x2, 0x2, 0x3, '\x00\x00'}]}}, 0x0}, 0x0) 9.016876161s ago: executing program 1 (id=3125): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x5, 0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x0, 0x3, {0x5, 0x2, 0x6}}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r4, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 8.684837606s ago: executing program 1 (id=3128): socket$unix(0x1, 0x5, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$loop(&(0x7f0000000280), 0x80, 0x800) dup3(r1, r0, 0x80000) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="9115463edc030080c200000308060001080006"], 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) 8.449098973s ago: executing program 1 (id=3132): prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58) pause() syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x3) 7.192769668s ago: executing program 0 (id=3140): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r1) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c00712152230000000"], 0x0) ioctl$EVIOCRMFF(r1, 0x4004550f, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$hidraw(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000001c40)={{0x12, 0x1, 0x0, 0x1c, 0xa3, 0x7b, 0x10, 0xc72, 0x13, 0xbabe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd0, 0x0, 0x1, 0x56, 0xb0, 0xd3, 0x0, [], [{{0x9, 0x5, 0x6}}]}}]}}]}}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000440)={0x2c, &(0x7f00000002c0)={0x20, 0x65c4bd061966e804, 0x50, {0x50, 0x11, "9357268d7325cb75734142cd35584f9f0958a22ec30a4661a0adc8812cd4b87cd2d161882bb1af0f27660b43f93c675791ac48056c7ba4a127ee4ca218ca6144198362ff5afcdacc3397186eef82"}}, &(0x7f0000000340)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x408}}, &(0x7f0000000380)={0x0, 0xf, 0xe, {0x5, 0xf, 0xe, 0x3, [@ptm_cap={0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}]}}, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x0, 0xe, 0x48, "fc0781e0", "2379b13f"}}, &(0x7f0000000400)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7f, 0x60, 0x5, 0x7, 0x5, 0x5, 0x6}}}, 0x0) read$char_usb(0xffffffffffffffff, 0x0, 0x62) r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0xb, 0xf9, 0x8b, 0x40, 0x4f2, 0xaffc, 0x8861, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x3, 0x6}}]}}]}}]}}, 0x0) write$char_usb(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000ac0)=""/21) syz_usb_control_io(r3, 0x0, 0x0) write$char_usb(r2, &(0x7f0000000100), 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xb0e, 0xffffffff, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_disconnect(r0) read$char_usb(r2, &(0x7f00000001c0)=""/231, 0xe7) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_connect$cdc_ecm(0x1, 0x68, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x56, 0x1, 0x1, 0x83, 0x30, 0x2, [{{0x9, 0x4, 0x0, 0x8, 0x3, 0x2, 0x6, 0x0, 0x7f, {{0x9, 0x24, 0x6, 0x0, 0x0, "d6b93653"}, {0x5, 0x24, 0x0, 0x88a3}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x101, 0x9, 0xb}, [@ncm={0x6, 0x24, 0x1a, 0x10, 0x34}, @mbim_extended={0x8, 0x24, 0x1c, 0x4, 0x4, 0x4}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9, 0x3, 0x8}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x7, 0x54, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x9, 0x1, 0xe0}}}}}]}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x438}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x408}}]}) 6.145279486s ago: executing program 1 (id=3145): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x7, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000300)={0x1, 0x0, 0x0, 'queue1\x00'}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80000) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x4e22, 0xc, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x3}, 0x1c) r2 = fcntl$dupfd(r1, 0x406, r1) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000380)=0x10, 0x4) recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x1b, 0x0}}], 0x40000000000012d, 0x2, 0x0) 5.73832211s ago: executing program 4 (id=3149): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000200)={'wlan0\x00', &(0x7f0000000340)=@ethtool_stats={0x2b}}) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0xf00, 0x2, 0x0, 0x10005, 0x920, 0x7, 0x3, 0x3}}) r2 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x6, 0x80000) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x0, 0x1}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r7, &(0x7f0000006380)={0x2020}, 0x2020) ioctl$FE_SET_PROPERTY(r2, 0x40086f52, &(0x7f0000000080)={0x29, &(0x7f0000000140)=[{0x2d, '\x00', @st={0x4, [{0x1, @uvalue=0x8}, {0x1, @svalue=0xfffffffffffffff4}, {0x2, @uvalue=0x7ff}, {0x1, @uvalue=0x5}]}, 0x9000}, {0x3d, '\x00', @st={0x4, [{0x1, @svalue=0x8000}, {0x1, @svalue=0xffffffffffffffff}, {0x1, @uvalue=0x8}, {0x1, @uvalue=0x3}]}, 0x8}, {0x4, '\x00', @data=0xfffffbff, 0x9}, {0x11, '\x00', @buffer={"fee8e0d5d730a72d318e82067165941affe4fda6398de6e77f91690cc178ca2f", 0x20}, 0xfffffffa}, {0x5, '\x00', @st={0x4, [{0x1, @uvalue=0x7fffffffffffffff}, {0x3, @svalue=0x4}, {0x0, @svalue=0x3}, {0x3, @svalue=0x7fffffffffffffff}]}, 0x100}, {0x2, '\x00', @data=0x80, 0x1}, {0x6, '\x00', @data=0x6, 0xbff}, {0x31, '\x00', @buffer={"a5c66edb0be583649f49526f5efce63f0628e4634a4d84fa66d7850d63f8da6a", 0x20}, 0x12}, {0x2f, '\x00', @buffer={"80b3740b6dcbcc6cb07262b81484a60967dac157e7c60965af215fcd436ed704", 0x20}, 0x3af}]}) 5.552956202s ago: executing program 4 (id=3151): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000500)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB='h\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000250a00000008000300", @ANYRES32=r3, @ANYBLOB='\b\x007\x00\x00\x00\x00\x00\b\x00\t'], 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008840) 5.382574603s ago: executing program 4 (id=3153): socket(0x1d, 0x2, 0x6) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x16, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x24000805}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x2, 0xb42, 0x0, 0x0}) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socket$nl_xfrm(0x10, 0x3, 0x6) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) 5.192158415s ago: executing program 3 (id=3154): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x121000) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0x40485404, &(0x7f0000000180)={{0x3, 0x2, 0x1, 0x1, 0xfffffffc}, 0x37, 0x19c}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.net/syz1\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x8}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0x5, 0x4}, {0x85, 0x0, 0x0, 0x1c}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/schedstat\x00', 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) read$FUSE(r2, &(0x7f0000003900)={0x2020}, 0x2020) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x9, 0x8, 0x40, 0xc0, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r3}, 0x38) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x4}, 0x38) 4.976956203s ago: executing program 2 (id=3155): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)={0x1c, 0x5e, 0x401, 0x0, 0x25dfdbfe, "", [@generic="e9e79bfe64baceaad8"]}, 0x1c}], 0x1}, 0x40) 4.972451794s ago: executing program 3 (id=3156): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000200)=[{0x41e, 0x4, 0x1, 0x5da7}, {0x1, 0x80, 0xc8, 0x6}, {0x8, 0xf, 0x8, 0xbfa}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) r2 = socket$inet(0x2, 0x3, 0x9) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x4b, 0x1, 0xffffffff, 0x6, 0x0) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x8, 0x4) shutdown(r2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100ffffffff000000001a00000018000780140002007c756e6c300000000000000000000000a7a5ff4d05bd8e943cba11c2b5374a1aa280731272a4b8a976502909fbfc17d2945ab6117e527655187806e4e11ffd00"], 0x2c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_int(r5, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) sendfile(r6, r6, 0x0, 0x4) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mlock(&(0x7f0000449000/0x3000)=nil, 0x3000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) 4.715426229s ago: executing program 2 (id=3157): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000680)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xfffffffffffffeec) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r1 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) keyctl$restrict_keyring(0xa, r1, 0x0, &(0x7f0000000000)='id:cb2e') sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='vegas', 0x5) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 3.580932875s ago: executing program 0 (id=3158): syz_usb_connect(0x3, 0x8c6, &(0x7f0000000300)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde700a2401010080020102081305052f"], &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x5, &(0x7f0000000340)=@string={0x5, 0x3, "71710e"}}]}) connect$unix(0xffffffffffffffff, 0x0, 0x0) 3.113487318s ago: executing program 3 (id=3159): syz_usb_connect(0x5, 0x57, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x63, 0x36, 0xf9, 0x40, 0xbda, 0xb711, 0x660, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x45, 0x1, 0x0, 0x0, 0x10, 0x8, [{{0x9, 0x4, 0x17, 0x8, 0x3, 0xff, 0xff, 0xff, 0x0, [@uac_as={[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x81, 0x4, 0x1}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0xd2, 0x1, 0xc5, 0xdf}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x8, 0x3, 0x7, 0x6}]}], [{{0x9, 0x5, 0x0, 0xc, 0x400, 0x75, 0x9, 0x4}}, {{0x9, 0x5, 0x80, 0x1, 0x3ff, 0x0, 0x8, 0x4}}, {{0x9, 0x5, 0x6, 0x0, 0x20, 0x4, 0x5, 0x7}}]}}]}}]}}, 0x0) 2.892308342s ago: executing program 1 (id=3160): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) ioprio_set$pid(0x2, 0x0, 0x2000) 2.47686195s ago: executing program 1 (id=3161): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000800) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000000), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x0, 0x2, 0x0, 0x42}) 2.28991218s ago: executing program 2 (id=3162): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x31, 0x0, 0x0) listen(0xffffffffffffffff, 0x3) bind$inet6(0xffffffffffffffff, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x24000088, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback, 0xfffffffe}, 0x1c) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f000000", 0x28}, {&(0x7f0000000100)="c40ad38ae96b", 0x6}], 0x2}, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000940)="6ddb55d7833511c885979f0c1dbf7c09f298654351aff19ccd78573f28cb5a9311efce66b38e3359df78e7a3aa090000000000000074d86bb137c8000000000226632e1beefc35ac6295a742eba0bc4fa56338f39271ff420299d5a4d88eccfb7832872e25a134303d5a150b004df036eb628c08b8059693b7d5fc0b489d212c2099ef5f706abab6509f3b8c666c4323e6752e9352797c2d497fa037", 0x9c}], 0x1}}], 0x1, 0xc4) 2.100425661s ago: executing program 4 (id=3163): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000500)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB='h\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000250a00000008000300", @ANYRES32=r3, @ANYBLOB='\b\x007\x00\x00\x00\x00\x00\b\x00\t'], 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008840) 1.939892805s ago: executing program 2 (id=3164): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007012bbd700000000000017c00000400fc800c00018008000600", @ANYRES32=0x0, @ANYBLOB="080002807235ab62080007"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) 1.939047782s ago: executing program 4 (id=3165): setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x40000005, 0x30}, 0xc) r0 = dup(0xffffffffffffffff) sendmsg$kcm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000100)="1d", 0x1}], 0x1}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x0, 0x20}, 0xc) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x111, 0x8}}, 0x34000) 1.781208392s ago: executing program 4 (id=3166): syz_usb_connect$hid(0x2, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0xc45, 0x760b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x30, 0xf, [{{0x9, 0x4, 0x0, 0xf, 0x1, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x3, 0xa0, 0x1, {0x22, 0x599}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0xb3, 0xb, 0xf9}}}}}]}}]}}, 0x0) 1.359159228s ago: executing program 3 (id=3167): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x803, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x4}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) 932.402966ms ago: executing program 3 (id=3168): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0x403, 0x70bd24, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000) 460.077045ms ago: executing program 0 (id=3169): socket(0x2000000000000021, 0x2, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs$pagemap(0x0, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x1, 0x0, 0x10}, &(0x7f0000000380)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r2, 0x3f70, 0x0, 0x0, 0x0, 0x0) 438.674915ms ago: executing program 2 (id=3170): unshare(0x22020600) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000400), 0x103040, 0x0) ioctl$PTP_EXTTS_REQUEST2(r0, 0x40103d0b, 0x0) 367.971066ms ago: executing program 3 (id=3171): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={0x44, r1, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x83}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x3ad}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000012}, 0x4814) 0s ago: executing program 2 (id=3172): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x3, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x5, 0x8}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x0, 0x3, {0x5, 0x2, 0x6}}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000880) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2a, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) kernel console output (not intermixed with test programs): [ 244.570525][ T9] usb 2-1: selecting invalid altsetting 0 [ 244.877514][ T44] usb 2-1: USB disconnect, device number 21 [ 245.514876][ T5833] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 245.578599][ T9] usb 3-1: USB disconnect, device number 13 [ 245.621570][ T9] yurex 3-1:0.50: USB YUREX #0 now disconnected [ 245.697792][ T5833] usb 4-1: Using ep0 maxpacket: 8 [ 245.710625][ T5833] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 245.727643][ T5833] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 245.748867][ T5833] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 245.766371][ T5833] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 245.787593][ T5833] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 245.842563][ T5833] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 245.867590][ T5833] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.071933][T10696] netlink: 'syz.0.2041': attribute type 1 has an invalid length. [ 246.099679][ T5833] usb 4-1: GET_CAPABILITIES returned 0 [ 246.105518][ T5833] usbtmc 4-1:16.0: can't read capabilities [ 246.222343][T10718] bond1: (slave gretap1): making interface the new active one [ 246.230722][T10718] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 246.257100][T10722] vlan2: entered promiscuous mode [ 246.262474][T10722] bond1: entered promiscuous mode [ 246.268339][T10722] gretap1: entered promiscuous mode [ 246.276833][T10722] bond1: (slave vlan2): Opening slave failed [ 246.505502][T10689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.517937][T10689] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.770833][T10731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.811419][T10731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.935727][T10736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 246.970715][T10736] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.062682][T10742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 247.090724][T10742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.107436][T10689] usbtmc 4-1:16.0: usb_control_msg returned -71 [ 247.107879][ T9] usb 4-1: USB disconnect, device number 13 [ 247.584448][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 247.692692][T10770] delete_channel: no stack [ 247.754378][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 247.763121][ T9] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 247.772981][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.794811][ T9] usb 4-1: config 0 descriptor?? [ 248.005279][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 248.026343][ T9] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 248.044496][ T9] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 248.446500][ T44] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 248.649052][ T44] usb 3-1: config 1 interface 0 has no altsetting 0 [ 248.681382][ T44] usb 3-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 248.704541][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.723078][ T44] usb 3-1: Product: syz [ 248.728918][ T44] usb 3-1: Manufacturer: syz [ 248.745159][ T44] usb 3-1: SerialNumber: syz [ 249.337662][T10829] netlink: 'syz.4.2089': attribute type 10 has an invalid length. [ 249.421761][T10829] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 249.762264][T10830] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 249.768971][T10830] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 249.795584][T10830] vhci_hcd vhci_hcd.0: Device attached [ 249.890453][T10839] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2092'. [ 249.908493][T10839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2092'. [ 249.946319][T10836] vhci_hcd: connection closed [ 249.948335][ T127] vhci_hcd vhci_hcd.1: stop threads [ 249.968178][ T127] vhci_hcd vhci_hcd.1: release socket [ 249.977451][ T127] vhci_hcd vhci_hcd.1: disconnect device [ 250.355833][ T5833] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 250.514452][ T5833] usb 1-1: Using ep0 maxpacket: 8 [ 250.530040][ T5833] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 250.544728][ T5833] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 250.555930][ T5833] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 250.566155][ T5833] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 250.576908][ T5833] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 250.590409][ T5833] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 250.599665][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.689259][ T5975] IPVS: starting estimator thread 0... [ 250.798035][T10853] IPVS: using max 29 ests per chain, 69600 per kthread [ 250.853375][ T5833] usb 1-1: GET_CAPABILITIES returned 0 [ 250.859166][ T5833] usbtmc 1-1:16.0: can't read capabilities [ 251.235559][ T44] usblp 3-1:1.0: usblp1: USB Unidirectional printer dev 14 if 0 alt 253 proto 1 vid 0x04B8 pid 0x0202 [ 251.276631][ T44] usb 3-1: USB disconnect, device number 14 [ 251.287924][T10845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.311072][T10845] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.329178][ T44] usblp1: removed [ 251.390746][T10860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.399865][T10860] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.486242][T10863] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.500561][T10863] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.701949][T10868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.714884][T10868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.738971][ T5833] usb 1-1: USB disconnect, device number 16 [ 251.755377][T10845] usbtmc 1-1:16.0: usb_control_msg returned -71 [ 252.149357][T10874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2104'. [ 252.175777][T10874] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2104'. [ 252.238782][ T5833] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 252.312165][T10875] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 252.414518][ T5833] usb 1-1: Using ep0 maxpacket: 32 [ 252.421838][ T5833] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 252.431204][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.443346][ T5833] usb 1-1: config 0 descriptor?? [ 252.663305][ T5833] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 253.538598][T10900] input: syz0 as /devices/virtual/input/input23 [ 253.974149][T10913] vivid-006: disconnect [ 254.132808][T10911] vivid-006: reconnect [ 254.342189][T10923] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2122'. [ 254.383932][T10923] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2122'. [ 254.634074][T10935] netlink: 184 bytes leftover after parsing attributes in process `syz.4.2126'. [ 254.862317][T10949] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2132'. [ 255.594025][T10960] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2135'. [ 255.603213][T10960] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2135'. [ 255.657345][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.663783][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.067437][T10972] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2139'. [ 256.676772][T10977] netlink: 'syz.3.2136': attribute type 10 has an invalid length. [ 256.746203][T10992] netlink: 'syz.3.2136': attribute type 10 has an invalid length. [ 256.864663][T10977] team0: Port device dummy0 added [ 256.985661][T10992] team0: Port device dummy0 removed [ 257.324054][T10992] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 258.682253][T11007] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2150'. [ 259.110626][T11012] block device autoloading is deprecated and will be removed. [ 259.178316][T11012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2149'. [ 260.239381][T11025] delete_channel: no stack [ 260.332996][T11033] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 260.389731][T11033] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.398611][T11033] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.417488][T11033] bridge0: entered allmulticast mode [ 260.997640][T11045] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2164'. [ 261.392523][T11058] fuse: root generation should be zero [ 262.787730][ T1216] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 263.426337][ T1216] usb 5-1: unable to get BOS descriptor or descriptor too short [ 263.465557][ T1216] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 127, changing to 10 [ 263.497169][ T1216] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1048, setting to 1024 [ 263.515182][ T1216] usb 5-1: config 1 interface 0 has no altsetting 0 [ 263.540681][ T1216] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 263.550165][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.591186][ T1216] usb 5-1: Product: syz [ 263.599995][T11094] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 263.618074][ T1216] usb 5-1: Manufacturer: syz [ 263.624053][T11094] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.631743][T11094] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.657383][ T1216] usb 5-1: SerialNumber: syz [ 263.736901][T11088] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 263.749158][T11094] bridge0: entered allmulticast mode [ 264.313599][ T1216] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input24 [ 264.355482][T11109] syzkaller0: entered promiscuous mode [ 264.371199][T11109] syzkaller0: entered allmulticast mode [ 265.804480][ T5893] usb 5-1: USB disconnect, device number 18 [ 268.366756][T11195] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2207'. [ 268.376400][T11195] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2207'. [ 268.984945][T11216] syzkaller0: entered promiscuous mode [ 268.990477][T11216] syzkaller0: entered allmulticast mode [ 269.060437][T11216] tipc: Started in network mode [ 269.073120][T11220] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2216'. [ 269.103574][T11216] tipc: Node identity 2214164a7511, cluster identity 4711 [ 269.128796][T11216] tipc: Enabled bearer , priority 0 [ 269.177952][T11215] tipc: Resetting bearer [ 269.246167][T11215] tipc: Disabling bearer [ 269.357625][T11231] netlink: 160 bytes leftover after parsing attributes in process `syz.4.2222'. [ 269.994685][ T44] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 270.144430][ T44] usb 2-1: device descriptor read/64, error -71 [ 270.404415][ T44] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 270.534534][ T44] usb 2-1: device descriptor read/64, error -71 [ 270.647619][ T44] usb usb2-port1: attempt power cycle [ 271.004523][ T44] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 271.196540][ T44] usb 2-1: device descriptor read/8, error -71 [ 271.436173][ T44] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 271.479521][ T44] usb 2-1: device descriptor read/8, error -71 [ 271.610758][ T44] usb usb2-port1: unable to enumerate USB device [ 271.704469][T11275] syzkaller0: entered promiscuous mode [ 271.730473][T11275] syzkaller0: entered allmulticast mode [ 271.786082][T11275] TC_ACT_REPEAT abuse ? [ 272.313321][T11284] netlink: 160 bytes leftover after parsing attributes in process `syz.0.2240'. [ 272.324424][T11286] fuse: Bad value for 'fd' [ 272.465850][T11291] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 272.484372][T11291] bridge1: entered allmulticast mode [ 272.655370][T11296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 273.809484][T11320] fuse: Bad value for 'fd' [ 274.009884][T11327] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 274.061477][T11327] bridge1: entered allmulticast mode [ 274.294719][ T44] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 274.432220][T11345] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2265'. [ 274.440873][T11342] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 274.442761][ T44] usb 3-1: device descriptor read/64, error -71 [ 274.467670][T11345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2265'. [ 274.607135][T11335] netlink: 'syz.0.2260': attribute type 1 has an invalid length. [ 274.707541][ T44] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 274.859680][ T44] usb 3-1: device descriptor read/64, error -71 [ 274.974682][ T44] usb usb3-port1: attempt power cycle [ 275.655041][ T44] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 275.687754][ T1216] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 275.697273][ T44] usb 3-1: device descriptor read/8, error -71 [ 276.077949][ T1216] usb 2-1: config 1 interface 0 has no altsetting 0 [ 276.089624][ T1216] usb 2-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 276.101231][ T1216] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.109913][ T1216] usb 2-1: Product: syz [ 276.114232][ T1216] usb 2-1: Manufacturer: syz [ 276.119448][ T1216] usb 2-1: SerialNumber: syz [ 276.125622][ T44] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 276.145154][ T44] usb 3-1: device descriptor read/8, error -71 [ 276.264634][ T44] usb usb3-port1: unable to enumerate USB device [ 276.645385][T11395] tipc: Enabling of bearer rejected, failed to enable media [ 276.765531][ T1216] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 26 if 0 alt 253 proto 1 vid 0x04B8 pid 0x0202 [ 277.831668][T11421] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 277.838275][T11421] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 277.850260][T11421] vhci_hcd vhci_hcd.0: Device attached [ 278.119850][ T5893] usb 34-1: SetAddress Request (2) to port 0 [ 278.224954][ T5893] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd [ 278.336424][T11422] vhci_hcd: connection reset by peer [ 278.351026][ T1155] vhci_hcd vhci_hcd.0: stop threads [ 278.356565][ T1155] vhci_hcd vhci_hcd.0: release socket [ 278.367820][ T1155] vhci_hcd vhci_hcd.0: disconnect device [ 278.470227][ T5836] usb 2-1: USB disconnect, device number 26 [ 278.515361][ T5836] usblp0: removed [ 278.588449][T11428] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 278.613368][T11428] bridge2: entered allmulticast mode [ 278.637106][T11431] tipc: Enabling of bearer rejected, failed to enable media [ 278.836689][T11433] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.845058][T11433] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.025482][ T5900] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 279.112189][T11433] veth0_to_bond: left promiscuous mode [ 279.127623][T11433] veth0_to_bond: left allmulticast mode [ 279.166557][ T5900] usb 3-1: device descriptor read/64, error -71 [ 279.183133][T11433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 279.207106][T11433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 279.219129][T11433] xfrm0: left promiscuous mode [ 279.414900][ T5900] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 279.471104][T11433] ip6gre1: left promiscuous mode [ 279.481889][T11433] ip6gre1: left allmulticast mode [ 279.525473][T11452] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2301'. [ 279.564199][T11433] bridge1: left allmulticast mode [ 279.577226][ T5900] usb 3-1: device descriptor read/64, error -71 [ 279.616526][ T1165] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.632048][ T1165] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.643641][ T1165] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.653225][ T1165] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.694813][ T5900] usb usb3-port1: attempt power cycle [ 280.066837][ T5900] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 280.105799][ T5900] usb 3-1: device descriptor read/8, error -71 [ 280.285336][ T5836] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 280.364375][ T5900] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 280.385539][ T5900] usb 3-1: device descriptor read/8, error -71 [ 280.449586][ T5836] usb 5-1: config 1 interface 0 has no altsetting 0 [ 280.466759][ T5836] usb 5-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 280.484477][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.504816][ T5836] usb 5-1: Product: syz [ 280.508544][ T5900] usb usb3-port1: unable to enumerate USB device [ 280.510238][ T5836] usb 5-1: Manufacturer: syz [ 280.531125][ T5836] usb 5-1: SerialNumber: syz [ 280.653419][T11480] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 280.667134][T11480] bridge2: entered allmulticast mode [ 281.207690][ T5836] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 253 proto 1 vid 0x04B8 pid 0x0202 [ 282.007926][T11506] fuse: Bad value for 'fd' [ 282.196170][T11512] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 282.233996][T11512] bridge2: entered allmulticast mode [ 282.704507][ T5975] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 282.844395][ T5975] usb 3-1: device descriptor read/64, error -71 [ 283.100409][ T5983] usb 5-1: USB disconnect, device number 19 [ 283.118544][ T5983] usblp0: removed [ 283.124803][ T5975] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 283.250827][T11540] netlink: 'syz.4.2338': attribute type 10 has an invalid length. [ 283.264641][ T5975] usb 3-1: device descriptor read/64, error -71 [ 283.334807][ T5893] usb 34-1: device descriptor read/8, error -110 [ 283.386841][ T5975] usb usb3-port1: attempt power cycle [ 283.765929][ T5893] usb usb34-port1: attempt power cycle [ 283.844598][ T5975] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 283.965232][ T5975] usb 3-1: device descriptor read/8, error -71 [ 283.986063][T11552] syzkaller0: entered promiscuous mode [ 284.004383][T11552] syzkaller0: entered allmulticast mode [ 284.235513][ T5975] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 284.256751][ T5975] usb 3-1: device descriptor read/8, error -71 [ 284.335462][T11560] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2348'. [ 284.335664][ T5893] usb usb34-port1: unable to enumerate USB device [ 284.365149][ T5975] usb usb3-port1: unable to enumerate USB device [ 284.518247][T11568] kvm: MONITOR instruction emulated as NOP! [ 286.153114][T11596] syzkaller0: entered promiscuous mode [ 286.159667][T11596] syzkaller0: entered allmulticast mode [ 287.161163][T11612] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2365'. [ 287.400370][T11625] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2372'. [ 287.495410][ T5975] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 287.634717][ T5975] usb 3-1: device descriptor read/64, error -71 [ 287.884596][ T5975] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 288.014477][T11647] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2381'. [ 288.034426][ T5975] usb 3-1: device descriptor read/64, error -71 [ 288.148152][ T5975] usb usb3-port1: attempt power cycle [ 288.525085][ T5975] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 288.573089][ T5975] usb 3-1: device descriptor read/8, error -71 [ 288.885384][ T5975] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 288.928813][ T5975] usb 3-1: device descriptor read/8, error -71 [ 288.930709][T11672] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2393'. [ 288.982507][T11671] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 289.044776][ T5975] usb usb3-port1: unable to enumerate USB device [ 290.914730][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 290.914750][ T29] audit: type=1326 audit(1771863518.356:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11716 comm="syz.4.2409" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 290.969943][ T29] audit: type=1326 audit(1771863518.356:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11716 comm="syz.4.2409" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 291.023119][ T29] audit: type=1326 audit(1771863518.396:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11716 comm="syz.4.2409" exe="/root/syz-executor" sig=0 arch=40000003 syscall=195 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 291.282587][ T29] audit: type=1326 audit(1771863518.396:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11716 comm="syz.4.2409" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 292.070931][T11740] vivid-008: disconnect [ 292.158654][T11738] vivid-008: reconnect [ 293.015265][T11758] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2424'. [ 293.095679][T11758] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2424'. [ 293.154367][ T44] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 293.269489][T11760] syzkaller0: entered promiscuous mode [ 293.284990][T11760] syzkaller0: entered allmulticast mode [ 293.315243][ T44] usb 2-1: Using ep0 maxpacket: 8 [ 293.322434][ T44] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 293.342192][ T44] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 293.355591][T11760] tipc: Enabled bearer , priority 0 [ 293.365075][T11759] tipc: Resetting bearer [ 293.382065][ T44] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 293.392273][ T44] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 293.407783][ T44] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 293.434485][ T44] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 293.443566][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.457418][T11759] tipc: Disabling bearer [ 293.673813][ T44] usb 2-1: GET_CAPABILITIES returned 0 [ 293.686902][ T44] usbtmc 2-1:16.0: can't read capabilities [ 293.723363][T11766] pim6reg: entered allmulticast mode [ 293.744390][ T29] audit: type=1326 audit(1771863521.136:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11761 comm="syz.2.2426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000 [ 293.785464][ T29] audit: type=1326 audit(1771863521.136:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11761 comm="syz.2.2426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000 [ 293.811305][ T29] audit: type=1326 audit(1771863521.136:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11761 comm="syz.2.2426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7f68f6c code=0x7ffc0000 [ 293.836314][ T29] audit: type=1326 audit(1771863521.136:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11761 comm="syz.2.2426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000 [ 293.859128][T11766] pim6reg: left allmulticast mode [ 293.922370][ T29] audit: type=1326 audit(1771863521.146:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11761 comm="syz.2.2426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7165b6b code=0x7ffc0000 [ 293.972456][ T29] audit: type=1326 audit(1771863521.146:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11761 comm="syz.2.2426" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f68f6c code=0x7ffc0000 [ 294.119310][T11754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.130774][T11754] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.197811][T11776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.210803][T11776] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.276758][T11777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.297213][T11777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.460336][T11781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 294.469456][T11781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.480031][T11754] usbtmc 2-1:16.0: usb_control_msg returned -71 [ 294.481335][ T5975] usb 2-1: USB disconnect, device number 27 [ 294.500073][T11780] input: syz1 as /devices/virtual/input/input26 [ 294.944368][ T44] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 295.090382][T11793] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2435'. [ 295.099815][T11793] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2435'. [ 295.119870][ T44] usb 2-1: Using ep0 maxpacket: 32 [ 295.151306][ T44] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 295.171852][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.229295][ T44] usb 2-1: config 0 descriptor?? [ 295.482789][ T44] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 296.065928][T11809] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 296.072590][T11809] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 296.082894][T11809] vhci_hcd vhci_hcd.0: Device attached [ 296.188241][T11809] netlink: 'syz.0.2436': attribute type 1 has an invalid length. [ 296.584437][ T5920] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 296.651532][T11810] vhci_hcd: connection closed [ 296.653150][ T13] vhci_hcd vhci_hcd.0: stop threads [ 296.696131][T11809] 8021q: adding VLAN 0 to HW filter on device bond4 [ 296.714821][ T13] vhci_hcd vhci_hcd.0: release socket [ 296.757109][ T13] vhci_hcd vhci_hcd.0: disconnect device [ 297.724462][T11838] input: syz1 as /devices/virtual/input/input27 [ 297.952081][T11848] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2453'. [ 298.074886][ T5900] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 298.199082][T11854] syzkaller0: entered promiscuous mode [ 298.205500][T11854] syzkaller0: entered allmulticast mode [ 298.234658][ T5900] usb 5-1: Using ep0 maxpacket: 8 [ 298.242839][T11854] tipc: Started in network mode [ 298.314180][ T5900] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 298.330003][T11854] tipc: Node identity a27fe10903f2, cluster identity 4711 [ 298.339305][ T5900] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 298.350402][T11854] tipc: Enabled bearer , priority 0 [ 298.366289][ T5900] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 298.388963][T11853] tipc: Resetting bearer [ 298.399409][ T5900] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 298.464089][T11853] tipc: Disabling bearer [ 298.497904][ T5900] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 298.518616][ T5900] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 298.548924][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.793991][ T5900] usb 5-1: GET_CAPABILITIES returned 0 [ 298.799679][ T5900] usbtmc 5-1:16.0: can't read capabilities [ 299.059355][T11857] netlink: 'syz.0.2456': attribute type 1 has an invalid length. [ 299.173549][T11864] 8021q: adding VLAN 0 to HW filter on device bond6 [ 299.183863][T11864] bond5: (slave bond6): making interface the new active one [ 299.191935][T11863] netlink: 'syz.2.2459': attribute type 4 has an invalid length. [ 299.199759][T11863] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2459'. [ 299.209200][T11864] bond5: (slave bond6): Enslaving as an active interface with an up link [ 299.218623][T11842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.229259][T11842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.272116][T11863] .`: renamed from bond0 (while UP) [ 299.294949][T11869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.305284][T11869] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.400311][T11870] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.413579][T11870] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.549614][T11874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.564943][T11874] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.585556][ T5975] usb 5-1: USB disconnect, device number 20 [ 299.594033][T11842] usbtmc 5-1:16.0: usb_control_msg returned -71 [ 300.139774][T11892] input: syz1 as /devices/virtual/input/input28 [ 300.225147][ T5975] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 300.414593][ T5975] usb 5-1: Using ep0 maxpacket: 32 [ 300.433465][ T5975] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 300.465501][ T5975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.493229][ T5975] usb 5-1: config 0 descriptor?? [ 300.979632][ T5975] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 301.816501][ T5920] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 301.888555][T11919] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2473'. [ 302.675144][T11935] vivid-006: disconnect [ 302.679745][T11934] vivid-006: reconnect [ 304.595865][T11963] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2489'. [ 305.327101][T11975] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2492'. [ 305.477881][T11978] vivid-006: disconnect [ 305.482605][T11976] vivid-006: reconnect [ 308.179696][T12020] netlink: 'syz.3.2506': attribute type 1 has an invalid length. [ 308.578647][T12017] 8021q: adding VLAN 0 to HW filter on device bond2 [ 308.629162][T12017] bond1: (slave bond2): making interface the new active one [ 308.640381][T12017] bond1: (slave bond2): Enslaving as an active interface with an up link [ 308.713556][T12020] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 309.709061][T12053] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2516'. [ 309.725807][T12054] binder: BINDER_SET_CONTEXT_MGR already set [ 309.731986][T12054] binder: 12052:12054 ioctl 4018620d 80004a80 returned -16 [ 309.973243][T12062] : entered promiscuous mode [ 311.115192][T12081] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 311.121770][T12081] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 311.176295][T12081] vhci_hcd vhci_hcd.0: Device attached [ 311.209520][T12085] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2526'. [ 311.320124][T12083] vhci_hcd: connection closed [ 311.320678][ T1119] vhci_hcd vhci_hcd.2: stop threads [ 311.339701][ T1119] vhci_hcd vhci_hcd.2: release socket [ 311.357930][ T1119] vhci_hcd vhci_hcd.2: disconnect device [ 311.395542][T12080] delete_channel: no stack [ 311.951131][T12095] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2529'. [ 311.990892][ T5975] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 311.990907][ T44] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 312.006100][ T5833] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 312.006237][ T5833] dvb_usb_az6027 1-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 312.025833][ T44] dvb_usb_az6027 2-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 312.055841][ T9] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 312.061908][ T44] usb 2-1: USB disconnect, device number 28 [ 312.096403][ T5975] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 312.158535][T12077] netlink: 'syz.1.2523': attribute type 1 has an invalid length. [ 312.168982][ T5975] usb 5-1: USB disconnect, device number 21 [ 312.176353][ T9] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 312.231133][ T5833] usb 1-1: USB disconnect, device number 17 [ 312.269908][ T9] usb 4-1: USB disconnect, device number 14 [ 312.431509][T12097] 8021q: adding VLAN 0 to HW filter on device bond2 [ 312.453468][T12097] bond1: (slave bond2): making interface the new active one [ 312.492642][T12097] bond1: (slave bond2): Enslaving as an active interface with an up link [ 312.559199][T12101] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 312.620803][T12108] bridge3: entered promiscuous mode [ 312.674534][ T9] usb 4-1: new low-speed USB device number 15 using dummy_hcd [ 312.765383][T12108] bridge3: entered allmulticast mode [ 312.894197][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 312.924468][ T9] usb 4-1: config 0 has no interfaces? [ 312.930112][ T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 312.958892][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.997532][ T9] usb 4-1: config 0 descriptor?? [ 313.005614][T12115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 313.331735][ T5833] usb 4-1: USB disconnect, device number 15 [ 313.566012][T12121] delete_channel: no stack [ 315.398956][T12159] bridge0: port 3(erspan0) entered blocking state [ 315.431831][T12159] bridge0: port 3(erspan0) entered disabled state [ 315.441555][T12159] erspan0: entered allmulticast mode [ 315.515215][T12159] erspan0: entered promiscuous mode [ 315.523231][T12159] bridge0: port 3(erspan0) entered blocking state [ 315.529857][T12159] bridge0: port 3(erspan0) entered forwarding state [ 315.653635][T12168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2550'. [ 315.884971][T12172] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2553'. [ 315.925754][T12164] delete_channel: no stack [ 316.578184][T12192] binder: BINDER_SET_CONTEXT_MGR already set [ 316.584234][T12192] binder: 12191:12192 ioctl 4018620d 80004a80 returned -16 [ 317.005116][ T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 317.038848][ T5834] Bluetooth: hci1: SCO packet for unknown connection handle 675 [ 317.098438][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.112673][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.152114][T12200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2564'. [ 317.165741][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 317.183966][ T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 317.201831][ T9] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 317.204148][T12200] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2564'. [ 317.214176][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 317.323515][T12201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2564'. [ 317.332482][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.369558][ T13] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.390308][T12201] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2564'. [ 317.410602][ T13] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.444402][ T13] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.483893][ T13] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.814491][T12207] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 317.821093][T12207] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 317.881133][T12210] netlink: 'syz.3.2562': attribute type 1 has an invalid length. [ 317.889260][T12207] vhci_hcd vhci_hcd.0: Device attached [ 317.906066][T12211] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 317.929767][T12211] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.015371][T12210] 8021q: adding VLAN 0 to HW filter on device bond3 [ 318.055605][T12207] bond3: (slave geneve2): making interface the new active one [ 318.070106][T12207] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 318.091985][ T1119] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.112247][ T1119] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.125996][ T1119] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.144886][ T5833] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 318.152847][ T1119] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.182783][T12208] vhci_hcd: connection reset by peer [ 318.191217][ T1119] vhci_hcd vhci_hcd.3: stop threads [ 318.196576][ T1119] vhci_hcd vhci_hcd.3: release socket [ 318.202168][ T1119] vhci_hcd vhci_hcd.3: disconnect device [ 318.557068][T12221] : entered promiscuous mode [ 319.698877][ T9] usb 1-1: USB disconnect, device number 18 [ 321.344380][ T5983] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 321.514388][ T5983] usb 5-1: Using ep0 maxpacket: 8 [ 321.840571][T12273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2583'. [ 321.889108][ T5983] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 321.925590][ T5983] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 322.455230][ T5983] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 322.587783][ T5983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.259515][ T5833] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 