last executing test programs: 18.189012309s ago: executing program 4 (id=1043): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000080), 0x12) 18.005676039s ago: executing program 4 (id=1045): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x851}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) epoll_create1(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$xdp(0x2c, 0x3, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, 0x0, 0x321, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x404c010) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {}, {0xf, 0x1}, {0xa, 0x1}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc8c4) 17.858389828s ago: executing program 4 (id=1049): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0) socket(0x1e, 0x1, 0x0) socket(0x2b, 0x1, 0x1) pselect6(0x40, &(0x7f0000000100)={0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x800, 0x0, 0x4, 0x10000000}, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000007, 0x31, 0xffffffffffffffff, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000001c0)=0x3) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x40d, 0x70bd2a, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x600b2, 0x40c41}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x1c, 0x5, 0x0, 0x1, [{0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}, {0xa, 0x4, @multicast}]}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x400c844}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r10 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) 17.584502593s ago: executing program 4 (id=1053): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0x20) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x200000000000026f, 0x1}}, 0x40) 17.321827868s ago: executing program 4 (id=1058): socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x20000400) pipe(&(0x7f0000000000)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0xfd67, &(0x7f0000001400), 0x1}}], 0x4000210, 0x10002, 0x0) 9.334722691s ago: executing program 4 (id=1118): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000380)={0x0, @empty, @broadcast}, &(0x7f00000003c0)=0xc) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) sendmsg$inet(r0, 0x0, 0x80) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f00000000c0)=0x189) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000680)=0xb) 7.74676688s ago: executing program 2 (id=1127): r0 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x80000004}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x20000014}) 7.494208903s ago: executing program 2 (id=1129): bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x25000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0xe1, 0x0, 0x0) syz_usb_connect(0x2, 0x4a, &(0x7f00000015c0)=ANY=[@ANYBLOB="12010000958c834099043f4d2ad201020301090238000100fd20000904270001ff40d300052402000105240009000d240f01030000000d0010006306241a7d000209050b02"], 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fd9000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r5 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000130001"], 0xe0}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) 3.438988539s ago: executing program 2 (id=1150): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2", 0x77}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84", 0xbd}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c617c69458d721eb85d0e5372751cd23cc88571", 0x9c}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e", 0x73}, {&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6e", 0x71}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f3", 0x1b}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}], 0x78}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a", 0x18}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa464613c", 0xf}], 0x1}}], 0x4, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 3.302198746s ago: executing program 2 (id=1153): arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000100)) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000009000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ab99dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c41ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42cea68bef67422ecc13968a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f381ba6e0363d0a4a8a813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c60"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0xd}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x10, 0x0, &(0x7f0000002580)="f0b9547ee7affa9daabd309a75d387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000200), 0x21100, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) r5 = gettid() timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syslog(0x2, &(0x7f00000001c0)=""/229, 0xe5) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x100003, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {0x3, 0xfff9}, {0xd}}}, 0x24}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000240)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x37, r4}) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='gfs2\x00', 0x4090, 0x0) 2.826032483s ago: executing program 2 (id=1157): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0xfffffffe, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x70b922, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x7, 0x3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x24, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x1}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x1000}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x4}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000440)='\'', 0x1}], 0x1}, 0x4) 2.354865469s ago: executing program 2 (id=1160): bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x25000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0xe1, 0x0, 0x0) syz_usb_connect(0x2, 0x4a, &(0x7f00000015c0)=ANY=[@ANYBLOB="12010000958c834099043f4d2ad201020301090238000100fd20000904270001ff40d300052402000105240009000d240f01030000000d0010006306241a7d000209050b02"], 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fd9000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) r5 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000130001"], 0xe0}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x234f, 0xb1e6, 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) 1.820020449s ago: executing program 1 (id=1166): syz_open_dev$evdev(0x0, 0x2, 0x862b01) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @local}, 0x2, 0x0, 0x1}}, 0x26) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r2, 0x1, 0x60bd27, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) socket$can_j1939(0x1d, 0x2, 0x7) 1.758621822s ago: executing program 1 (id=1167): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001f40)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0xc080) 1.668497557s ago: executing program 1 (id=1169): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004005}, 0x4000000) 1.61812978s ago: executing program 1 (id=1170): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0xfffffffe, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x70b922, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x7, 0x3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x24, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x1}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x1000}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x4}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000440)='\'', 0x1}], 0x1}, 0x4) 1.267662699s ago: executing program 3 (id=1173): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket(0x840000000002, 0x3, 0xff) sendmsg$inet(r0, &(0x7f0000000900)={&(0x7f00000006c0)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000940)="974501000000000001008cc5595c4a9b8f52ac8e5c7fe70a3326491f", 0x1c}], 0x1}, 0x400c804) 1.205218123s ago: executing program 3 (id=1174): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtfilter={0xe8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r8, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe58, 0x2, [@TCA_MATCHALL_ACT={0xe54, 0x2, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x3ff, 0x5, 0x20000000, 0x18, 0x458}, 0x2, 0x2}, [{0x1, 0x87992fa, 0x8, 0x8, 0x8, 0x7ff}, {0x3b0000, 0x2, 0x5, 0x7, 0x3b4e, 0xfffffff2}, {0x9, 0x3, 0xd289, 0x3, 0x5, 0xfffff06d}, {0x4, 0x8f80, 0x7df1, 0x5, 0xbb, 0x6}, {0x40, 0x1, 0x8, 0x4, 0x8000000, 0x7fffffff}, {0x5, 0x2, 0x80000000, 0x4, 0x4, 0x8}, {0x7690ea5, 0x401, 0x1, 0x4, 0x7, 0x1ff}, {0x2, 0xd, 0xd41, 0x8, 0x80000000, 0x5}, {0x6, 0x0, 0x3ff, 0x4, 0x8, 0x4}, {0x2, 0xfffeffff, 0xbb, 0x1ff, 0x0, 0xb5}, {0x101, 0x1, 0x44, 0x1, 0xe8, 0x101}, {0xfffffc00, 0x8, 0x1, 0x1, 0x2, 0x7}, {0x6, 0xd, 0x9, 0xa0, 0xffffffff, 0x2}, {0x7fff, 0x7, 0x3, 0x80000000, 0x9, 0x10001}, {0x1004, 0x7ff, 0x7000000, 0x0, 0x2, 0x2}, {0x8, 0x3, 0x3ff, 0x5, 0x1, 0x5}, {0x8, 0x0, 0x4, 0x8, 0x1}, {0x4, 0x0, 0x3, 0xeaa, 0x40, 0xffff}, {0x1, 0x0, 0x4, 0x7, 0x2, 0x7}, {0xd319, 0xa, 0x80000001, 0x3, 0x9, 0x5}, {0x8, 0x2, 0xff, 0x9, 0x0, 0x81}, {0x9, 0x1, 0xa8, 0x9, 0x0, 0xfffff000}, {0x80, 0x6, 0x3ff, 0x2, 0x51e, 0x48e6}, {0x1, 0xf, 0x8000, 0x80000, 0x0, 0x7}, {0x6, 0x3, 0x101, 0x3, 0x3, 0xfffffff8}, {0x2, 0xab7c, 0x3, 0x2, 0x5}, {0x8, 0x2, 0x89, 0x0, 0x3, 0x6}, {0x3, 0x7, 0x1, 0xb435, 0x6, 0xfffffffc}, {0x8, 0x0, 0x0, 0x0, 0x100, 0x401}, {0xfffffffb, 0x5, 0x7, 0x4, 0x8, 0x3ac2f9ed}, {0x5, 0x0, 0x2, 0x1, 0x0, 0x7}, {0x6, 0x0, 0x2, 0x7f, 0xc, 0x8}, {0x5, 0x3ff, 0xffffffff, 0x5, 0x10000, 0x6}, {0x9, 0x1, 0x7, 0xc, 0x3674, 0x5}, {0x2e52, 0x10001, 0x1000, 0x40ffff, 0x2, 0xa9a}, {0x6, 0x80000001, 0x7, 0x2, 0xfff, 0x7fff}, {0xf, 0x0, 0x8, 0x4, 0x79e, 0x2}, {0x8, 0x7fffffff, 0x3, 0x5, 0x8, 0x200}, {0x12, 0xfcc, 0x9, 0x6, 0x7, 0x5}, {0x3ff, 0x1, 0xa, 0xffffa747, 0xfffff002, 0xb0}, {0x2614, 0x5, 0x3ff, 0xe5, 0x200, 0x8}, {0x7e10, 0x4, 0xa, 0x0, 0x9, 0x401}, {0xfffffff7, 0x1000, 0x7fff, 0x8, 0x7, 0x7}, {0x81, 0x5, 0x3, 0x7, 0x82b3, 0x3}, {0xc, 0x401, 0x5, 0x3, 0x80000000, 0xb6e}, {0x9, 0x800, 0xfffffff9, 0x2, 0x3, 0x4}, {0xe, 0x0, 0x9, 0x5, 0x3b83, 0x3}, {0x200, 0xfffffffa, 0x8, 0x721, 0xd359, 0x10}, {0x7, 0x5, 0x10001, 0x8, 0x80000000, 0x2}, {0x9, 0x6, 0xfba, 0x6, 0x9bd, 0xdae}, {0x7, 0x507, 0x8, 0x10001, 0x5, 0x7}, {0x448f, 0x81, 0x8, 0x80, 0x9, 0x4}, {0x7, 0x4993, 0xe76, 0x6, 0xcb0, 0x401}, {0x9, 0xc49c, 0xd4e1, 0x5, 0x1, 0x5}, {0x1, 0x7, 0xc, 0x2, 0xade, 0xb}, {0x1e14, 0xe, 0x9, 0x95a, 0x1, 0x7}, {0x6, 0x101, 0xffff, 0x10001, 0x0, 0x7ff}, {0x4, 0x4, 0x0, 0x401, 0x5, 0x5}, {0x1, 0x4d8, 0x57a0, 0x1, 0x9, 0xffffffff}, {0xffffffff, 0x6, 0x0, 0x2222068c, 0x3, 0x1}, {0x2, 0x1000, 0x2, 0x2, 0xfffffff7, 0x7ff}, {0xd, 0x3af, 0x9, 0x8, 0x5, 0xe}, {0xfffffffc, 0x33a1, 0x8, 0x8, 0x2, 0xf59}, {0x10000, 0x7fffffff, 0x6, 0x6, 0x6, 0x6}, {0xe, 0xb1, 0x7, 0x1, 0x5, 0x2}, {0x191, 0x6, 0x1, 0x8, 0x0, 0xfffffff8}, {0x9, 0x6, 0x7, 0x0, 0xf960, 0x9d}, {0x1, 0x2, 0x6, 0x6cde, 0xfffffff7, 0x1ff}, {0x5, 0x3, 0x3, 0x1030, 0x494, 0xffffffcc}, {0x1e2, 0x1, 0x1, 0x4, 0x5, 0x6}, {0xa503, 0x80000000, 0xc3, 