323.582509][T12284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.592742][T12284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.755859][T12288] syzkaller0: entered promiscuous mode [ 323.761375][T12288] syzkaller0: entered allmulticast mode [ 324.353520][T12300] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.361493][T12300] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.449456][T12300] bridge0: port 3(syz_tun) entered blocking state [ 324.473992][T12300] bridge0: port 3(syz_tun) entered disabled state [ 324.481262][T12300] syz_tun: entered allmulticast mode [ 324.490352][T12300] syz_tun: entered promiscuous mode [ 324.514549][T12304] netlink: 'syz.1.2594': attribute type 10 has an invalid length. [ 324.562790][T12304] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 324.810208][ T5833] usb 5-1: USB disconnect, device number 22 [ 325.354851][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 325.385333][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 325.393779][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 325.401917][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 325.410451][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 325.581274][T12323] syzkaller0: entered promiscuous mode [ 325.597027][T12323] syzkaller0: entered allmulticast mode [ 325.719442][T12323] tipc: Started in network mode [ 325.734530][T12326] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 325.743722][T12323] tipc: Node identity 5601aace67db, cluster identity 4711 [ 325.774850][T12323] tipc: Enabled bearer , priority 0 [ 325.834897][T12321] tipc: Resetting bearer [ 325.877431][T12321] tipc: Disabling bearer [ 326.398255][ T1137] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.529037][ T1137] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.605358][ T5900] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 326.675573][T12325] chnl_net:caif_netlink_parms(): no params data found [ 326.785180][ T5900] usb 3-1: Using ep0 maxpacket: 8 [ 326.806840][ T5900] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 326.818911][ T5900] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 326.843759][ T1137] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.863936][ T5900] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 326.996409][ T5900] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 327.008871][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.063164][ T5900] usbtmc 3-1:16.0: bulk endpoints not found [ 327.232912][ T1137] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.412972][T12325] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.432414][T12325] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.440450][T12325] bridge_slave_0: entered allmulticast mode [ 327.450134][T12325] bridge_slave_0: entered promiscuous mode [ 327.483275][T12325] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.492589][T12325] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.504558][ T5834] Bluetooth: hci5: command tx timeout [ 327.510812][T12325] bridge_slave_1: entered allmulticast mode [ 327.520064][T12325] bridge_slave_1: entered promiscuous mode [ 327.588208][T12325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 327.606940][T12325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.622714][T12371] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 327.640165][T12371] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 327.696816][T12325] team0: Port device team_slave_0 added [ 327.702848][ T1137] bridge_slave_1: left allmulticast mode [ 327.711115][ T1137] bridge_slave_1: left promiscuous mode [ 327.756560][ T1137] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.782447][ T1137] bridge_slave_0: left allmulticast mode [ 327.797084][ T1137] bridge_slave_0: left promiscuous mode [ 327.803788][ T1137] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.118917][ T1137] bond1 (unregistering): (slave gretap1): Releasing backup interface [ 328.305334][ T1137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 328.329352][ T1137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 328.352850][ T1137] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 328.367537][T12393] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2619'. [ 328.417689][ T1137] bond0 (unregistering): Released all slaves [ 328.520940][ T1137] bond1 (unregistering): (slave bond2): Releasing backup interface [ 328.543714][ T1137] bond2 (unregistering): left promiscuous mode [ 328.641056][ T1137] bond1 (unregistering): Released all slaves [ 328.688132][ T1137] bond2 (unregistering): Released all slaves [ 328.721178][T12325] team0: Port device team_slave_1 added [ 328.917415][ T1137] : left promiscuous mode [ 328.948961][T12325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 328.957067][T12325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 329.000938][T12325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.298911][ T1137] tipc: Disabling bearer [ 329.321433][ T5833] usb 3-1: USB disconnect, device number 31 [ 329.352902][ T1137] tipc: Left network mode [ 329.370028][T12325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.413350][T12325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 329.574697][T12325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 329.585630][ T5834] Bluetooth: hci5: command tx timeout [ 329.852175][T12325] hsr_slave_0: entered promiscuous mode [ 329.869800][T12325] hsr_slave_1: entered promiscuous mode [ 329.883963][T12325] debugfs: 'hsr0' already exists in 'hsr' [ 329.898929][T12325] Cannot create hsr debugfs directory [ 329.935670][T12408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 330.210318][ T1137] hsr_slave_0: left promiscuous mode [ 330.235082][ T1137] hsr_slave_1: left promiscuous mode [ 330.251614][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 330.277089][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 330.325797][ T1137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 330.352924][ T1137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 330.382840][ T1137] veth1_macvtap: left promiscuous mode [ 330.388674][ T1137] veth0_macvtap: left promiscuous mode [ 330.406886][ T1137] veth1_vlan: left promiscuous mode [ 330.416161][ T1137] veth0_vlan: left promiscuous mode [ 331.072814][ T1137] team0 (unregistering): Port device team_slave_1 removed [ 331.105216][ T1137] team0 (unregistering): Port device team_slave_0 removed [ 331.654825][ T5834] Bluetooth: hci5: command tx timeout [ 331.752278][T12443] input: syz0 as /devices/virtual/input/input29 [ 331.847785][ T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 332.014492][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 332.056099][ T24] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 332.073183][ T24] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 332.089404][ T24] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 332.106610][ T24] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 332.116230][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.159663][ T24] usbtmc 1-1:16.0: bulk endpoints not found [ 332.485025][T12459] fuse: Unknown parameter 'group_id00000000000000000000' [ 332.711758][T12466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 332.721494][T12466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.287490][T12325] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 333.320825][T12325] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 333.357445][T12325] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 333.392840][T12325] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 333.629086][T12325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.734476][ T5834] Bluetooth: hci5: command tx timeout [ 333.769407][T12485] syzkaller0: entered promiscuous mode [ 333.810422][T12485] syzkaller0: entered allmulticast mode [ 333.851521][T12325] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.898430][T12488] tipc: Enabled bearer , priority 0 [ 333.927961][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.935206][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.965454][T12484] tipc: Resetting bearer [ 333.995064][T12484] tipc: Disabling bearer [ 334.043752][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.050996][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.285983][T12325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.373429][T12325] veth0_vlan: entered promiscuous mode [ 334.411989][T12325] veth1_vlan: entered promiscuous mode [ 334.520361][T12325] veth0_macvtap: entered promiscuous mode [ 334.560399][T12325] veth1_macvtap: entered promiscuous mode [ 334.613348][ T9] usb 1-1: USB disconnect, device number 19 [ 334.628848][T12325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 334.675426][T12325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 334.725722][ T1165] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.746757][ T1165] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.768285][ T1165] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.797327][ T1165] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.017161][ T1119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.037546][ T1119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.166973][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.207836][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.319979][T12514] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 335.326648][T12514] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 335.373568][T12524] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(15) [ 335.380231][T12524] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 335.432402][T12514] vhci_hcd vhci_hcd.0: Device attached [ 335.603426][T12524] vhci_hcd vhci_hcd.0: Device attached [ 335.680547][ T5833] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 335.719577][T12535] fuse: Unknown parameter 'group_id00000000000000000000' [ 336.381667][T12520] vhci_hcd: connection reset by peer [ 336.381682][T12525] vhci_hcd: connection closed [ 336.385759][ T1137] vhci_hcd vhci_hcd.2: stop threads [ 336.399182][T12550] syzkaller0: entered promiscuous mode [ 336.792381][ T5900] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 336.823662][ T1137] vhci_hcd vhci_hcd.2: release socket [ 336.830723][T12550] syzkaller0: entered allmulticast mode [ 336.840564][ T1137] vhci_hcd vhci_hcd.2: disconnect device [ 336.866470][ T1137] vhci_hcd vhci_hcd.2: stop threads [ 336.897780][T12553] tipc: Enabled bearer , priority 0 [ 336.940710][T12544] tipc: Resetting bearer [ 336.950640][ T1137] vhci_hcd vhci_hcd.2: release socket [ 336.964352][ T5900] usb 1-1: Using ep0 maxpacket: 8 [ 336.965309][ T1137] vhci_hcd vhci_hcd.2: disconnect device [ 337.132243][ T5900] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 337.145619][T12544] tipc: Disabling bearer [ 337.172986][ T5900] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 337.201161][ T5900] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 337.247143][ T5900] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 337.284344][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.317401][ T5900] usbtmc 1-1:16.0: bulk endpoints not found [ 337.901997][T12575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 337.918199][T12575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 339.220645][ T5900] usb 1-1: USB disconnect, device number 20 [ 339.257533][ T5983] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 339.429365][ T5983] usb 2-1: Using ep0 maxpacket: 8 [ 339.440564][ T5983] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 339.475323][ T5983] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 339.624867][T12619] netlink: 'syz.4.2661': attribute type 1 has an invalid length. [ 339.632750][ T5983] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 339.650472][ T5983] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 339.691946][ T5983] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 339.753639][ T5983] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 339.777615][ T5983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.837973][T12624] ip6erspan0: entered promiscuous mode [ 340.066327][ T5983] usb 2-1: GET_CAPABILITIES returned 0 [ 340.085465][ T5983] usbtmc 2-1:16.0: can't read capabilities [ 340.510711][T12601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.626453][T12601] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 340.726623][T12644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.749022][T12644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 340.824653][T12646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.839426][T12646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 340.851007][ T5833] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 341.081536][T12650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 341.116824][T12650] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 341.156744][ T5983] usb 2-1: USB disconnect, device number 29 [ 341.166448][T12601] usbtmc 2-1:16.0: usb_control_msg returned -71 [ 341.644375][ T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 341.704882][T12656] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2670'. [ 341.804611][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 341.821037][ T9] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 341.845765][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.874646][ T9] usb 2-1: config 0 descriptor?? [ 342.085382][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 342.113256][ T9] usb 2-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 342.135201][ T9] usb 2-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 344.152833][T12710] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2691'. [ 344.674172][ T5975] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 344.844472][ T5975] usb 4-1: Using ep0 maxpacket: 8 [ 344.877751][ T5975] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 344.887062][ T5975] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 344.905310][ T5975] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 344.924344][ T5975] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 344.964414][ T5975] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.004414][ T5975] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 345.044140][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.283137][ T5975] usb 4-1: GET_CAPABILITIES returned 0 [ 345.293111][ T5975] usbtmc 4-1:16.0: can't read capabilities [ 345.306004][T12733] syzkaller0: entered promiscuous mode [ 345.311519][T12733] syzkaller0: entered allmulticast mode [ 345.355330][T12733] tipc: Started in network mode [ 345.360253][T12733] tipc: Node identity fadff3f3830e, cluster identity 4711 [ 345.374839][T12733] tipc: Enabled bearer , priority 0 [ 345.387643][T12732] tipc: Resetting bearer [ 345.404059][T12732] tipc: Disabling bearer [ 345.519723][T12741] netlink: 'syz.4.2705': attribute type 5 has an invalid length. [ 345.537763][T12741] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2705'. [ 345.696667][T12713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.714998][T12713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.778772][T12750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.800096][T12750] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.874445][T12752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.965172][T12752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.447864][T12761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 346.504953][T12761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.569985][T12759] workqueue: name exceeds WQ_NAME_LEN. Truncating to: 1ùà^!