0x1ff, 0x1, 0x7}, {0x7, 0x1, 0xe, 0xff, 0x3, 0x9}, {0x80000001, 0x0, 0x3, 0xd, 0x7fffffff, 0xef}, {0x7, 0x6, 0x0, 0x764, 0x5, 0x4}, {0x0, 0x8, 0xb69, 0x7fff, 0x9, 0x5}, {0x5, 0xff, 0x6, 0x2, 0x9, 0x4}, {0x7, 0x6, 0x5, 0x5, 0x3, 0x10001}, {0x6, 0x2, 0x0, 0x2, 0x2ee6, 0x8}, {0xb54, 0x5, 0x6, 0xfffffffa, 0x323, 0x2}, {0x3, 0x9, 0xfffffff7, 0x8, 0x7b6b14a2, 0x3}, {0x8, 0x80000000, 0x1, 0x44, 0x100, 0x257f}, {0x5, 0x5, 0xab, 0x9, 0x5, 0x7fffffff}, {0x9e, 0x6, 0x6, 0x3, 0x2, 0xf2}, {0x9, 0x4000, 0x101, 0x6, 0x4, 0xd}, {0x401, 0x0, 0x7, 0xffffffff, 0x8, 0x9}, {0xfffffffa, 0x9, 0xfffffffb, 0x5, 0x1004000, 0x7fff}, {0x0, 0x6, 0x80000000, 0x101, 0x5}, {0x10001, 0x2, 0x8, 0xffffffc0, 0xa, 0x5}, {0x7, 0x7, 0x8, 0xca, 0x5, 0x8}, {0xd576, 0x4, 0x4, 0x7, 0x4, 0x8}, {0xe, 0x6f, 0x10000, 0x2, 0xdc7f, 0xb66}, {0xb64, 0x4, 0x7, 0x0, 0x80000001, 0x9}, {0x1, 0x51b2, 0x10, 0x3, 0x4}, {0x3, 0x4, 0x6146a1c3, 0x3, 0xd7, 0x5}, {0x80000001, 0x40, 0xfff, 0x81, 0x4, 0xfffffff9}, {0x7, 0x800, 0x5c, 0x45, 0x4, 0x100}, {0x6, 0x6, 0x3, 0x9fed, 0x0, 0x4}, {0x4b, 0x4, 0x67, 0x7fffffff, 0xf7}, {0x35be, 0xc, 0x1, 0x800, 0xfffeffff, 0x1000000}, {0x7, 0x8001, 0x0, 0x1, 0x7}, {0x800, 0x5, 0x0, 0x10000000, 0x6, 0x3}, {0x9, 0x6, 0xd, 0x5, 0x537, 0x2}, {0x7, 0x80, 0xb51, 0x1, 0x8000, 0x6}, {0x1, 0x36, 0x186b, 0x995f, 0x5, 0x4}, {0xd3a, 0x15aa, 0x92c0, 0x10000, 0x4, 0x6}, {0x80000000, 0x7, 0x6, 0x0, 0x9, 0xe}, {0x3, 0x3694, 0x6, 0x9, 0x51cf3566, 0x4}, {0x0, 0xffffffff, 0x3, 0x7f, 0x4, 0x1ff}, {0x6, 0x6, 0x2, 0x5, 0xdf63, 0x4}, {0x6, 0x8001, 0x8, 0x7, 0x10000, 0xb}, {0x3, 0x4, 0x4, 0x6, 0x1ff, 0x1}, {0x10, 0x2, 0x54, 0x47c, 0x808, 0x4}, {0x7, 0x101, 0xe, 0x5, 0x100, 0xfffffffe}, {0x0, 0x6, 0x4, 0x1, 0xfffffff1, 0x36}, {0x0, 0x81, 0x6, 0x5b1b, 0xfff, 0xd29}, {0x1ff, 0x2, 0x7fffffff, 0x0, 0x0, 0x4}, {0x800, 0x53e, 0xac15, 0x73, 0xf112, 0x9}, {0x2, 0x800, 0x8d, 0x6268, 0x8, 0x4}, {0x8, 0xffff, 0xf2d, 0x2, 0x5, 0xa}, {0x8, 0x2, 0x1, 0x31d8, 0x7, 0x5}, {0x5, 0x8, 0xda2c, 0x823d, 0x2, 0xfffffff9}, {0x2, 0xc, 0x7fffffff, 0x0, 0x165, 0x6}, {0x5, 0x3, 0x8622, 0x80, 0x1, 0x1}, {0x3, 0x81, 0xc13, 0xffff, 0x1, 0x4}, {0xf4f0, 0x800, 0xa, 0x5, 0x7, 0x11b}, {0x7, 0x86b7, 0x0, 0xee, 0x81, 0x6}, {0x3, 0xfffffff7, 0xffff, 0x101, 0x3}, {0x5, 0x40, 0x7, 0xfffffffd, 0x9, 0x3}], [{0x1}, {0x5, 0x1}, {0x3}, {0x4}, {0x4}, {0x4}, {0x4}, {0x2}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x5}, {0x4}, {0x1}, {0x5}, {0x1}, {0x2}, {0x1, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x6bc7e79ad7b0d1cc}, {0x6}, {0x4, 0x1}, {0x0, 0x1}, {0x5}, {0x5, 0x1}, {0x4, 0x1}, {0x5}, {0x4}, {0x5}, {0x2}, {0x3}, {0x3, 0x1}, {0x2}, {}, {0x1, 0x1}, {0x2}, {0x3, 0x1}, {0x3}, {0x5}, {0x3}, {0x4}, {0x4}, {0x5}, {0x2, 0x1}, {0x2}, {}, {0x5}, {0x4}, {0x4}, {0x5}, {0x5}, {0x5, 0x1}, {0x4}, {0x3}, {0x2}, {0x4, 0x1}, {0x3}, {0x5, 0x1}, {0x1}, {0x4}, {0x2}, {0x5, 0x1}, {0x4, 0x1}, {0x5}, {0x5}, {0x5}, {0x2}, {0x4}, {0x2, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {}, {0x4}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x4, 0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x3, 0x1}, {0x3}, {0x4, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0x1}, {}, {}, {0x3, 0x1}, {0x4}, {0x2}, {0x1}, {}, {0x3, 0x1}, {0x371e711c6fc2f61}, {0x5, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x1}, {}, {0x4, 0x1}, {0x1}, {0x3}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {}, {0x0, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x1}, {0xf9ad1b51769e9d3d}], 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xe8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r5, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200080314000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f0000000780)="f058050000007f8f", 0x4000}], 0x2}, 0x5) 1.168293074s ago: executing program 1 (id=1175): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x851}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) epoll_create1(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$xdp(0x2c, 0x3, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, 0x0, 0x321, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x404c010) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r4, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {}, {0xf, 0x1}, {0xa, 0x1}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0xf0ffffffffffff, 0x0, 0x60001d0}, 0xc8c4) 1.092614529s ago: executing program 0 (id=1176): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000700000000000000000000000000000000000000000000000000000000000000020000000d00000000000000000000000000000000000000000000000000000097d11af5efd3ca8c0000000000000000000000000000000000000000000000000100000000000000"], 0xb8}}, 0x0) unshare(0x20000400) close(0x3) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 996.582814ms ago: executing program 0 (id=1177): syz_open_dev$evdev(0x0, 0x2, 0x862b01) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @local}, 0x2, 0x0, 0x1}}, 0x26) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r2, 0x1, 0x60bd27, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}]}, 0x34}}, 0x20) socket$can_j1939(0x1d, 0x2, 0x7) 887.0551ms ago: executing program 0 (id=1178): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x208004, 0x21fffc, 0xc, 0x200000, 0x2, 0xfffffffe}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec779000) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x2, 0xffffffff, 0x3, 0x22}, 0x4005}) close(0x3) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs2/binder0\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) r5 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000440)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000002c0)={0xc, 0x0, &(0x7f0000000540)=[@free_buffer={0x40086303, r5}], 0x0, 0x0, 0x0}) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r6, &(0x7f0000006380)={0x2020}, 0x2020) syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') syz_open_dev$video(&(0x7f0000000300), 0x1ff, 0xa4201) add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000180)="0000000000000002ff69000000000001000000c000000006000200861fa72e5b01504104bfeacdd5a9007d167c71e3b8a93aa64d957a684161c833020a6da888c7a56843a85f3a078c97d542ed1fbf069ca713670adf7d9fb6d2600fd9c1981fe9f095cfe9d2fe1e1e34f6096bf02543747b2c792890f07c0da0fa25e6101062e6c9176a70e41698814a213711764f88495994cfd8a57c1e13f6b5298e7ab3a2bfb58dde34d58536633c27882e51ced17d67999b0009446100"/212, 0xd4, 0xffffffffffffffff) 785.037506ms ago: executing program 0 (id=1179): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2", 0x77}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84", 0xbd}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c617c69458d721eb85d0e5372751cd23cc88571", 0x9c}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e", 0x73}, {&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6e", 0x71}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f3", 0x1b}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}], 0x78}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a", 0x18}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa464613c", 0xf}], 0x1}}], 0x4, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 681.985992ms ago: executing program 0 (id=1180): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller0\x00', @broadcast}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r3) r4 = socket$unix(0x1, 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7ff, 0x1000100000000, 0x6eb, 0x400005, 0x7, 0x2c0b}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2e, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0x3, 0xb}, {0xffe0, 0x6}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x5}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x6008000) ioctl$SIOCSIFHWADDR(r3, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 677.931602ms ago: executing program 3 (id=1181): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) ioctl$COMEDI_RANGEINFO(r0, 0x80106408, &(0x7f0000000040)={0x1}) 576.097768ms ago: executing program 3 (id=1182): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x8e40, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff5644d, 0x70b923, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {}, {0xe, 0xb}, {0xf, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x0, 0x32, 0x5, 0xa, 0x2, 0x9, 0xd, 0x1, 0xfffffffb, {0xffff1c72, 0x23, 0x7, 0xc, 0xfffffffe, 0x7583}}}}]}, 0x78}}, 0x20048040) sendto$packet(r4, &(0x7f0000000380)="fad33075218151db00316f3a277f", 0xe, 0x6008092, &(0x7f0000000080)={0x11, 0x88a8, r3, 0x1, 0xda, 0x6, @remote}, 0x14) 472.067854ms ago: executing program 1 (id=1183): r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/oops_count', 0x40, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0xa, 0xc, "faf98357e5a1149989fc8dbec3bd02b82a128bbad0099cebdc25f5abb534464c516bdd8a0f3500", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237641a8ccf162e43ac61f700000000009b4100", [0x9, 0xa]}}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x7) 350.26851ms ago: executing program 3 (id=1184): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket(0x840000000002, 0x3, 0xff) sendmsg$inet(r0, &(0x7f0000000900)={&(0x7f00000006c0)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f00000007c0)=[{&(0x7f0000000940)="974501000000000001008cc5595c4a9b8f52ac8e5c7fe70a3326491f", 0x1c}], 0x1, &(0x7f00000008c0)}, 0x400c804) 244.739356ms ago: executing program 3 (id=1185): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0xfffffffe, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x70b922, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x7, 0x3}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x24, 0x2, [@TCA_FQ_INITIAL_QUANTUM={0x8, 0x4, 0x1}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x1000}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x4}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000440)='\'', 0x1}], 0x1}, 0x4) 0s ago: executing program 0 (id=1186): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0) socket(0x1e, 0x1, 0x0) socket(0x2b, 0x1, 0x1) pselect6(0x40, &(0x7f0000000100)={0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x800, 0x0, 0x4, 0x10000000}, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000007, 0x31, 0xffffffffffffffff, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000001c0)=0x3) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x40d, 0x70bd2a, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x600b2, 0x40c41}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x20, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x1c, 0x5, 0x0, 0x1, [{0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}, {0xa, 0x4, @multicast}]}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x400c844}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r10 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) kernel console output (not intermixed with test programs): atadv_slave_1: link becomes ready [ 76.639949][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.674305][ T4187] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.695308][ T4187] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.725229][ T4187] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.754878][ T4187] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.355453][ T23] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 77.456095][ T4264] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.476934][ T4264] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.496499][ T1272] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.504547][ T1272] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.516483][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.573513][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.612214][ T1272] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.621093][ T23] usb 5-1: Using ep0 maxpacket: 8 [ 77.644712][ T1272] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.679162][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.746204][ T23] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 77.810542][ T23] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 77.830977][ T23] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 77.851547][ T23] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 77.947795][ T23] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 78.004049][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.365488][ T23] usb 5-1: GET_CAPABILITIES returned 0 [ 78.371392][ T23] usbtmc 5-1:16.0: can't read capabilities [ 78.673116][ T21] usb 5-1: USB disconnect, device number 2 [ 79.015375][ T13] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 79.415577][ T13] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 79.442956][ T13] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 79.470776][ T13] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 79.511325][ T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.575803][ T4341] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 79.825217][ T4230] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 80.215807][ T4230] usb 2-1: Using ep0 maxpacket: 16 [ 80.355419][ T4230] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 80.366933][ T4230] usb 2-1: config 0 has no interface number 0 [ 80.380842][ T4230] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 80.425653][ T4230] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 80.605499][ T4230] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 80.615362][ T4230] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 80.623597][ T4230] usb 2-1: Product: syz [ 80.628662][ T4230] usb 2-1: SerialNumber: syz [ 80.640422][ T4230] usb 2-1: config 0 descriptor?? [ 80.645691][ T4243] usb 4-1: USB disconnect, device number 2 [ 80.758087][ T4230] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 80.798701][ T4230] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input5 [ 81.012875][ T4230] usb 2-1: USB disconnect, device number 2 [ 81.019268][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 81.019531][ C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 81.064859][ T4230] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 81.123670][ T4386] tipc: Failed to remove unknown binding: 66,0,0/0:2169904003/2169904005 [ 81.123764][ T4386] tipc: Failed to remove unknown binding: 66,0,0/0:2169904003/2169904004 [ 81.252006][ T4386] tipc: Failed to remove unknown binding: 66,0,0/0:2169904003/2169904005 [ 81.252077][ T4386] tipc: Failed to remove unknown binding: 66,0,0/0:2169904003/2169904004 [ 81.587916][ T21] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 81.849153][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 81.860365][ T4410] netlink: 'syz.1.24': attribute type 39 has an invalid length. [ 81.986304][ T21] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 82.011907][ T21] usb 1-1: config 0 has no interface number 0 [ 82.027507][ T21] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 82.054749][ T21] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 82.071685][ T21] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 82.093687][ T21] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 82.113757][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.134044][ T21] usb 1-1: config 0 descriptor?? [ 82.182349][ T21] ldusb 1-1:0.55: Interrupt in endpoint not found [ 82.372806][ T26] audit: type=1326 audit(1777015314.831:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 82.395335][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.448088][ T4392] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19'. [ 82.469240][ T26] audit: type=1326 audit(1777015314.871:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 82.491953][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.547941][ T4392] syz.0.19 uses obsolete (PF_INET,SOCK_PACKET) [ 82.573031][ T26] audit: type=1326 audit(1777015314.901:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 82.585528][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 82.595793][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.615245][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 82.625193][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 82.635201][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 82.645190][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 82.706810][ T4430] syz.4.26 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 82.721913][ T4430] netlink: 84 bytes leftover after parsing attributes in process `syz.4.26'. [ 82.755493][ T26] audit: type=1326 audit(1777015314.901:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 82.777636][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.799255][ T26] audit: type=1326 audit(1777015314.901:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 82.838659][ T21] usb 1-1: USB disconnect, device number 2 [ 82.897293][ T26] audit: type=1326 audit(1777015314.901:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 82.965299][ T4234] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 82.995475][ T26] audit: type=1326 audit(1777015314.901:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 83.055051][ T26] audit: type=1326 audit(1777015314.901:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 83.055097][ T26] audit: type=1326 audit(1777015314.921:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 83.055510][ T26] audit: type=1326 audit(1777015314.921:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.25" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x7ffc0000 [ 83.405629][ T4234] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 83.595778][ T4234] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 83.605854][ T4234] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.620850][ T4234] usb 2-1: Product: syz [ 83.630080][ T4234] usb 2-1: Manufacturer: syz [ 83.648080][ T4234] usb 2-1: SerialNumber: syz [ 83.811674][ T4234] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 84.284247][ T4234] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 84.330513][ T4234] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0) [ 84.349344][ T4234] usb 2-1: media controller created [ 84.407813][ T4234] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 84.710445][ T4234] usb 2-1: USB disconnect, device number 3 [ 84.745406][ T13] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 84.780442][ T4449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.33'. [ 85.335835][ T13] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 85.353300][ T13] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.387817][ T13] usb 1-1: Product: syz [ 85.393230][ T13] usb 1-1: Manufacturer: syz [ 85.407812][ T13] usb 1-1: SerialNumber: syz [ 85.755480][ T13] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 85.801451][ T13] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 85.855312][ T13] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 85.874705][ T13] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 85.893955][ T13] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 85.904853][ T13] lan78xx: probe of 1-1:1.0 failed with error -71 [ 85.935753][ T13] usb 1-1: USB disconnect, device number 3 [ 85.942558][ T4462] tipc: Started in network mode [ 85.955631][ T4462] tipc: Node identity cedf55954398, cluster identity 4711 [ 85.975628][ T4462] tipc: Enabled bearer , priority 0 [ 85.993144][ T4462] device syzkaller0 entered promiscuous mode [ 86.070887][ T4462] tipc: Resetting bearer [ 86.102631][ T4461] tipc: Resetting bearer [ 86.148497][ T4461] tipc: Disabling bearer [ 86.831081][ T1325] cfg80211: failed to load regulatory.db [ 86.850084][ T4483] vivid-000: disconnect [ 86.929149][ T4479] vivid-000: reconnect [ 87.276216][ T4486] block device autoloading is deprecated and will be removed. [ 88.031152][ T4492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.46'. [ 88.349527][ T4494] kernel profiling enabled (shift: 63) [ 88.381227][ T4494] profiling shift: 63 too large [ 88.606770][ T4498] capability: warning: `syz.1.48' uses deprecated v2 capabilities in a way that may be insecure [ 88.744747][ T4498] binder: BINDER_SET_CONTEXT_MGR already set [ 88.843953][ T4498] binder: 4497:4498 ioctl 4018620d 200000000040 returned -16 [ 89.216514][ T13] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 89.224288][ T4232] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 89.481481][ T13] usb 4-1: Using ep0 maxpacket: 16 [ 89.487026][ T4232] usb 2-1: Using ep0 maxpacket: 32 [ 89.565374][ T4230] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 89.605972][ T13] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.625601][ T13] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 89.645416][ T4232] usb 2-1: unable to get BOS descriptor or descriptor too short [ 89.663584][ T13] usb 4-1: config 0 interface 0 has no altsetting 0 [ 89.670679][ T13] usb 4-1: New USB device found, idVendor=056a, idProduct=005b, bcdDevice= 0.00 [ 89.690202][ T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.714589][ T13] usb 4-1: config 0 descriptor?? [ 89.735487][ T4232] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.755295][ T4232] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 89.975439][ T4230] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 89.986664][ T4232] usb 2-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40 [ 90.026640][ T4232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.034782][ T4230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.047074][ T4232] usb 2-1: Product: syz [ 90.051339][ T4232] usb 2-1: Manufacturer: syz [ 90.065260][ T4232] usb 2-1: SerialNumber: syz [ 90.070204][ T4230] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.095224][ T4230] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 90.181239][ T4527] netlink: 24 bytes leftover after parsing attributes in process `syz.0.59'. [ 90.205034][ T26] kauditd_printk_skb: 54 callbacks suppressed [ 90.205050][ T26] audit: type=1326 audit(1777015322.661:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4524 comm="syz.0.59" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8d4417dd9 