‚lü1Ü*ø$pOcÚÉ”ÎÜr$åG—•µ [ 346.627259][ T5975] usb 4-1: USB disconnect, device number 16 [ 346.784466][T12713] usbtmc 4-1:16.0: usb_control_msg returned -71 [ 346.820499][T12713] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -19 [ 347.072515][T12765] delete_channel: no stack [ 347.244369][ T5975] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 347.404435][ T5975] usb 4-1: Using ep0 maxpacket: 32 [ 347.412018][ T5975] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 347.434592][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.481391][ T5975] usb 4-1: config 0 descriptor?? [ 347.606787][T12773] fuse: Bad value for 'fd' [ 347.687537][T12767] netlink: 'syz.1.2711': attribute type 1 has an invalid length. [ 347.735812][ T5975] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 347.824780][T12774] 8021q: adding VLAN 0 to HW filter on device bond4 [ 347.836999][T12774] bond3: (slave bond4): making interface the new active one [ 347.846484][T12774] bond3: (slave bond4): Enslaving as an active interface with an up link [ 347.859304][T12784] syzkaller0: entered promiscuous mode [ 347.867775][T12784] syzkaller0: entered allmulticast mode [ 347.977253][T12779] tipc: Started in network mode [ 347.982349][T12779] tipc: Node identity fa89ff2ecfc2, cluster identity 4711 [ 347.990224][T12779] tipc: Enabled bearer , priority 0 [ 347.999601][T12778] tipc: Resetting bearer [ 348.039434][T12778] tipc: Disabling bearer [ 348.114390][ T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 348.388718][ T24] usb 3-1: device descriptor read/64, error -71 [ 348.626179][T12795] input: syz0 as /devices/virtual/input/input30 [ 348.663094][ T24] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 348.824745][ T24] usb 3-1: device descriptor read/64, error -71 [ 348.934701][ T24] usb usb3-port1: attempt power cycle [ 349.467150][T12808] netlink: 'syz.1.2722': attribute type 5 has an invalid length. [ 349.495326][T12804] delete_channel: no stack [ 349.522727][T12808] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2722'. [ 349.547779][ T24] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 349.558198][T12810] fuse: Bad value for 'fd' [ 349.611582][ T24] usb 3-1: device descriptor read/8, error -71 [ 349.894584][ T24] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 349.925765][ T24] usb 3-1: device descriptor read/8, error -71 [ 350.050845][ T24] usb usb3-port1: unable to enumerate USB device [ 350.091667][T12823] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2728'. [ 350.101381][T12823] netlink: 'syz.3.2728': attribute type 10 has an invalid length. [ 350.109820][T12823] bond0: (slave wlan1): Opening slave failed [ 350.915429][T12827] syzkaller0: entered promiscuous mode [ 350.920964][T12827] syzkaller0: entered allmulticast mode [ 350.941285][T12827] tipc: Enabled bearer , priority 0 [ 350.956343][ T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 350.964163][T12826] tipc: Resetting bearer [ 350.991559][T12833] netlink: 'syz.2.2731': attribute type 1 has an invalid length. [ 351.000354][T12826] tipc: Disabling bearer [ 351.119902][T12833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.124535][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 351.152152][ T24] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 351.180085][ T24] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 351.210198][ T24] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 351.240500][ T24] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 351.272300][T12835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 351.285568][T12835] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address [ 351.295869][ T24] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 351.295930][ T24] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 351.295955][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.365814][T12835] bond0: (slave vxcan3): Error -95 calling set_mac_address [ 351.560070][T12839] delete_channel: no stack [ 351.602020][ T24] usb 1-1: GET_CAPABILITIES returned 0 [ 351.621296][ T24] usbtmc 1-1:16.0: can't read capabilities [ 351.798702][T12848] fuse: Bad value for 'fd' [ 352.017276][T12831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.035614][T12831] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 352.534007][T12861] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.626509][T12861] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 352.858719][T12864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.900976][T12864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.176310][T12869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.197051][T12869] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.287660][ T44] usb 1-1: USB disconnect, device number 21 [ 353.384454][T12831] usbtmc 1-1:16.0: usb_control_msg returned -71 [ 353.581200][T12872] syzkaller0: entered promiscuous mode [ 353.594054][T12872] syzkaller0: entered allmulticast mode [ 353.611709][T12872] tipc: Enabled bearer , priority 0 [ 353.629434][T12871] tipc: Resetting bearer [ 353.673135][T12871] tipc: Disabling bearer [ 353.904433][ T44] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 354.064542][ T44] usb 1-1: Using ep0 maxpacket: 32 [ 354.074388][ T44] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 354.085732][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.118762][ T44] usb 1-1: config 0 descriptor?? [ 354.291381][T12878] netlink: 'syz.4.2745': attribute type 1 has an invalid length. [ 354.340100][ T44] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 354.420773][T12878] 8021q: adding VLAN 0 to HW filter on device bond2 [ 354.445425][T12878] bond1: (slave bond2): making interface the new active one [ 354.463950][T12878] bond1: (slave bond2): Enslaving as an active interface with an up link [ 354.480380][T12892] bond1: (slave gretap1): Enslaving as a backup interface with an up link [ 354.495638][T12898] vlan2: entered promiscuous mode [ 354.509248][T12898] bond1: entered promiscuous mode [ 354.533218][T12898] bond2: entered promiscuous mode [ 354.541823][T12898] bond1: (slave vlan2): Opening slave failed [ 355.653229][ T24] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 355.842545][T12915] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 355.935156][ T24] usb 5-1: config 0 has no interfaces? [ 355.950982][ T24] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 356.002293][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.085224][ T24] usb 5-1: Product: syz [ 356.104379][ T24] usb 5-1: Manufacturer: syz [ 356.124697][ T24] usb 5-1: SerialNumber: syz [ 356.161588][ T24] usb 5-1: config 0 descriptor?? [ 356.363193][T12918] syzkaller0: entered promiscuous mode [ 356.378582][T12918] syzkaller0: entered allmulticast mode [ 356.420418][T12918] tipc: Enabled bearer , priority 0 [ 356.448464][T12917] tipc: Resetting bearer [ 356.494624][T12917] tipc: Disabling bearer [ 356.514023][ T5983] usb 5-1: USB disconnect, device number 23 [ 356.628394][T12923] syzkaller0: entered promiscuous mode [ 356.639027][T12923] syzkaller0: entered allmulticast mode [ 357.370389][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 357.370411][ T29] audit: type=1326 audit(1771863584.756:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 357.452952][ T29] audit: type=1326 audit(1771863584.756:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 357.485662][ T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 357.568845][ T29] audit: type=1326 audit(1771863584.756:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 357.612040][ T29] audit: type=1326 audit(1771863584.756:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 357.646477][ T24] usb 5-1: device descriptor read/64, error -71 [ 357.676615][ T29] audit: type=1326 audit(1771863584.756:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71e5b6b code=0x7ffc0000 [ 357.769454][ T29] audit: type=1326 audit(1771863584.756:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 357.894508][ T24] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 358.041009][ T29] audit: type=1326 audit(1771863584.756:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 358.214597][ T24] usb 5-1: device descriptor read/64, error -71 [ 358.310211][ T29] audit: type=1326 audit(1771863584.756:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 358.353846][ T24] usb usb5-port1: attempt power cycle [ 358.420233][ T29] audit: type=1326 audit(1771863584.756:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=14 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 358.502623][ T29] audit: type=1326 audit(1771863584.756:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12940 comm="syz.3.2767" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 358.724572][ T24] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 358.758463][ T24] usb 5-1: device descriptor read/8, error -71 [ 359.273922][ T24] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 359.336282][ T24] usb 5-1: device descriptor read/8, error -71 [ 359.454686][ T24] usb usb5-port1: unable to enumerate USB device [ 360.001891][T12968] binder: BINDER_SET_CONTEXT_MGR already set [ 360.008353][T12968] binder: 12965:12968 ioctl 4018620d 80004a80 returned -16 [ 360.273534][T12947] pim6reg: entered allmulticast mode [ 360.296511][T12949] pim6reg: left allmulticast mode [ 360.313884][T12967] syzkaller0: entered promiscuous mode [ 360.327682][T12967] syzkaller0: entered allmulticast mode [ 360.346191][T12971] tipc: Enabled bearer , priority 0 [ 360.457493][T12962] tipc: Resetting bearer [ 360.518245][T12979] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2775'. [ 360.546640][T12962] tipc: Disabling bearer [ 360.667460][T12981] bridge0: port 3(syz_tun) entered blocking state [ 360.696126][T12981] bridge0: port 3(syz_tun) entered disabled state [ 360.703938][T12981] syz_tun: entered allmulticast mode [ 360.717015][T12981] syz_tun: entered promiscuous mode [ 361.147367][ T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 361.314304][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 361.336425][ T24] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 361.360306][ T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 361.385284][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 362.132754][ T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 362.182448][ T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 362.209808][ T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 362.296058][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.348716][T13020] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2791'. [ 362.525561][ T24] usb 5-1: GET_CAPABILITIES returned 0 [ 362.550432][ T24] usbtmc 5-1:16.0: can't read capabilities [ 362.642265][T13026] syzkaller0: entered promiscuous mode [ 362.661442][T13026] syzkaller0: entered allmulticast mode [ 362.699323][T13026] tipc: Enabled bearer , priority 0 [ 362.729142][T13025] tipc: Resetting bearer [ 362.772530][T13025] tipc: Disabling bearer [ 362.928996][T12993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 362.944164][T12993] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 362.978474][T13038] netlink: 'syz.2.2798': attribute type 1 has an invalid length. [ 363.010305][T13038] 8021q: adding VLAN 0 to HW filter on device bond2 [ 363.020737][T13041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.035682][T13041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.070154][T13041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.122150][T13044] 8021q: adding VLAN 0 to HW filter on device bond2 [ 363.135774][T13041] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.179456][T13044] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 363.278801][T13044] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 363.332067][T13048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.416134][T13048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.436193][ T1216] usb 5-1: USB disconnect, device number 28 [ 363.449538][T12993] usbtmc 5-1:16.0: usb_control_msg returned -71 [ 363.519287][T13052] binder: BINDER_SET_CONTEXT_MGR already set [ 363.692130][T13052] binder: 13051:13052 ioctl 4018620d 80004a80 returned -16 [ 364.154872][ T1216] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 364.399441][T13063] delete_channel: no stack [ 364.416744][T13069] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2806'. [ 364.531428][ T1216] usb 5-1: Using ep0 maxpacket: 32 [ 364.559920][ T1216] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 364.570984][ T1216] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.700811][ T1216] usb 5-1: config 0 descriptor?? [ 364.920033][ T1216] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 366.873194][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 366.873219][ T29] audit: type=1326 audit(1771863594.296:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 366.986913][ T29] audit: type=1326 audit(1771863594.296:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.064088][ T29] audit: type=1326 audit(1771863594.296:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.090038][ T29] audit: type=1326 audit(1771863594.296:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.185803][T13124] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2823'. [ 367.228895][ T29] audit: type=1326 audit(1771863594.296:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.334165][ T29] audit: type=1326 audit(1771863594.296:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.402251][ T29] audit: type=1326 audit(1771863594.306:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.466538][T13134] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2827'. [ 367.491834][ T29] audit: type=1326 audit(1771863594.306:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=427 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.560587][ T29] audit: type=1326 audit(1771863594.306:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.655800][ T29] audit: type=1326 audit(1771863594.306:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13119 comm="syz.3.2823" exe="/root/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf7fe2f6c code=0x7ffc0000 [ 367.913292][T13138] fuse: Unknown parameter 'user_i00000000000000000000' [ 368.164588][ T5833] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0 [ 368.193494][ T5833] hid-generic 0000:0000:0000.0014: hidraw0: HID v0.00 Device [syz1] on syz0 [ 368.431811][T13150] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 368.889089][T13159] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2838'. [ 369.105166][T13165] fuse: Unknown parameter 'user_i00000000000000000000' [ 369.310652][T13174] fuse: Bad value for 'fd' [ 369.970503][T13188] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2849'. [ 370.105059][T13190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 370.777447][T13196] netlink: 'syz.2.2852': attribute type 1 has an invalid length. [ 370.824344][T13196] 8021q: adding VLAN 0 to HW filter on device bond3 [ 370.927186][T13196] 8021q: adding VLAN 0 to HW filter on device bond3 [ 370.935129][T13204] fuse: Unknown parameter 'user_i00000000000000000000' [ 370.959224][T13196] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 371.001344][T13196] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 371.441618][T13211] tipc: Enabled bearer , priority 0 [ 371.491853][T13210] tipc: Disabling bearer [ 371.944387][T13229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 372.257013][T13236] fuse: Unknown parameter 'user_id00000000000000000000' [ 372.375358][T13238] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2867'. [ 373.202181][T13252] tipc: Enabled bearer , priority 0 [ 373.284676][T13251] tipc: Disabling bearer [ 374.177813][T13272] binder: BINDER_SET_CONTEXT_MGR already set [ 374.184073][T13272] binder: 13271:13272 ioctl 4018620d 80004a80 returned -16 [ 374.307063][T13274] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2878'. [ 376.891781][T13290] tipc: Enabled bearer , priority 0 [ 376.951224][T13289] tipc: Disabling bearer [ 377.207817][T13294] fuse: Bad value for 'fd' [ 377.778797][T13307] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 378.537918][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.544591][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.594207][T13322] tipc: Enabled bearer , priority 0 [ 378.633636][T13319] tipc: Disabling bearer [ 378.794841][T13323] delete_channel: no stack [ 379.584557][T13343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 380.255779][T13354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2910'. [ 380.350825][T13358] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2911'. [ 380.414667][T13351] delete_channel: no stack [ 383.857871][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 383.866963][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 383.875325][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 383.895911][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 383.903521][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 384.120174][ T6092] syz_tun (unregistering): left allmulticast mode [ 384.154318][ T6092] syz_tun (unregistering): left promiscuous mode [ 384.160812][ T6092] bridge0: port 3(syz_tun) entered disabled state [ 384.640570][T13411] ip6gre1: left allmulticast mode [ 385.068214][T13407] chnl_net:caif_netlink_parms(): no params data found [ 385.227442][T13407] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.234722][T13407] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.241939][T13407] bridge_slave_0: entered allmulticast mode [ 385.249970][T13407] bridge_slave_0: entered promiscuous mode [ 385.259234][T13407] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.266786][T13407] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.274051][T13407] bridge_slave_1: entered allmulticast mode [ 385.282987][T13407] bridge_slave_1: entered promiscuous mode [ 385.326047][T13407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 385.358532][T13407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 385.456236][T13407] team0: Port device team_slave_0 added [ 385.476398][T13407] team0: Port device team_slave_1 added [ 385.590372][T13407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.749477][T13407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 385.801184][T13407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 385.865148][T13407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.872223][T13407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 385.934445][T13407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.974458][ T5834] Bluetooth: hci1: command tx timeout [ 386.040442][T13407] hsr_slave_0: entered promiscuous mode [ 386.047033][T13407] hsr_slave_1: entered promiscuous mode [ 386.053242][T13407] debugfs: 'hsr0' already exists in 'hsr' [ 386.059742][T13407] Cannot create hsr debugfs directory [ 386.656609][T13407] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.860130][T13407] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.005900][T13407] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.135841][T13407] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.437965][T13407] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 387.473000][T13407] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 387.508299][T13407] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 387.557894][T13407] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 387.935212][T13407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 388.038002][T13407] 8021q: adding VLAN 0 to HW filter on device team0 [ 388.058119][ T5834] Bluetooth: hci1: command tx timeout [ 388.086275][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.093546][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 388.123357][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.130613][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 388.234009][T13407] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 388.338721][T13407] veth0_vlan: entered promiscuous mode [ 388.366633][T13407] veth1_vlan: entered promiscuous mode [ 388.447928][T13407] veth0_macvtap: entered promiscuous mode [ 388.471971][T13407] veth1_macvtap: entered promiscuous mode [ 388.513207][T13407] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 388.558224][T13407] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 388.585598][ T1011] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.605932][ T1011] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.629801][ T1011] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.659371][ T1011] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.805255][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.813119][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.912408][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.924807][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.982762][T13442] netlink: 'syz.0.2936': attribute type 10 has an invalid length. [ 389.031583][T13442] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 390.134867][ T5834] Bluetooth: hci1: command tx timeout [ 392.174136][ T29] kauditd_printk_skb: 61 callbacks suppressed [ 392.174158][ T29] audit: type=1326 audit(1771863619.606:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13482 comm="syz.1.2950" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 392.206220][ T29] audit: type=1326 audit(1771863619.646:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13482 comm="syz.1.2950" exe="/root/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 392.229908][ T5834] Bluetooth: hci1: command tx timeout [ 392.235794][ T29] audit: type=1326 audit(1771863619.646:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13482 comm="syz.1.2950" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 392.259264][ T29] audit: type=1326 audit(1771863619.646:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13482 comm="syz.1.2950" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000 [ 392.461809][T13490] fuse: Unknown parameter '0x0000000000000003' [ 392.596287][T13496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2956'. [ 393.295934][T13516] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2965'. [ 393.324336][ T5893] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 393.484310][ T5893] usb 3-1: Using ep0 maxpacket: 8 [ 393.491090][ T5893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 393.511378][T13517] : entered promiscuous mode [ 393.526294][ T5893] usb 3-1: config 0 has no interfaces? [ 393.531832][ T5893] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 393.561625][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.585225][ T5893] usb 3-1: config 0 descriptor?? [ 394.107039][T13522] tipc: Enabled bearer , priority 0 [ 394.160603][T13521] tipc: Disabling bearer [ 394.585816][T13533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2969'. [ 395.561921][T13535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2970'. [ 396.135359][ T5893] usb 3-1: USB disconnect, device number 36 [ 396.293928][T13550] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2976'. [ 396.729257][T13561] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2981'. [ 397.367311][T13568] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2982'. [ 398.686431][T13593] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2993'. [ 399.693128][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 399.707337][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 399.715931][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 399.736574][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 399.745687][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 399.897507][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 399.908900][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.039323][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 400.064394][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.542988][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 400.701704][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.079196][T13618] netlink: 'syz.0.2999': attribute type 10 has an invalid length. [ 401.144876][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.159607][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.194479][T13618] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.210265][T13618] bond0: (slave team0): Enslaving as an active interface with an up link [ 401.409471][T13627] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3001'. [ 401.454678][ T49] bridge_slave_1: left allmulticast mode [ 401.466101][ T49] bridge_slave_1: left promiscuous mode [ 401.471853][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.482195][ T49] bridge_slave_0: left allmulticast mode [ 401.488117][ T49] bridge_slave_0: left promiscuous mode [ 401.539800][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.815648][ T5834] Bluetooth: hci0: command tx timeout [ 402.181568][ T49] bond1 (unregistering): (slave gretap1): Releasing backup interface [ 402.229545][T13636] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3004'. [ 402.410266][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 402.424419][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 402.439176][ T49] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 402.458570][ T49] bond0 (unregistering): Released all slaves [ 402.478461][ T49] bond1 (unregistering): (slave bond2): Releasing backup interface [ 402.488493][ T49] bond1 (unregistering): Released all slaves [ 402.518968][ T49] bond2 (unregistering): Released all slaves [ 402.558173][ T49] bond3 (unregistering): (slave bond4): Releasing backup interface [ 402.568956][ T49] bond3 (unregistering): Released all slaves [ 402.610356][ T49] bond4 (unregistering): Released all slaves [ 402.759324][ T49] : left promiscuous mode [ 402.831586][T13644] tipc: Enabling of bearer rejected, failed to enable media [ 402.917605][ T49] tipc: Left network mode [ 403.118365][T13602] chnl_net:caif_netlink_parms(): no params data found [ 403.654934][ T49] hsr_slave_0: left promiscuous mode [ 403.747950][ T49] hsr_slave_1: left promiscuous mode [ 403.756734][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 403.773223][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 403.806647][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 403.884819][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 403.919563][ T5834] Bluetooth: hci0: command tx timeout [ 403.962806][ T49] veth1_macvtap: left promiscuous mode [ 404.056000][ T49] veth0_macvtap: left promiscuous mode [ 404.116820][ T49] veth1_vlan: left promiscuous mode [ 404.139150][ T5975] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 404.139150][ T1216] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 404.139311][ T1216] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 404.157615][ T49] veth0_vlan: left promiscuous mode [ 404.186429][ T9] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 404.246501][ T5975] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 404.256333][ T9] dvb_usb_az6027 2-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 404.275427][ T44] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 404.296910][ T44] dvb_usb_az6027 1-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 404.323114][ T1216] usb 5-1: USB disconnect, device number 29 [ 404.410868][ T44] usb 1-1: USB disconnect, device number 22 [ 404.614026][ T9] usb 2-1: USB disconnect, device number 30 [ 404.631928][ T5975] usb 4-1: USB disconnect, device number 17 [ 405.004449][ T44] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 405.225083][ T44] usb 1-1: Using ep0 maxpacket: 8 [ 405.231785][ T44] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 405.240581][ T44] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 405.274349][ T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 405.314697][ T44] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 405.353069][ T44] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 405.389259][ T44] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 405.429874][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.590301][ T49] team0 (unregistering): Port device team_slave_1 removed [ 405.619223][ T49] team0 (unregistering): Port device team_slave_0 removed [ 405.702081][T13690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.714676][T13690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.754501][ T44] usb 1-1: usb_control_msg returned -32 [ 405.785992][ T44] usbtmc 1-1:16.0: can't read capabilities [ 405.851773][ T44] usb 1-1: USB disconnect, device number 23 [ 405.906137][ T49] team0 (unregistering): Port device veth1 removed [ 405.989426][ T5834] Bluetooth: hci0: command tx timeout [ 406.104687][T13602] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.114633][T13602] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.387974][T13602] bridge_slave_0: entered allmulticast mode [ 406.552032][T13602] bridge_slave_0: entered promiscuous mode [ 406.696313][T13602] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.705344][T13602] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.734835][T13602] bridge_slave_1: entered allmulticast mode [ 406.754978][T13602] bridge_slave_1: entered promiscuous mode [ 406.855044][T13602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.878893][T13602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.894569][ T5900] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 406.904186][T13711] fuse: Bad value for 'group_id' [ 406.912674][T13711] fuse: Bad value for 'group_id' [ 406.929172][T13709] input: syz0 as /devices/virtual/input/input31 [ 407.050744][T13602] team0: Port device team_slave_0 added [ 407.054521][ T5900] usb 4-1: Using ep0 maxpacket: 8 [ 407.066804][ T5900] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 407.078723][T13602] team0: Port device team_slave_1 added [ 407.100804][ T5900] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 407.124141][ T5900] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 407.145106][ T5900] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 407.174552][ T5900] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 407.193851][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.323193][ T49] IPVS: stop unused estimator thread 0... [ 407.335579][T13602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 407.344139][T13602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 407.467602][T13602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 407.505647][T13720] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3024'. [ 407.519563][ T5900] usb 4-1: GET_CAPABILITIES returned 0 [ 407.537611][ T5900] usbtmc 4-1:16.0: can't read capabilities [ 407.610768][T13602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 407.654670][T13602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 407.691772][ T5900] usb 4-1: USB disconnect, device number 18 [ 407.784835][T13602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 408.054522][ T5834] Bluetooth: hci0: command tx timeout [ 408.203394][T13602] hsr_slave_0: entered promiscuous mode [ 408.213452][T13602] hsr_slave_1: entered promiscuous mode [ 408.241860][T13602] debugfs: 'hsr0' already exists in 'hsr' [ 408.251119][T13602] Cannot create hsr debugfs directory [ 408.684634][ T5975] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 408.886525][ T5975] usb 4-1: Using ep0 maxpacket: 8 [ 408.895028][ T5975] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 408.918995][ T5975] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 408.950273][ T5975] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 408.973375][ T5975] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 409.005336][ T5975] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 409.014674][ T5836] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 409.038589][ T5975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.205226][ T5836] usb 5-1: Using ep0 maxpacket: 8 [ 409.233966][ T5836] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 409.263408][ T5836] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 409.284188][ T5975] usb 4-1: GET_CAPABILITIES returned 0 [ 409.294598][ T5975] usbtmc 4-1:16.0: can't read capabilities [ 409.309157][ T5836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 409.338211][ T5836] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 409.362370][ T5836] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 409.379203][ T5836] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 409.389344][ T5836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.471021][ T5900] usb 4-1: USB disconnect, device number 19 [ 409.592819][T13602] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 409.619450][T13602] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 409.641179][T13743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.661567][T13602] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 409.664747][ T5836] usb 5-1: usb_control_msg returned -32 [ 409.670155][T13743] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.699661][T13602] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 409.712201][ T5836] usbtmc 5-1:16.0: can't read capabilities [ 409.770726][ T5836] usb 5-1: USB disconnect, device number 30 [ 410.307529][T13602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 