code=0x0 [ 90.238677][ T4230] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 90.251553][ T4230] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 90.260584][ T4230] usb 5-1: Manufacturer: syz [ 90.271211][ T4230] usb 5-1: config 0 descriptor?? [ 90.365495][ T13] usb 4-1: string descriptor 0 read error: -71 [ 90.475518][ T13] usbhid 4-1:0.0: can't add hid device: -71 [ 90.483015][ T13] usbhid: probe of 4-1:0.0 failed with error -71 [ 90.495447][ T4232] usb 2-1: MIDIStreaming interface descriptor not found [ 90.504482][ T13] usb 4-1: USB disconnect, device number 3 [ 90.561684][ T4232] usb 2-1: USB disconnect, device number 4 [ 90.768837][ T4230] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 90.779382][ T4230] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 90.801494][ T4230] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 90.846659][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 91.785701][ T4230] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 91.975176][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #208!!! [ 92.057379][ T4562] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 92.785422][ T4230] usb 4-1: Using ep0 maxpacket: 16 [ 92.917041][ T4230] usb 4-1: config 0 has no interfaces? [ 93.000005][ T4230] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 93.016054][ T4230] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 93.035329][ T4230] usb 4-1: Manufacturer: syz [ 93.044148][ T4230] usb 4-1: config 0 descriptor?? [ 93.278973][ T4573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.72'. [ 93.569751][ T23] usb 5-1: USB disconnect, device number 3 [ 93.693885][ T4232] usb 4-1: USB disconnect, device number 4 [ 93.864611][ T4592] netlink: 68 bytes leftover after parsing attributes in process `syz.0.78'. [ 94.045662][ T4594] Zero length message leads to an empty skb [ 94.525437][ T4232] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 94.775261][ T4232] usb 5-1: Using ep0 maxpacket: 8 [ 94.895608][ T4232] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 94.916736][ T4232] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 94.991164][ T4232] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 95.045941][ T4232] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 95.112306][ T4232] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 95.201665][ T4232] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 95.234447][ T4232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.555342][ T4232] usb 5-1: usb_control_msg returned -32 [ 95.561336][ T4232] usbtmc 5-1:16.0: can't read capabilities [ 95.764174][ T4232] usb 5-1: USB disconnect, device number 4 [ 96.335488][ T4232] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 96.585606][ T4232] usb 5-1: Using ep0 maxpacket: 32 [ 96.705515][ T4232] usb 5-1: config 0 has an invalid interface number: 4 but max is 0 [ 96.730231][ T4232] usb 5-1: config 0 has no interface number 0 [ 96.768739][ T4232] usb 5-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.835314][ T4232] usb 5-1: config 0 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 96.893243][ T4232] usb 5-1: New USB device found, idVendor=046d, idProduct=c537, bcdDevice= 0.00 [ 96.925060][ T4232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.976225][ T4232] usb 5-1: config 0 descriptor?? [ 97.115390][ T13] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 97.266985][ T4232] usbhid 5-1:0.4: can't add hid device: -71 [ 97.275473][ T4232] usbhid: probe of 5-1:0.4 failed with error -71 [ 97.314083][ T4232] usb 5-1: USB disconnect, device number 5 [ 97.385489][ T13] usb 4-1: Using ep0 maxpacket: 8 [ 97.545567][ T13] usb 4-1: unable to get BOS descriptor or descriptor too short [ 97.637895][ T13] usb 4-1: config 4 interface 0 has no altsetting 0 [ 98.685361][ T13] usb 4-1: string descriptor 0 read error: -22 [ 98.691655][ T13] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 98.764759][ T13] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 98.827896][ T13] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 98.853354][ T13] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 98.961028][ T13] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 98.993729][ T13] usb 4-1: media controller created [ 99.036888][ T4611] usb 4-1: dvb_usb_au6610: wlen=33, aborting [ 99.070911][ T13] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 99.446295][ T13] usb 4-1: USB disconnect, device number 5 [ 99.535206][ T4232] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 99.895466][ T4232] usb 1-1: config 0 has an invalid interface number: 39 but max is 0 [ 99.922720][ T4232] usb 1-1: config 0 has no interface number 0 [ 99.961832][ T4232] usb 1-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 100.175504][ T4232] usb 1-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 100.207447][ T4232] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.240658][ T4232] usb 1-1: Product: syz [ 100.257657][ T4232] usb 1-1: Manufacturer: syz [ 100.291647][ T4232] usb 1-1: SerialNumber: syz [ 100.344095][ T4232] usb 1-1: config 0 descriptor?? [ 100.478551][ T4642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.93'. [ 102.232283][ T4667] netlink: 'syz.3.99': attribute type 4 has an invalid length. [ 102.366997][ T4230] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 102.397586][ T4669] xt_hashlimit: size too large, truncated to 1048576 [ 102.521459][ T4672] netlink: 20 bytes leftover after parsing attributes in process `syz.4.101'. [ 102.680334][ T4674] netlink: 4 bytes leftover after parsing attributes in process `syz.4.102'. [ 102.743267][ T4232] usb 1-1: USB disconnect, device number 4 [ 102.749695][ T4230] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 102.775719][ T4230] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 102.800812][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 102.985571][ T4230] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 103.003257][ T4230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.036346][ T4230] usb 2-1: Product: syz [ 103.055929][ T4230] usb 2-1: Manufacturer: syz [ 103.082664][ T4230] usb 2-1: SerialNumber: syz [ 103.115703][ T4230] usb 2-1: config 0 descriptor?? [ 103.161413][ T4665] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 103.181795][ T4665] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 103.182683][ T4686] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 103.486234][ T4230] dm9601: probe of 2-1:0.0 failed with error -71 [ 103.515424][ T4230] usb 2-1: USB disconnect, device number 5 [ 105.376023][ T4718] netlink: 4 bytes leftover after parsing attributes in process `syz.4.114'. [ 105.725491][ T4234] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 106.105978][ T4234] usb 2-1: config 0 has an invalid interface number: 39 but max is 0 [ 106.137217][ T4234] usb 2-1: config 0 has no interface number 0 [ 106.175941][ T4234] usb 2-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 106.378367][ T4230] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 106.388114][ T4234] usb 2-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 106.422696][ T4234] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.480746][ T4234] usb 2-1: Product: syz [ 106.507311][ T4234] usb 2-1: Manufacturer: syz [ 106.536567][ T4234] usb 2-1: SerialNumber: syz [ 106.577399][ T4234] usb 2-1: config 0 descriptor?? [ 106.805580][ T4230] usb 5-1: unable to get BOS descriptor or descriptor too short [ 106.856266][ T4230] usb 5-1: not running at top speed; connect to a high speed hub [ 107.195538][ T4230] usb 5-1: string descriptor 0 read error: -22 [ 107.207930][ T4230] usb 5-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 107.264253][ T4230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.388922][ T4230] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 107.595420][ T4230] usb 5-1: unit 1 not found! [ 107.600295][ T4230] usb 5-1: unit 237 not found! [ 107.624042][ T4734] netlink: 4 bytes leftover after parsing attributes in process `syz.3.117'. [ 107.767567][ T4230] usb 5-1: USB disconnect, device number 6 [ 108.358368][ T4234] usb 2-1: USB disconnect, device number 6 [ 108.528835][ T4741] tipc: Started in network mode [ 108.535282][ T4741] tipc: Node identity 52ae7292e6cc, cluster identity 4711 [ 108.553002][ T4741] tipc: Enabled bearer , priority 0 [ 108.583584][ T4741] device syzkaller0 entered promiscuous mode [ 108.596058][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 108.664504][ T4741] tipc: Resetting bearer [ 108.696551][ T4740] tipc: Resetting bearer [ 108.752524][ T4740] tipc: Disabling bearer [ 108.777814][ T4749] device syzkaller0 entered promiscuous mode [ 108.800458][ T4749] tipc: Enabled bearer , priority 0 [ 108.838395][ T4748] tipc: Resetting bearer [ 108.918742][ T4748] tipc: Disabling bearer [ 108.960299][ T4751] tipc: Enabled bearer , priority 0 [ 108.981264][ T4751] device syzkaller0 entered promiscuous mode [ 108.986483][ T4234] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 109.023006][ T4751] tipc: Resetting bearer [ 109.056183][ T4754] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 109.075939][ T4750] tipc: Resetting bearer [ 109.118685][ T4750] tipc: Disabling bearer [ 109.360989][ T4757] tipc: Enabling of bearer rejected, failed to enable media [ 109.369968][ T4234] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 109.383109][ T4234] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 109.435097][ T4234] usb 1-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 109.535467][ T4234] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 109.542973][ T4234] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 109.582699][ T4234] usb 1-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 109.675417][ T4234] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 109.684761][ T4234] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 109.699423][ T4234] usb 1-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 109.945644][ T4234] usb 1-1: string descriptor 0 read error: -22 [ 109.954754][ T4234] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 109.972687][ T4234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.016528][ T4234] adutux 1-1:168.0: interrupt endpoints not found [ 110.115315][ T4229] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 110.270156][ T4746] netlink: 5 bytes leftover after parsing attributes in process `syz.0.121'. [ 110.341282][ T23] usb 1-1: USB disconnect, device number 5 [ 110.525538][ T4229] usb 2-1: config 0 has an invalid interface number: 39 but max is 0 [ 110.545066][ T4229] usb 2-1: config 0 has no interface number 0 [ 110.567307][ T4229] usb 2-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 110.805666][ T4229] usb 2-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 110.829686][ T4229] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.850696][ T4229] usb 2-1: Product: syz [ 110.879157][ T4229] usb 2-1: Manufacturer: syz [ 110.910634][ T4229] usb 2-1: SerialNumber: syz [ 111.217618][ T4229] usb 2-1: config 0 descriptor?? [ 111.834020][ T4797] tipc: Enabled bearer , priority 0 [ 111.868688][ T4797] device syzkaller0 entered promiscuous mode [ 111.921306][ T4797] tipc: Resetting bearer [ 111.944910][ T4796] tipc: Resetting bearer [ 111.978272][ T4796] tipc: Disabling bearer [ 112.386873][ T4229] usb 2-1: USB disconnect, device number 7 [ 112.413203][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 113.275360][ T13] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 113.620633][ T4812] netlink: 56 bytes leftover after parsing attributes in process `syz.4.138'. [ 114.434241][ T4814] usb usb7: usbfs: process 4814 (syz.4.139) did not claim interface 0 before use [ 114.526893][ T13] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.745925][ T13] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 114.783586][ T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.863604][ T13] usb 4-1: Product: syz [ 114.904189][ T13] usb 4-1: Manufacturer: syz [ 114.954848][ T13] usb 4-1: SerialNumber: syz [ 115.008344][ T13] usb 4-1: config 0 descriptor?? [ 115.078737][ T13] usb 4-1: bad CDC descriptors [ 115.104118][ T13] usb 4-1: unsupported MDLM descriptors [ 115.147434][ T4808] netlink: 12 bytes leftover after parsing attributes in process `syz.1.137'. [ 115.319646][ T4805] udc-core: couldn't find an available UDC or it's busy [ 115.339661][ T4805] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 115.473076][ T4813] ALSA: mixer_oss: invalid OSS volume 'w' [ 115.479708][ T4813] ALSA: mixer_oss: invalid OSS volume 'V$~w āĒ0?2' [ 115.491280][ T4813] ALSA: mixer_oss: invalid OSS volume ', priority 0 [ 125.314647][ T4935] device syzkaller0 entered promiscuous mode [ 125.334741][ T4935] tipc: Resetting bearer [ 125.353429][ T4932] tipc: Resetting bearer [ 125.376143][ T4932] tipc: Disabling bearer [ 125.605759][ T4943] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 125.776807][ T4946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.182'. [ 125.822461][ T4946] device ip6gretap0 entered promiscuous mode [ 125.840452][ T4946] device macvtap1 entered promiscuous mode [ 126.157647][ T4957] tipc: Enabled bearer , priority 0 [ 126.178276][ T4957] device syzkaller0 entered promiscuous mode [ 126.254751][ T4962] afs: Unknown parameter 'dy' [ 126.406877][ T4956] tipc: Resetting bearer [ 126.453398][ T4956] tipc: Disabling bearer [ 126.749878][ T4973] netlink: 4 bytes leftover after parsing attributes in process `syz.3.192'. [ 127.003200][ T4980] capability: warning: `syz.3.194' uses 32-bit capabilities (legacy support in use) [ 127.978631][ T4739] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.168163][ T4739] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.292354][ T4739] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.355230][ T5007] tipc: Enabling of bearer rejected, failed to enable media [ 128.407633][ T4739] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.643434][ T4992] chnl_net:caif_netlink_parms(): no params data found [ 129.368815][ T5029] netlink: 20 bytes leftover after parsing attributes in process `syz.3.203'. [ 129.378515][ T5029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.203'. [ 129.656337][ T5035] netlink: 8 bytes leftover after parsing attributes in process `syz.0.206'. [ 129.714988][ T5033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.206'. [ 129.775746][ T5033] device bond_slave_0 entered promiscuous mode [ 129.782514][ T5033] device bond_slave_1 entered promiscuous mode [ 129.798519][ T4910] Bluetooth: hci4: command 0x0409 tx timeout [ 129.841373][ T5033] device macvtap1 entered promiscuous mode [ 129.885254][ T5033] device bond0 entered promiscuous mode [ 129.908450][ T5033] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 129.930835][ T4992] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.943569][ T4992] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.963184][ T4992] device bridge_slave_0 entered promiscuous mode [ 129.978535][ T5038] netlink: 4 bytes leftover after parsing attributes in process `syz.3.207'. [ 130.032324][ T4992] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.044778][ T4992] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.062961][ T4992] device bridge_slave_1 entered promiscuous mode [ 130.204740][ T4992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.238574][ T4992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.304087][ T4992] team0: Port device team_slave_0 added [ 130.370554][ T4992] team0: Port device team_slave_1 added [ 130.413461][ T4992] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.420578][ T4992] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.446698][ T4992] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.465572][ T4992] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.472595][ T4992] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.498845][ T4992] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.591960][ T4992] device hsr_slave_0 entered promiscuous mode [ 130.620704][ T4992] device hsr_slave_1 entered promiscuous mode [ 130.649729][ T4992] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 130.670227][ T4992] Cannot create hsr debugfs directory [ 130.889444][ T5063] ax25_connect(): syz.4.212 uses autobind, please contact jreuter@yaina.de [ 130.935910][ T5063] ax25_connect(): syz.4.212 uses autobind, please contact jreuter@yaina.de [ 131.414963][ T5076] netlink: 'syz.4.215': attribute type 10 has an invalid length. [ 131.488500][ T5076] team0: Port device dummy0 added [ 131.517071][ T5077] netlink: 'syz.4.215': attribute type 10 has an invalid length. [ 131.618444][ T5077] team0: Port device dummy0 removed [ 131.653174][ T5077] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 131.732128][ T5077] syz.4.215 (5077) used greatest stack depth: 20432 bytes left [ 131.875099][ T4739] device hsr_slave_0 left promiscuous mode [ 131.875356][ T4231] Bluetooth: hci4: command 0x041b tx timeout [ 131.958079][ T4739] device hsr_slave_1 left promiscuous mode [ 131.990471][ T4739] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.019355][ T4739] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 132.055250][ T4243] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 132.072074][ T4739] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.109749][ T4739] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 132.144189][ T4739] device bridge_slave_1 left promiscuous mode [ 132.177773][ T4739] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.321503][ T4739] device bridge_slave_0 left promiscuous mode [ 132.341808][ T4739] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.415417][ T4243] usb 1-1: config 0 has an invalid interface number: 39 but max is 0 [ 132.433844][ T4243] usb 1-1: config 0 has no interface number 0 [ 132.464360][ T4243] usb 1-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 132.506158][ T4739] device veth1_macvtap left promiscuous mode [ 132.513703][ T4739] device veth0_macvtap left promiscuous mode [ 132.549957][ T4739] device veth1_vlan left promiscuous mode [ 132.579726][ T4739] device veth0_vlan left promiscuous mode [ 132.658125][ T4243] usb 1-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 132.682657][ T4243] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.736149][ T4243] usb 1-1: Product: syz [ 132.756790][ T4243] usb 1-1: Manufacturer: syz [ 132.779385][ T4243] usb 1-1: SerialNumber: syz [ 132.817280][ T4243] usb 1-1: config 0 descriptor?? [ 132.908306][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.916237][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.550719][ T4739] team0 (unregistering): Port device team_slave_1 removed [ 133.652355][ T4739] team0 (unregistering): Port device team_slave_0 removed [ 133.797422][ T4739] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 133.883541][ T4739] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 133.955408][ T4231] Bluetooth: hci4: command 0x040f tx timeout [ 134.216565][ T4739] bond0 (unregistering): Released all slaves [ 134.437140][ T5104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.220'. [ 134.464294][ T5105] netlink: 8 bytes leftover after parsing attributes in process `syz.4.220'. [ 134.809420][ T4243] usb 1-1: USB disconnect, device number 7 [ 135.018176][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 135.590922][ T4231] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 135.663434][ T5128] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 135.696772][ T5128] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 135.707095][ T4992] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 135.756754][ T4992] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 135.801196][ T4992] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 135.894289][ T4992] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 136.015298][ T4231] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 136.317585][ T5152] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 136.905184][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 136.925164][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 136.935161][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 136.945155][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 137.017177][ T4231] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.172026][ T4231] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 137.223564][ T4231] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.266465][ T4192] Bluetooth: hci4: command 0x0419 tx timeout [ 137.303286][ T4992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.368925][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.419289][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.427291][ T4231] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 137.459657][ T4231] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 137.494745][ T4992] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.505344][ T4231] usb 1-1: Product: syz [ 137.514915][ T4231] usb 1-1: Manufacturer: syz [ 137.534523][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.596802][ T4231] cdc_wdm 1-1:1.0: skipping garbage [ 137.632987][ T4231] cdc_wdm 1-1:1.0: skipping garbage [ 137.639673][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 137.699382][ T4231] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 137.707388][ T4211] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.714477][ T4211] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.748928][ T4231] cdc_wdm 1-1:1.0: Unknown control protocol [ 137.808935][ T4231] usb 1-1: USB disconnect, device number 8 [ 137.815450][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 137.822716][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 137.828811][ C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 137.849798][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 137.934611][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 138.004235][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 138.026263][ T4192] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 138.065920][ T4211] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.073279][ T4211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.116351][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 138.170870][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 138.230933][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 138.252362][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.286613][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 138.323477][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 138.364276][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 138.414228][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 138.441036][ T4192] usb 2-1: config 0 has an invalid interface number: 39 but max is 0 [ 138.476344][ T4192] usb 2-1: config 0 has no interface number 0 [ 138.501163][ T4992] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 138.517037][ T4192] usb 2-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 138.546693][ T4992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 138.578546][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 138.603580][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 138.640581][ T4211] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 138.725561][ T4192] usb 2-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 138.773667][ T4192] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.806284][ T4192] usb 2-1: Product: syz [ 138.822873][ T4192] usb 2-1: Manufacturer: syz [ 138.848935][ T4192] usb 2-1: SerialNumber: syz [ 138.880136][ T4192] usb 2-1: config 0 descriptor?? [ 139.134190][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 139.202370][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 139.263593][ T4992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.388516][ T5200] tipc: Enabling of bearer rejected, failed to enable media [ 139.560916][ T5208] device syzkaller0 entered promiscuous mode [ 139.834991][ T5215] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 140.615853][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 140.625760][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 140.750152][ T5216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 140.775958][ T5216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 140.858635][ T4992] device veth0_vlan entered promiscuous mode [ 140.898369][ T5224] tipc: Enabled bearer , priority 0 [ 140.923427][ T5216] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 140.964826][ T5216] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 140.972699][ T4192] usb 2-1: USB disconnect, device number 8 [ 141.007087][ T5220] device syzkaller0 entered promiscuous mode [ 141.026208][ T5222] tipc: Resetting bearer [ 141.079530][ T5231] netlink: 24 bytes leftover after parsing attributes in process `syz.0.246'. [ 141.095680][ T5217] tipc: Resetting bearer [ 141.126667][ T5217] tipc: Disabling bearer [ 141.169476][ T4992] device veth1_vlan entered promiscuous mode [ 141.194809][ T26] kauditd_printk_skb: 65 callbacks suppressed [ 141.194825][ T26] audit: type=1326 audit(1777015373.651:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5229 comm="syz.0.246" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8d4417dd9 code=0x0 [ 141.237857][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 141.572878][ T1108] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 141.602033][ T1108] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 141.935247][ T4192] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 141.945190][ T5234] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.953650][ T5234] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.355387][ T4192] usb 1-1: config 0 has no interfaces? [ 142.418834][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 142.435291][ T4192] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 142.444484][ T4192] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 142.456847][ T4192] usb 1-1: SerialNumber: syz [ 142.467869][ T5234] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 142.476125][ T4192] usb 1-1: config 0 descriptor?? [ 142.894997][ T5234] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.904762][ T5234] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.914864][ T5234] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.925058][ T5234] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.995917][ T5216] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 143.011048][ T5216] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 143.106755][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 143.120842][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 143.137762][ T4992] device veth0_macvtap entered promiscuous mode [ 143.224941][ T4992] device veth1_macvtap entered promiscuous mode [ 143.274015][ T5272] : renamed from bridge_slave_1 [ 143.291558][ T5275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.249'. [ 143.362424][ T4992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.404491][ T4992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.420369][ T4992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.431341][ T4992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.447024][ T4992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.462115][ T4992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.493697][ T4992] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.527255][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 143.550326][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 143.588810][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 143.613281][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 143.635860][ T4992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.667011][ T4992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.727263][ T4992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.760843][ T4992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.796880][ T4992] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.829260][ T4992] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.867771][ T4992] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.907587][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 143.929878][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 144.003443][ T4992] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.031165][ T4992] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.044284][ T4992] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.054733][ T4992] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.256620][ T4231] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 144.411797][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.448802][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.484344][ T1108] usb 1-1: USB disconnect, device number 9 [ 144.514022][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 144.562958][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.622025][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.654244][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 144.685897][ T4231] usb 4-1: config 0 has an invalid interface number: 39 but max is 0 [ 144.694031][ T4231] usb 4-1: config 0 has no interface number 0 [ 144.729751][ T4231] usb 4-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 144.905834][ T4231] usb 4-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 144.946591][ T4231] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.005489][ T4231] usb 4-1: Product: syz [ 145.010207][ T4231] usb 4-1: Manufacturer: syz [ 145.015043][ T4231] usb 4-1: SerialNumber: syz [ 145.030359][ T4231] usb 4-1: config 0 descriptor?? [ 145.205247][ T5255] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 145.249426][ T5309] tipc: Enabling of bearer rejected, failed to enable media [ 145.259463][ T5312] binder: BINDER_SET_CONTEXT_MGR already set [ 145.267841][ T5312] binder: 5310:5312 ioctl 4018620d 200000000040 returned -16 [ 145.302392][ T5312] binder: 5310:5312 ioctl c0306201 200000000240 returned -11 [ 145.455313][ T5255] usb 3-1: Using ep0 maxpacket: 8 [ 145.665388][ T5255] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 145.850032][ T4231] usb 4-1: USB disconnect, device number 8 [ 145.896629][ T5255] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 145.955497][ T5255] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.993323][ T5255] usb 3-1: Product: syz [ 146.014128][ T5255] usb 3-1: Manufacturer: syz [ 146.055722][ T5255] usb 3-1: SerialNumber: syz [ 146.091896][ T5255] usb 3-1: config 0 descriptor?? [ 146.134587][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 146.157417][ T5255] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 146.186113][ T5255] usb 3-1: setting power ON [ 146.191343][ T5255] dvb-usb: bulk message failed: -22 (2/0) [ 146.250409][ T5255] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 146.305566][ T5255] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 146.324376][ T5255] usb 3-1: media controller created [ 146.364828][ T5303] dvb-usb: bulk message failed: -22 (3/0) [ 146.388980][ T5303] cxusb: i2c rd: len=147 is too big! [ 146.388980][ T5303] [ 146.432595][ T5335] cxusb: i2c wr: len=79 is too big! [ 146.432595][ T5335] [ 146.477837][ T5255] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 146.612558][ T5255] usb 3-1: selecting invalid altsetting 6 [ 146.660921][ T5255] usb 3-1: digital interface selection failed (-22) [ 146.712209][ T5255] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 146.795771][ T5255] usb 3-1: setting power OFF [ 146.805500][ T5255] dvb-usb: bulk message failed: -22 (2/0) [ 146.811628][ T5255] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 146.936555][ T5255] (NULL device *): no alternate interface [ 147.057578][ T5255] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 147.141455][ T5255] usb 3-1: USB disconnect, device number 2 [ 147.333154][ T5351] tipc: Started in network mode [ 147.338168][ T5351] tipc: Node identity 8636b24232c, cluster identity 4711 [ 147.474831][ T5351] tipc: Enabled bearer , priority 0 [ 147.575459][ T13] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 147.726335][ T5349] tipc: Disabling bearer [ 147.905424][ T13] usb 4-1: Using ep0 maxpacket: 16 [ 148.035620][ T13] usb 4-1: config 0 has no interfaces? [ 148.135664][ T13] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 148.165722][ T13] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 148.205305][ T13] usb 4-1: Manufacturer: syz [ 148.230204][ T5364] device syzkaller0 entered promiscuous mode [ 148.230949][ T13] usb 4-1: config 0 descriptor?? [ 148.242933][ T5365] fuse: Unknown parameter '00000000000000000000' [ 148.281815][ T5364] tipc: Enabled bearer , priority 0 [ 148.494478][ T5361] tipc: Resetting bearer [ 148.505559][ T13] Bluetooth: hci4: command 0x0405 tx timeout [ 148.602497][ T5361] tipc: Disabling bearer [ 148.636149][ T5369] device bridge1 