410.460529][T13775] binder: BINDER_SET_CONTEXT_MGR already set [ 410.466670][T13775] binder: 13774:13775 ioctl 4018620d 80004a80 returned -16 [ 410.516415][T13602] 8021q: adding VLAN 0 to HW filter on device team0 [ 410.548938][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.556174][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 410.701150][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.708385][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 410.739115][T13780] fuse: Bad value for 'group_id' [ 410.744134][T13780] fuse: Bad value for 'group_id' [ 411.002757][T13602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 411.232714][T13602] veth0_vlan: entered promiscuous mode [ 411.307836][T13602] veth1_vlan: entered promiscuous mode [ 411.458041][T13602] veth0_macvtap: entered promiscuous mode [ 411.559746][T13602] veth1_macvtap: entered promiscuous mode [ 411.707079][T13602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 411.830272][T13602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 411.872713][T13806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3037'. [ 411.964095][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.974853][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.015637][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.031409][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.459961][ T1011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.513718][ T1011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.646569][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.655777][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 413.538048][T13832] fuse: Bad value for 'group_id' [ 413.565760][T13832] fuse: Bad value for 'group_id' [ 413.596747][ T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 413.603527][T13831] syzkaller0: entered promiscuous mode [ 413.614709][T13831] syzkaller0: entered allmulticast mode [ 413.795910][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 413.813823][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 413.827573][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 413.830473][ T5840] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 413.851833][ T5840] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 413.859363][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 413.865010][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 413.877467][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 413.885340][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 413.935557][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 414.013848][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 414.068042][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.331401][ T9] usb 4-1: usb_control_msg returned -71 [ 414.341784][ T9] usbtmc 4-1:16.0: can't read capabilities [ 414.372105][ T9] usb 4-1: USB disconnect, device number 20 [ 414.434415][ T1216] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 414.592756][ T1165] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.646331][ T1165] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.654952][ T1216] usb 3-1: Using ep0 maxpacket: 8 [ 414.725734][ T1216] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 414.749329][ T1216] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 414.789713][ T1165] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.796748][ T1216] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 414.836871][ T1216] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 414.865962][ T1216] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 414.898046][ T1216] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 414.910851][ T1216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.983820][T13840] chnl_net:caif_netlink_parms(): no params data found [ 415.137921][ T1216] usb 3-1: GET_CAPABILITIES returned 0 [ 415.146731][ T1216] usbtmc 3-1:16.0: can't read capabilities [ 415.301471][ T1165] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.556953][T13840] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.570216][T13840] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.580869][T13848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 415.591183][T13848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 415.604646][T13840] bridge_slave_0: entered allmulticast mode [ 415.612407][T13840] bridge_slave_0: entered promiscuous mode [ 415.664032][T13881] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 415.677288][T13840] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.692958][T13881] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 415.710925][T13840] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.736289][T13840] bridge_slave_1: entered allmulticast mode [ 415.752605][T13840] bridge_slave_1: entered promiscuous mode [ 415.784908][T13884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 415.829451][T13884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 415.933354][T13840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.974675][ T5834] Bluetooth: hci2: command tx timeout [ 415.995566][T13887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.091886][T13840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 416.106427][T13887] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.152205][ T5900] usb 3-1: USB disconnect, device number 37 [ 416.154895][T13848] usbtmc 3-1:16.0: usb_control_msg returned -71 [ 416.328610][T13840] team0: Port device team_slave_0 added [ 416.364139][T13840] team0: Port device team_slave_1 added [ 416.385063][ T1165] erspan0: left allmulticast mode [ 416.390156][ T1165] erspan0: left promiscuous mode [ 416.417841][ T1165] bridge0: port 3(erspan0) entered disabled state [ 416.469643][ T1165] bridge_slave_1: left allmulticast mode [ 416.484541][ T1165] bridge_slave_1: left promiscuous mode [ 416.648286][ T1165] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.883956][ T1165] bridge_slave_0: left allmulticast mode [ 416.895364][ T1165] bridge_slave_0: left promiscuous mode [ 416.901580][ T1165] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.946003][ T5900] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 417.167763][ T5900] usb 3-1: Using ep0 maxpacket: 32 [ 417.176839][ T5900] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 417.200390][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.355035][ T5900] usb 3-1: config 0 descriptor?? [ 417.463641][ T5900] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 417.480438][ T5900] usb 3-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 417.491922][ T5900] usb 3-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 417.793777][ T1165] bond1 (unregistering): (slave gretap1): Releasing backup interface [ 417.825885][ T1165] gretap1 (unregistering): left promiscuous mode [ 418.053254][T13921] syz.1.3059 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 418.087595][ T5834] Bluetooth: hci2: command tx timeout [ 418.155547][ T1165] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.201144][ T1165] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.223711][ T1165] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 418.263916][ T1165] bond0 (unregistering): (slave team0): Releasing backup interface [ 418.308028][ T1165] bond0 (unregistering): Released all slaves [ 418.319115][ T1165] bond1 (unregistering): Released all slaves [ 418.345363][ T1165] bond2 (unregistering): Released all slaves [ 418.405657][ T1165] bond3 (unregistering): Released all slaves [ 418.488849][ T1165] bond4 (unregistering): Released all slaves [ 418.529667][ T1165] bond5 (unregistering): (slave bond6): Releasing backup interface [ 418.541185][ T1165] bond5 (unregistering): Released all slaves [ 418.567842][ T1165] bond6 (unregistering): Released all slaves [ 418.698099][T13880] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 418.709358][T13840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 418.767219][T13840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 418.840059][T13840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 419.054975][ T1165] : left promiscuous mode [ 419.108826][T13840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 419.186742][T13840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 419.265929][T13840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 419.287872][ T1165] tipc: Left network mode [ 419.526198][T13840] hsr_slave_0: entered promiscuous mode [ 419.547220][T13840] hsr_slave_1: entered promiscuous mode [ 419.571047][T13840] debugfs: 'hsr0' already exists in 'hsr' [ 419.596314][T13840] Cannot create hsr debugfs directory [ 420.138011][ T5834] Bluetooth: hci2: command tx timeout [ 420.267094][T13944] netlink: 592 bytes leftover after parsing attributes in process `syz.4.3064'. [ 420.702230][ T1165] hsr_slave_0: left promiscuous mode [ 420.719692][ T1165] hsr_slave_1: left promiscuous mode [ 420.734401][ T5833] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 420.748422][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 420.765927][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 420.790809][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 420.823257][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 421.034781][ T5833] usb 2-1: Using ep0 maxpacket: 8 [ 421.042037][ T5833] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 421.050623][ T5833] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 421.062113][ T1165] veth1_macvtap: left promiscuous mode [ 421.075365][ T1165] veth0_macvtap: left promiscuous mode [ 421.080970][ T5833] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 421.081091][ T1165] veth1_vlan: left promiscuous mode [ 421.104468][ T1165] veth0_vlan: left promiscuous mode [ 421.124405][ T5833] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 421.154980][ T5833] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 421.191278][ T5833] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 421.200682][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.456584][ T5833] usb 2-1: GET_CAPABILITIES returned 0 [ 421.462106][ T5833] usbtmc 2-1:16.0: can't read capabilities [ 421.940894][T13951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.955791][T13951] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.047841][T13974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.080441][T13974] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.167619][T13975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.198986][T13975] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.214714][ T5834] Bluetooth: hci2: command tx timeout [ 422.233527][ T1165] team0 (unregistering): Port device team_slave_1 removed [ 422.306377][ T1165] team0 (unregistering): Port device team_slave_0 removed [ 422.393075][T13977] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.417249][T13977] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.436643][ T5907] usb 2-1: USB disconnect, device number 31 [ 422.452401][T13951] usbtmc 2-1:16.0: usb_control_msg returned -71 [ 422.666438][T13971] bridge0: port 3(syz_tun) entered blocking state [ 422.673149][T13971] bridge0: port 3(syz_tun) entered listening state [ 422.680069][T13971] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.687309][T13971] bridge0: port 2(bridge_slave_1) entered listening state [ 422.694960][T13971] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.702186][T13971] bridge0: port 1(bridge_slave_0) entered listening state [ 422.749117][T13971] 8021q: adding VLAN 0 to HW filter on device .` [ 422.764484][T13971] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 422.994394][ T5833] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 423.175353][ T5833] usb 2-1: Using ep0 maxpacket: 32 [ 423.184918][ T5833] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 423.194360][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.218111][ T5833] usb 2-1: config 0 descriptor?? [ 423.434489][ T5833] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 423.584155][T13981] bond1 (unregistering): Released all slaves [ 423.682759][T14004] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3075'. [ 424.177728][T13840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 424.229862][T13840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 424.260677][T13840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 424.309706][T13840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 425.181391][T13840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.263478][T14038] tipc: Enabling of bearer rejected, failed to enable media [ 425.296674][T13840] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.434914][ T1011] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.442155][ T1011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 425.508166][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.515419][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.583715][T14045] netlink: 'syz.3.3084': attribute type 10 has an invalid length. [ 425.650049][T14045] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.726184][T14045] bond0: (slave team0): Enslaving as an active interface with an up link [ 426.121145][T13840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 426.208205][T14062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3085'. [ 426.550690][T13840] veth0_vlan: entered promiscuous mode [ 426.578560][T13840] veth1_vlan: entered promiscuous mode [ 426.659389][T13840] veth0_macvtap: entered promiscuous mode [ 426.696701][T13840] veth1_macvtap: entered promiscuous mode [ 426.765971][T13840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.808266][T13840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.912590][ T1107] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.036401][ T1107] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.125505][ T1107] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.175072][ T1107] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.371175][ T1011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.461744][ T1011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.900984][ T1011] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.908942][ T1011] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 428.636841][T14100] tipc: Enabled bearer , priority 0 [ 428.684371][T14099] tipc: Disabling bearer [ 428.844810][T14107] netlink: 'syz.1.3094': attribute type 10 has an invalid length. [ 428.863438][T14107] 8021q: adding VLAN 0 to HW filter on device team0 [ 428.878048][T14107] bond0: (slave team0): Enslaving as an active interface with an up link [ 429.813477][T14126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3099'. [ 431.438172][T14142] netlink: 'syz.4.3106': attribute type 10 has an invalid length. [ 431.481011][T14142] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.516423][T14142] bond0: (slave team0): Enslaving as an active interface with an up link [ 432.005501][ T5975] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 432.262825][ T5975] usb 5-1: Using ep0 maxpacket: 8 [ 432.293860][ T5975] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 432.319962][ T5975] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 432.352943][ T5975] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 432.367122][ T5975] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 432.378476][ T5975] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 432.473008][ T5975] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 432.562525][T14164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3112'. [ 432.582068][ T5975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.891988][ T5975] usb 5-1: GET_CAPABILITIES returned 0 [ 432.910315][ T5975] usbtmc 5-1:16.0: can't read capabilities [ 433.308729][T14167] ip6erspan0: entered promiscuous mode [ 433.327670][T14150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.346027][T14150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.390966][T14150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.470610][T14150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.553862][T14150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.604718][T14150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.699947][T14150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.710988][T14150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.726041][ T5975] usb 5-1: USB disconnect, device number 31 [ 434.231712][T14182] netlink: 'syz.1.3119': attribute type 10 has an invalid length. [ 434.377840][ T5983] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 434.534546][ T5983] usb 5-1: Using ep0 maxpacket: 32 [ 434.542969][ T5983] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 434.552660][ T5983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.600460][ T5983] usb 5-1: config 0 descriptor?? [ 434.651128][T14187] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.658724][T14187] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.702798][T14187] bridge0: port 3(syz_tun) entered blocking state [ 434.709774][T14187] bridge0: port 3(syz_tun) entered disabled state [ 434.716832][T14187] syz_tun: entered allmulticast mode [ 434.724029][T14187] syz_tun: entered promiscuous mode [ 434.859996][ T5983] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 435.205901][ T5975] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 435.420943][ T5975] usb 1-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30 [ 435.448538][ T5975] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 435.460594][T14206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3126'. [ 435.485893][ T5975] usb 1-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 435.511475][ T5975] usb 1-1: config 0 interface 0 has no altsetting 0 [ 435.544779][ T5975] usb 1-1: New USB device found, idVendor=05ac, idProduct=027d, bcdDevice= 0.00 [ 435.554040][ T5975] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.568058][ T5975] usb 1-1: config 0 descriptor?? [ 435.651265][T14212] fuse: Unknown parameter 'group_id00000000000000000000' [ 435.990373][ T5975] apple 0003:05AC:027D.0015: hidraw0: USB HID v0.04 Device [HID 05ac:027d] on usb-dummy_hcd.0-1/input0 [ 436.189096][ T5975] usb 1-1: USB disconnect, device number 24 [ 436.249468][T14224] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 437.074725][ T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 437.255521][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 437.267910][ T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 437.284131][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 437.297063][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 437.324330][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 437.362475][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 437.438513][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 437.449884][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.688680][ T9] usb 1-1: GET_CAPABILITIES returned 0 [ 437.701148][ T9] usbtmc 1-1:16.0: can't read capabilities [ 438.127861][T14237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 438.144835][T14237] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 438.167273][T14237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 438.222573][T14237] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 438.262565][T14237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 438.311230][T14237] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 438.339866][T14237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 438.365495][T14237] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 438.406889][ T9] usb 1-1: USB disconnect, device number 25 [ 438.924602][ T44] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 439.114344][ T44] usb 1-1: Using ep0 maxpacket: 32 [ 439.143698][ T44] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 439.183857][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.215382][ T44] usb 1-1: config 0 descriptor?? [ 440.001661][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.012783][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.037926][ T44] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 441.297485][ T1216] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 441.485799][ T1216] usb 4-1: config 0 has an invalid interface number: 23 but max is 0 [ 441.495076][ T1216] usb 4-1: config 0 has no interface number 0 [ 441.509220][ T1216] usb 4-1: config 0 interface 23 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 441.544326][ T1216] usb 4-1: config 0 interface 23 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 441.604483][ T1216] usb 4-1: config 0 interface 23 has no altsetting 0 [ 441.633897][ T1216] usb 4-1: New USB device found, idVendor=0bda, idProduct=b711, bcdDevice= 6.60 [ 441.649742][ T1216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.661285][ T1216] usb 4-1: Product: syz [ 441.666532][ T1216] usb 4-1: Manufacturer: syz [ 441.689757][ T1216] usb 4-1: SerialNumber: syz [ 441.715739][ T1216] usb 4-1: config 0 descriptor?? [ 441.794424][T14303] netlink: 'syz.2.3162': attribute type 10 has an invalid length. [ 441.880531][T14303] 8021q: adding VLAN 0 to HW filter on device team0 [ 441.899523][T14303] .`: (slave team0): Enslaving as an active interface with an up link [ 441.994691][ T1216] usb 4-1: USB disconnect, device number 21 [ 442.609955][T14314] : entered promiscuous mode [ 443.291723][T14319] netlink: 'syz.3.3168': attribute type 1 has an invalid length. [ 443.362067][T14319] 8021q: adding VLAN 0 to HW filter on device bond1 [ 443.467685][T14321] ip6erspan0: entered promiscuous mode [ 443.916156][T14328] ------------[ cut here ]------------ [ 443.921985][T14328] !chanctx_conf [ 443.922019][T14328] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x64a/0x6e0, CPU#0: syz.3.3171/14328 [ 443.936884][T14328] Modules linked in: [ 443.941139][T14328] CPU: 0 UID: 0 PID: 14328 Comm: syz.3.3171 Tainted: G L syzkaller #0 PREEMPT(full) [ 443.952234][T14328] Tainted: [L]=SOFTLOCKUP [ 443.958622][T14328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 443.970032][T14328] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 443.976371][T14328] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 f7 a6 f6 90 0f 0b 90 eb e1 e8 77 f7 a6 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 443.996466][T14328] RSP: 0018:ffffc9000dc8ef28 EFLAGS: 00010283 [ 444.002596][T14328] RAX: ffffffff8b1e9409 RBX: ffff888024d2c000 RCX: 0000000000080000 [ 444.010764][T14328] RDX: ffffc900104f2000 RSI: 0000000000000419 RDI: 000000000000041a [ 444.019081][T14328] RBP: 0000000000000000 R08: ffffffff8b1e8f23 R09: ffffffff8e7602e0 [ 444.027177][T14328] R10: dffffc0000000000 R11: ffffed10049a5831 R12: 1ffff110049a580a [ 444.035219][T14328] R13: ffff88804e7a8e80 R14: 0000000000000001 R15: ffffffff8b1e8f23 [ 444.043212][T14328] FS: 0000000000000000(0000) GS:ffff888125467000(0063) knlGS:00000000f5406b40 [ 444.052194][T14328] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 444.059873][T14328] CR2: 00000000f7247110 CR3: 0000000066cc8000 CR4: 00000000003526f0 [ 444.068485][T14328] Call Trace: [ 444.071786][T14328] [ 444.074906][T14328] rate_control_rate_init_all_links+0x109/0x1a0 [ 444.081250][T14328] sta_apply_auth_flags+0x1c2/0x400 [ 444.086502][T14328] sta_apply_parameters+0xea9/0x1620 [ 444.091812][T14328] ieee80211_add_station+0x424/0x6a0 [ 444.097156][T14328] rdev_add_station+0xfc/0x2c0 [ 444.102028][T14328] nl80211_new_station+0x1864/0x1d30 [ 444.107365][T14328] ? trace_contention_end+0x3d/0x150 [ 444.112679][T14328] ? __pfx_nl80211_new_station+0x10/0x10 [ 444.118365][T14328] ? __rtnl_unlock+0xc8/0xf0 [ 444.122997][T14328] ? nl80211_pre_doit+0x4f1/0x930 [ 444.128057][T14328] genl_family_rcv_msg_doit+0x22a/0x330 [ 444.133613][T14328] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 444.139893][T14328] ? bpf_lsm_capable+0x9/0x20 [ 444.144602][T14328] ? security_capable+0x7e/0x2c0 [ 444.149549][T14328] genl_rcv_msg+0x61c/0x7a0 [ 444.154071][T14328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.160302][T14328] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 444.166306][T14328] ? __pfx_nl80211_new_station+0x10/0x10 [ 444.171954][T14328] ? __pfx_nl80211_post_doit+0x10/0x10 [ 444.177475][T14328] ? __lock_acquire+0x6b5/0x2cf0 [ 444.182461][T14328] netlink_rcv_skb+0x232/0x4b0 [ 444.187290][T14328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.192349][T14328] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 444.197708][T14328] ? down_read+0x272/0x2e0 [ 444.202128][T14328] ? genl_rcv+0xd/0x40 [ 444.206239][T14328] genl_rcv+0x28/0x40 [ 444.210233][T14328] netlink_unicast+0x80f/0x9b0 [ 444.215398][T14328] ? __pfx_netlink_unicast+0x10/0x10 [ 444.220698][T14328] ? netlink_sendmsg+0x650/0xb40 [ 444.225680][T14328] ? skb_put+0x11b/0x210 [ 444.229939][T14328] netlink_sendmsg+0x813/0xb40 [ 444.234763][T14328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.240058][T14328] ? aa_sock_msg_perm+0xf1/0x1b0 [ 444.245040][T14328] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 444.250331][T14328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.255648][T14328] ____sys_sendmsg+0xa68/0xad0 [ 444.260458][T14328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.266862][T14328] ___sys_sendmsg+0x2a5/0x360 [ 444.271566][T14328] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.277473][T14328] ? futex_wait+0x29a/0x380 [ 444.282025][T14328] ? __fget_files+0x2a/0x420 [ 444.286670][T14328] ? __fget_files+0x3a0/0x420 [ 444.291448][T14328] __sys_sendmsg+0x183/0x260 [ 444.296084][T14328] ? __pfx___sys_sendmsg+0x10/0x10 [ 444.301244][T14328] __do_fast_syscall_32+0x20d/0x640 [ 444.306519][T14328] ? lockdep_hardirqs_on+0x7a/0x110 [ 444.311733][T14328] ? do_fast_syscall_32+0x33/0x70 [ 444.316798][T14328] ? irqentry_exit+0x10e/0x620 [ 444.321640][T14328] do_fast_syscall_32+0x33/0x70 [ 444.326609][T14328] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 444.332978][T14328] RIP: 0023:0xf7f45f6c [ 444.337141][T14328] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad [ 444.356819][T14328] RSP: 002b:00000000f540650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 444.366630][T14328] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001080 [ 444.375275][T14328] RDX: 0000000000004814 RSI: 0000000000000000 RDI: 0000000000000000 [ 444.383264][T14328] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 444.391285][T14328] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 444.399335][T14328] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 444.407387][T14328] [ 444.410453][T14328] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 444.417760][T14328] CPU: 0 UID: 0 PID: 14328 Comm: syz.3.3171 Tainted: G L syzkaller #0 PREEMPT(full) [ 444.428748][T14328] Tainted: [L]=SOFTLOCKUP [ 444.433087][T14328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 444.443155][T14328] Call Trace: [ 444.446471][T14328] [ 444.449485][T14328] vpanic+0x56c/0xa60 [ 444.453499][T14328] ? __pfx__printk+0x10/0x10 [ 444.458125][T14328] ? __pfx_vpanic+0x10/0x10 [ 444.462653][T14328] ? is_bpf_text_address+0x292/0x2b0 [ 444.467963][T14328] ? is_bpf_text_address+0x26/0x2b0 [ 444.473190][T14328] panic+0xc5/0xd0 [ 444.476936][T14328] ? __pfx_panic+0x10/0x10 [ 444.481403][T14328] __warn+0x315/0x4f0 [ 444.485407][T14328] ? rate_control_rate_init+0x64a/0x6e0 [ 444.490990][T14328] ? rate_control_rate_init+0x64a/0x6e0 [ 444.496590][T14328] __report_bug+0x29a/0x540 [ 444.501119][T14328] ? lockdep_hardirqs_on+0x7a/0x110 [ 444.506351][T14328] ? rate_control_rate_init+0x64a/0x6e0 [ 444.511928][T14328] ? __pfx___report_bug+0x10/0x10 [ 444.516982][T14328] ? __lock_acquire+0x6b5/0x2cf0 [ 444.521944][T14328] ? __lock_acquire+0x6b5/0x2cf0 [ 444.526994][T14328] ? rate_control_rate_init+0x64a/0x6e0 [ 444.532566][T14328] report_bug+0x16a/0x220 [ 444.536922][T14328] ? rate_control_rate_init+0x64a/0x6e0 [ 444.542501][T14328] ? rate_control_rate_init+0x64c/0x6e0 [ 444.548170][T14328] handle_bug+0x98/0x200 [ 444.552465][T14328] exc_invalid_op+0x1a/0x50 [ 444.556996][T14328] asm_exc_invalid_op+0x1a/0x20 [ 444.561874][T14328] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 444.568057][T14328] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 82 f7 a6 f6 90 0f 0b 90 eb e1 e8 77 f7 a6 f6 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 444.587683][T14328] RSP: 0018:ffffc9000dc8ef28 EFLAGS: 00010283 [ 444.593759][T14328] RAX: ffffffff8b1e9409 RBX: ffff888024d2c000 RCX: 0000000000080000 [ 444.601743][T14328] RDX: ffffc900104f2000 RSI: 0000000000000419 RDI: 000000000000041a [ 444.609724][T14328] RBP: 0000000000000000 R08: ffffffff8b1e8f23 R09: ffffffff8e7602e0 [ 444.617705][T14328] R10: dffffc0000000000 R11: ffffed10049a5831 R12: 1ffff110049a580a [ 444.625699][T14328] R13: ffff88804e7a8e80 R14: 0000000000000001 R15: ffffffff8b1e8f23 [ 444.633687][T14328] ? rate_control_rate_init+0x163/0x6e0 [ 444.639291][T14328] ? rate_control_rate_init+0x163/0x6e0 [ 444.644891][T14328] ? rate_control_rate_init+0x649/0x6e0 [ 444.650489][T14328] ? rate_control_rate_init+0x649/0x6e0 [ 444.656082][T14328] rate_control_rate_init_all_links+0x109/0x1a0 [ 444.662381][T14328] sta_apply_auth_flags+0x1c2/0x400 [ 444.667603][T14328] sta_apply_parameters+0xea9/0x1620 [ 444.672920][T14328] ieee80211_add_station+0x424/0x6a0 [ 444.678248][T14328] rdev_add_station+0xfc/0x2c0 [ 444.683042][T14328] nl80211_new_station+0x1864/0x1d30 [ 444.688354][T14328] ? trace_contention_end+0x3d/0x150 [ 444.693676][T14328] ? __pfx_nl80211_new_station+0x10/0x10 [ 444.699330][T14328] ? __rtnl_unlock+0xc8/0xf0 [ 444.703960][T14328] ? nl80211_pre_doit+0x4f1/0x930 [ 444.709008][T14328] genl_family_rcv_msg_doit+0x22a/0x330 [ 444.714592][T14328] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 444.720693][T14328] ? bpf_lsm_capable+0x9/0x20 [ 444.725397][T14328] ? security_capable+0x7e/0x2c0 [ 444.730371][T14328] genl_rcv_msg+0x61c/0x7a0 [ 444.734900][T14328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.739955][T14328] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 444.745350][T14328] ? __pfx_nl80211_new_station+0x10/0x10 [ 444.751007][T14328] ? __pfx_nl80211_post_doit+0x10/0x10 [ 444.756481][T14328] ? __lock_acquire+0x6b5/0x2cf0 [ 444.761452][T14328] netlink_rcv_skb+0x232/0x4b0 [ 444.766248][T14328] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.771297][T14328] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 444.776615][T14328] ? down_read+0x272/0x2e0 [ 444.781064][T14328] ? genl_rcv+0xd/0x40 [ 444.785167][T14328] genl_rcv+0x28/0x40 [ 444.789185][T14328] netlink_unicast+0x80f/0x9b0 [ 444.793978][T14328] ? __pfx_netlink_unicast+0x10/0x10 [ 444.799289][T14328] ? netlink_sendmsg+0x650/0xb40 [ 444.804253][T14328] ? skb_put+0x11b/0x210 [ 444.808553][T14328] netlink_sendmsg+0x813/0xb40 [ 444.813343][T14328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.818650][T14328] ? aa_sock_msg_perm+0xf1/0x1b0 [ 444.823608][T14328] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 444.828912][T14328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.834220][T14328] ____sys_sendmsg+0xa68/0xad0 [ 444.839020][T14328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.844343][T14328] ___sys_sendmsg+0x2a5/0x360 [ 444.849052][T14328] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.854295][T14328] ? futex_wait+0x29a/0x380 [ 444.858858][T14328] ? __fget_files+0x2a/0x420 [ 444.863475][T14328] ? __fget_files+0x3a0/0x420 [ 444.868184][T14328] __sys_sendmsg+0x183/0x260 [ 444.872802][T14328] ? __pfx___sys_sendmsg+0x10/0x10 [ 444.877957][T14328] __do_fast_syscall_32+0x20d/0x640 [ 444.883170][T14328] ? lockdep_hardirqs_on+0x7a/0x110 [ 444.888403][T14328] ? do_fast_syscall_32+0x33/0x70 [ 444.893468][T14328] ? irqentry_exit+0x10e/0x620 [ 444.898258][T14328] do_fast_syscall_32+0x33/0x70 [ 444.903122][T14328] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 444.909473][T14328] RIP: 0023:0xf7f45f6c [ 444.913557][T14328] Code: 90 85 d2 74 0a 89 ce 81 e6 ff 0f 00 00 89 32 85 c0 74 05 c1 e9 0c 89 08 31 c0 5e 5d c3 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 90 90 90 90 90 90 b8 ad [ 444.933199][T14328] RSP: 002b:00000000f540650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 444.941647][T14328] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001080 [ 444.949633][T14328] RDX: 0000000000004814 RSI: 0000000000000000 RDI: 0000000000000000 [ 444.957616][T14328] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 444.965782][T14328] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 444.973770][T14328] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 444.982555][T14328] [ 444.986291][T14328] Kernel Offset: disabled [ 444.990637][T14328] Rebooting in 86400 seconds..