entered promiscuous mode [ 149.263709][ T5387] afs: Unknown parameter 'dy' [ 149.866514][ T5399] device syzkaller1 entered promiscuous mode [ 149.949328][ T5346] Set syz1 is full, maxelem 6117 reached [ 150.024449][ T5398] device syzkaller0 entered promiscuous mode [ 150.145906][ T4173] usb 4-1: USB disconnect, device number 9 [ 150.403434][ T4231] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 151.297488][ T5419] netlink: 24 bytes leftover after parsing attributes in process `syz.2.292'. [ 151.395484][ T4231] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 151.423544][ T4231] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 151.445800][ T5421] netlink: 4 bytes leftover after parsing attributes in process `syz.3.293'. [ 151.497830][ T5421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.293'. [ 151.559949][ T5421] device ip6gretap0 left promiscuous mode [ 151.595434][ T4231] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 151.615633][ T4231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 151.623725][ T4231] usb 1-1: SerialNumber: syz [ 151.726618][ T4231] cdc_mbim 1-1:1.0: MBIM functional descriptor missing [ 151.740554][ T4231] cdc_mbim 1-1:1.0: bind() failure [ 151.819990][ T5441] MD5 Hash mismatch for [fe88::104]:20004->[fe80::aa]:20004 L3 index 0 [ 151.835999][ T5434] device syzkaller0 entered promiscuous mode [ 151.995205][ T5255] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 152.121277][ T5447] fuse: Unknown parameter 'user00000000000000000000' [ 152.853169][ T4231] usb 1-1: USB disconnect, device number 10 [ 152.975230][ T5255] usb 2-1: Using ep0 maxpacket: 16 [ 153.155350][ T5255] usb 2-1: config 0 has no interfaces? [ 153.243433][ T5455] device syzkaller0 entered promiscuous mode [ 153.250079][ T5255] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 153.260392][ T5255] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 153.295251][ T5255] usb 2-1: Manufacturer: syz [ 153.329605][ T5255] usb 2-1: config 0 descriptor?? [ 153.610327][ T5462] device syzkaller0 entered promiscuous mode [ 153.632606][ T5466] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) ! [ 153.660883][ T5462] tipc: Started in network mode [ 153.682200][ T5462] tipc: Node identity 7a82a8bb4a33, cluster identity 4711 [ 153.702682][ T5462] tipc: Enabled bearer , priority 0 [ 153.710751][ T5466] device syzkaller0 entered promiscuous mode [ 153.720468][ T5460] tipc: Resetting bearer [ 153.751955][ T5460] tipc: Disabling bearer [ 153.954062][ T5471] netlink: 4 bytes leftover after parsing attributes in process `syz.0.311'. [ 153.975300][ T4231] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 154.014246][ T5471] device bridge0 entered promiscuous mode [ 154.028781][ T5471] device macvtap2 entered promiscuous mode [ 154.036634][ T5475] netlink: 6 bytes leftover after parsing attributes in process `syz.2.313'. [ 154.047957][ T5476] netlink: 8 bytes leftover after parsing attributes in process `syz.0.311'. [ 154.069502][ T5435] Set syz1 is full, maxelem 6117 reached [ 154.078585][ T5476] device bridge0 left promiscuous mode [ 154.204146][ T13] usb 2-1: USB disconnect, device number 9 [ 154.375607][ T4231] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 154.388326][ T4231] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 154.419650][ T4231] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 154.525412][ T4231] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 154.536564][ T4231] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 154.566761][ T4231] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 154.685566][ T4231] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 154.703415][ T4231] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 154.754280][ T5495] device syzkaller0 entered promiscuous mode [ 154.770801][ T4231] usb 5-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 154.802595][ T5495] tipc: Enabled bearer , priority 0 [ 154.845504][ T5493] tipc: Resetting bearer [ 155.048020][ T5493] tipc: Disabling bearer [ 155.055513][ T4231] usb 5-1: string descriptor 0 read error: -22 [ 155.063067][ T4231] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 155.108895][ T4231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.137472][ T5499] netlink: 4 bytes leftover after parsing attributes in process `syz.0.324'. [ 155.168470][ T4231] adutux 5-1:168.0: interrupt endpoints not found [ 155.392330][ T5464] netlink: 5 bytes leftover after parsing attributes in process `syz.4.308'. [ 155.414091][ T4229] usb 5-1: USB disconnect, device number 8 [ 155.514173][ T5515] device syzkaller0 entered promiscuous mode [ 156.224242][ T26] audit: type=1326 audit(1777015388.681:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5535 comm="syz.0.336" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8d4417dd9 code=0x0 [ 156.303244][ T5549] tipc: Enabled bearer , priority 0 [ 156.360051][ T5551] device syzkaller0 entered promiscuous mode [ 156.381719][ T5550] tipc: Started in network mode [ 156.386962][ T5550] tipc: Node identity da7f9ab3443c, cluster identity 4711 [ 156.402246][ T5550] tipc: Enabled bearer , priority 0 [ 156.418384][ T5550] device syzkaller0 entered promiscuous mode [ 156.436391][ T5549] tipc: Resetting bearer [ 156.455487][ T5547] tipc: Resetting bearer [ 156.484097][ T5547] tipc: Disabling bearer [ 156.506904][ T5550] tipc: Resetting bearer [ 156.527047][ T5548] tipc: Resetting bearer [ 156.551436][ T5548] tipc: Disabling bearer [ 156.903289][ T5563] netlink: 64 bytes leftover after parsing attributes in process `syz.1.343'. [ 156.958244][ T5563] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 157.012635][ T5570] Illegal XDP return value 51, expect packet loss! [ 157.657310][ T5588] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 158.051425][ T26] audit: type=1326 audit(1777015390.501:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5579 comm="syz.3.350" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fabb021bdd9 code=0x0 [ 158.414362][ T5592] tipc: Enabled bearer , priority 0 [ 158.427761][ T5592] device syzkaller0 entered promiscuous mode [ 158.448023][ T5592] tipc: Resetting bearer [ 158.483045][ T5590] tipc: Resetting bearer [ 158.514221][ T5590] tipc: Disabling bearer [ 158.661633][ T5601] binder: BINDER_SET_CONTEXT_MGR already set [ 158.679313][ T5601] binder: 5599:5601 ioctl 4018620d 200000000040 returned -16 [ 158.897786][ T5606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.359'. [ 158.941175][ T5606] device ip6gretap0 entered promiscuous mode [ 159.005070][ T5611] netlink: 4 bytes leftover after parsing attributes in process `syz.2.360'. [ 159.662999][ T26] audit: type=1326 audit(1777015392.121:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5626 comm="syz.2.365" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2132ea2dd9 code=0x0 [ 159.842330][ T5637] tipc: Enabled bearer , priority 0 [ 159.879857][ T5637] device syzkaller0 entered promiscuous mode [ 159.915018][ T5637] tipc: Resetting bearer [ 159.949143][ T5636] tipc: Resetting bearer [ 159.973220][ T5636] tipc: Disabling bearer [ 159.983757][ T5640] fuse: Unknown parameter 'user_id00000000000000000000' [ 160.143554][ T5649] device syzkaller0 entered promiscuous mode [ 161.953355][ T5675] device syzkaller0 entered promiscuous mode [ 161.994110][ T5678] tipc: Enabled bearer , priority 0 [ 162.056346][ T5681] device syzkaller0 entered promiscuous mode [ 162.076885][ T5675] tipc: Enabled bearer , priority 0 [ 162.104349][ T5678] tipc: Resetting bearer [ 162.143878][ T5683] netlink: 4 bytes leftover after parsing attributes in process `syz.3.386'. [ 162.184075][ T5673] tipc: Resetting bearer [ 162.256516][ T5673] tipc: Disabling bearer [ 162.289091][ T5674] tipc: Resetting bearer [ 162.334624][ T5674] tipc: Disabling bearer [ 162.521802][ T26] audit: type=1326 audit(1777015394.981:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5687 comm="syz.2.388" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2132ea2dd9 code=0x0 [ 163.770395][ T5722] device syzkaller0 entered promiscuous mode [ 163.809218][ T5722] tipc: Enabled bearer , priority 0 [ 163.829898][ T5721] tipc: Resetting bearer [ 163.875805][ T5721] tipc: Disabling bearer [ 165.533300][ T5755] device syzkaller0 entered promiscuous mode [ 165.598020][ T5755] tipc: Enabled bearer , priority 0 [ 165.607468][ T5753] tipc: Resetting bearer [ 165.657277][ T5753] tipc: Disabling bearer [ 165.675893][ T5759] tipc: Enabled bearer , priority 0 [ 165.691222][ T5761] device syzkaller0 entered promiscuous mode [ 165.715711][ T5758] tipc: Resetting bearer [ 165.743933][ T5758] tipc: Disabling bearer [ 165.876655][ T5764] device syzkaller0 entered promiscuous mode [ 166.912132][ T5792] tipc: Enabled bearer , priority 0 [ 166.964467][ T5795] device syzkaller0 entered promiscuous mode [ 167.067041][ T5791] tipc: Resetting bearer [ 167.169197][ T5791] tipc: Disabling bearer [ 167.689110][ T5802] tipc: Enabled bearer , priority 0 [ 167.714626][ T5802] device syzkaller0 entered promiscuous mode [ 167.769831][ T5801] tipc: Resetting bearer [ 167.853601][ T5801] tipc: Disabling bearer [ 168.102991][ T5812] device syzkaller0 entered promiscuous mode [ 168.175291][ T5813] tipc: Cannot configure node identity twice [ 168.768433][ T5833] fuse: Unknown parameter '0x0000000000000009' [ 168.870949][ T5837] netlink: 4 bytes leftover after parsing attributes in process `syz.3.437'. [ 168.892012][ T5837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.437'. [ 168.973331][ T5837] device ip6gretap0 left promiscuous mode [ 169.012683][ T5840] device syzkaller0 entered promiscuous mode [ 169.052748][ T5840] tipc: Enabled bearer , priority 0 [ 169.092669][ T5838] tipc: Resetting bearer [ 169.102571][ T5844] vcan0: tx drop: invalid sa for name 0xfffffffffffffffd [ 169.167791][ T5838] tipc: Disabling bearer [ 169.198500][ T5842] tipc: Enabled bearer , priority 0 [ 169.232698][ T5845] device syzkaller0 entered promiscuous mode [ 169.282393][ T5841] tipc: Resetting bearer [ 169.366083][ T5841] tipc: Disabling bearer [ 169.402239][ T5855] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 169.544697][ T5863] netlink: 'syz.1.444': attribute type 10 has an invalid length. [ 169.775976][ T5863] team0: Port device dummy0 added [ 169.802415][ T5865] netlink: 'syz.1.444': attribute type 10 has an invalid length. [ 169.892796][ T5865] team0: Port device dummy0 removed [ 169.933937][ T5865] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 170.230256][ T5872] netlink: 68 bytes leftover after parsing attributes in process `syz.4.447'. [ 170.371156][ T5879] tipc: Enabled bearer , priority 0 [ 170.382556][ T5879] tipc: Resetting bearer [ 170.397890][ T5878] tipc: Disabling bearer [ 170.420276][ T5882] fuse: Unknown parameter '0x0000000000000009' [ 170.551089][ T5881] netlink: 76 bytes leftover after parsing attributes in process `syz.1.450'. [ 170.606447][ T5883] device syzkaller0 entered promiscuous mode [ 170.809611][ T5891] tipc: Enabled bearer , priority 0 [ 170.894444][ T5896] device syzkaller0 entered promiscuous mode [ 170.922975][ T5890] tipc: Resetting bearer [ 171.028013][ T5890] tipc: Disabling bearer [ 171.213910][ T5905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.459'. [ 171.321331][ T5905] device macvtap1 entered promiscuous mode [ 171.346612][ T5905] device bridge0 entered promiscuous mode [ 171.379013][ T5910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.459'. [ 171.401932][ T5910] device bridge0 left promiscuous mode [ 171.449434][ T5915] fuse: Unknown parameter '0x0000000000000009' [ 171.620306][ T5921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.465'. [ 171.653927][ T5921] device bridge0 entered promiscuous mode [ 171.880937][ T5931] tipc: Enabled bearer , priority 0 [ 171.901649][ T5931] device syzkaller0 entered promiscuous mode [ 171.938357][ T5930] tipc: Resetting bearer [ 171.987488][ T5930] tipc: Disabling bearer [ 172.094140][ T5937] device syzkaller0 entered promiscuous mode [ 172.304111][ T5940] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 173.214681][ T5946] fuse: Unknown parameter '0x0000000000000009' [ 173.384722][ T5956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.477'. [ 173.471222][ T5956] device bridge0 entered promiscuous mode [ 173.504076][ T5956] device macvtap1 entered promiscuous mode [ 173.531411][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.477'. [ 173.575387][ T5958] device bridge0 left promiscuous mode [ 173.631987][ T5963] 8021q: VLANs not supported on vcan0 [ 173.638821][ T5964] tipc: Enabled bearer , priority 0 [ 173.655866][ T5962] tipc: Resetting bearer [ 173.695518][ T5961] tipc: Disabling bearer [ 173.829188][ T5963] device syzkaller0 entered promiscuous mode [ 174.063068][ T5981] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 174.143238][ T5982] device syzkaller0 entered promiscuous mode [ 174.199967][ T5981] tipc: Enabled bearer , priority 0 [ 174.219407][ T5980] tipc: Resetting bearer [ 174.279650][ T5980] tipc: Disabling bearer [ 174.326653][ T5986] device syzkaller0 entered promiscuous mode [ 174.577641][ T5994] tipc: Enabled bearer , priority 0 [ 174.618784][ T5993] tipc: Resetting bearer [ 174.672354][ T5992] tipc: Disabling bearer [ 175.125461][ T6000] fuse: Unknown parameter '0x0000000000000009' [ 175.858139][ T6031] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 176.798271][ T6040] fuse: Unknown parameter '0x0000000000000009' [ 176.851733][ T6049] tipc: Enabled bearer , priority 0 [ 176.876808][ T6049] tipc: Resetting bearer [ 176.933308][ T6046] tipc: Disabling bearer [ 177.022489][ T6055] device syzkaller0 entered promiscuous mode [ 177.199171][ T6064] netlink: 60 bytes leftover after parsing attributes in process `syz.0.511'. [ 177.242197][ T6064] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 177.260315][ T6064] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 177.536245][ T6075] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 178.333575][ T6077] device syzkaller0 entered promiscuous mode [ 178.543476][ T6086] fuse: Unknown parameter 'fd0x0000000000000009' [ 179.006926][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.527'. [ 179.027919][ T6105] device syzkaller0 entered promiscuous mode [ 179.380235][ T6126] device syzkaller0 entered promiscuous mode [ 179.612203][ T6134] fuse: Unknown parameter 'fd0x0000000000000009' [ 179.787297][ T6147] device syzkaller0 entered promiscuous mode [ 179.806789][ T6148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.537'. [ 179.935920][ T6151] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 180.154254][ T6168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.541'. [ 180.184474][ T6168] device bridge0 entered promiscuous mode [ 180.235224][ T6169] netlink: 68 bytes leftover after parsing attributes in process `syz.2.542'. [ 180.270123][ T6172] device syzkaller0 entered promiscuous mode [ 180.296099][ T6175] netlink: 76 bytes leftover after parsing attributes in process `syz.4.543'. [ 180.328784][ T6175] device syzkaller0 entered promiscuous mode [ 180.510953][ T6185] device syzkaller0 entered promiscuous mode [ 180.732300][ T6199] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 180.762788][ T6200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.552'. [ 181.497345][ T6234] netlink: 76 bytes leftover after parsing attributes in process `syz.4.564'. [ 181.513272][ T6234] device syzkaller0 entered promiscuous mode [ 181.752352][ T6254] netlink: 60 bytes leftover after parsing attributes in process `syz.0.570'. [ 182.007256][ T6263] device syzkaller0 entered promiscuous mode [ 182.252517][ T6282] netlink: 76 bytes leftover after parsing attributes in process `syz.1.581'. [ 182.272683][ T6282] device syzkaller0 entered promiscuous mode [ 182.444116][ T6293] tipc: Enabled bearer , priority 14 [ 182.625395][ T6300] binder: BINDER_SET_CONTEXT_MGR already set [ 182.638351][ T6300] binder: 6299:6300 ioctl 4018620d 200000000040 returned -16 [ 182.661634][ T6300] binder: 6299:6300 ioctl c0306201 200000000240 returned -11 [ 182.841536][ T6308] device syzkaller0 entered promiscuous mode [ 182.856098][ T6310] netlink: 24 bytes leftover after parsing attributes in process `syz.3.591'. [ 182.876318][ T26] audit: type=1326 audit(1777015415.341:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6309 comm="syz.3.591" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fabb021bdd9 code=0x0 [ 183.105042][ T6319] device syzkaller0 entered promiscuous mode [ 183.177767][ T6321] netlink: 76 bytes leftover after parsing attributes in process `syz.0.596'. [ 183.201641][ T6321] device syzkaller0 entered promiscuous mode [ 183.394066][ T6328] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 183.406423][ T6328] tipc: Enabled bearer , priority 0 [ 183.416421][ T6325] tipc: Disabling bearer [ 183.477446][ T5262] tipc: Node number set to 2655230643 [ 183.608875][ T6333] netlink: 4 bytes leftover after parsing attributes in process `syz.4.601'. [ 183.678070][ T6336] binder: BINDER_SET_CONTEXT_MGR already set [ 183.699105][ T6333] device syz_tun entered promiscuous mode [ 183.709632][ T6336] binder: 6334:6336 ioctl 4018620d 200000000040 returned -16 [ 183.735067][ T6333] device macvtap1 entered promiscuous mode [ 184.008168][ T6353] device syzkaller0 entered promiscuous mode [ 184.161775][ T6358] netlink: 76 bytes leftover after parsing attributes in process `syz.2.610'. [ 184.182558][ T6358] device syzkaller0 entered promiscuous mode [ 184.320416][ T6362] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 184.465707][ T6364] tipc: Enabled bearer , priority 0 [ 184.489140][ T6365] tipc: Enabled bearer , priority 0 [ 184.503758][ T6361] tipc: Disabling bearer [ 184.523183][ T6365] device syzkaller0 entered promiscuous mode [ 184.569043][ T6365] tipc: Resetting bearer [ 184.628094][ T6363] tipc: Resetting bearer [ 184.658153][ T6363] tipc: Disabling bearer [ 184.789073][ T6371] binder: BINDER_SET_CONTEXT_MGR already set [ 184.815600][ T6371] binder: 6370:6371 ioctl 4018620d 200000000040 returned -16 [ 185.055618][ T6384] device syzkaller0 entered promiscuous mode [ 185.216597][ T6389] device syzkaller0 entered promiscuous mode [ 185.262149][ T6387] netlink: 76 bytes leftover after parsing attributes in process `syz.2.623'. [ 185.290076][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.297710][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.304655][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.311536][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.318398][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.325247][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.332054][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.336575][ T6395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.625'. [ 185.339000][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.354610][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.361539][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.368384][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.375367][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.382177][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.389374][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.396229][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.403144][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.410101][ T6389] tc action pedit offset must be on 32 bit boundaries [ 185.417067][ T6389] 0: reclassify loop, rule prio 0, protocol 800 [ 185.529992][ T6396] device syzkaller0 entered promiscuous mode [ 185.562850][ T6399] device syzkaller0 entered promiscuous mode [ 185.608276][ T6401] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 186.565626][ T6434] netlink: 56 bytes leftover after parsing attributes in process `syz.2.637'. [ 187.361938][ T6439] netlink: 76 bytes leftover after parsing attributes in process `syz.4.640'. [ 187.565845][ T6445] device syzkaller0 entered promiscuous mode [ 187.574746][ T6444] device syzkaller0 entered promiscuous mode [ 187.585587][ T6439] device syzkaller0 entered promiscuous mode [ 188.417773][ T6466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.650'. [ 188.474046][ T6466] device ip6gretap0 entered promiscuous mode [ 188.603374][ T6469] netlink: 8 bytes leftover after parsing attributes in process `syz.3.650'. [ 188.720216][ T6472] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 189.480451][ T6469] device ip6gretap0 left promiscuous mode [ 189.673997][ T6482] netlink: 24 bytes leftover after parsing attributes in process `syz.2.655'. [ 189.749116][ T26] audit: type=1326 audit(1777015422.211:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6480 comm="syz.2.655" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2132ea2dd9 code=0x0 [ 189.782056][ T6484] netlink: 76 bytes leftover after parsing attributes in process `syz.3.656'. [ 189.819519][ T6484] device syzkaller0 entered promiscuous mode [ 190.863366][ T6507] Cannot find set identified by id 0 to match [ 191.100449][ T6523] tipc: Enabled bearer , priority 0 [ 191.173999][ T6528] device syzkaller0 entered promiscuous mode [ 191.214581][ T6523] tipc: Resetting bearer [ 191.230656][ T6520] tipc: Resetting bearer [ 191.251174][ T6520] tipc: Disabling bearer [ 191.386891][ T4243] Bluetooth: hci3: command 0x0406 tx timeout [ 191.395648][ T4243] Bluetooth: hci0: command 0x0406 tx timeout [ 191.443956][ T6535] netlink: 24 bytes leftover after parsing attributes in process `syz.1.672'. [ 191.445822][ T4243] Bluetooth: hci1: command 0x0406 tx timeout [ 191.491887][ T26] audit: type=1326 audit(1777015423.951:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6534 comm="syz.1.672" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf3a7eedd9 code=0x0 [ 191.510501][ T4243] Bluetooth: hci2: command 0x0406 tx timeout [ 191.767512][ T6542] device syzkaller0 entered promiscuous mode [ 191.880254][ T6547] device syzkaller0 entered promiscuous mode [ 192.029687][ T6549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.678'. [ 192.177794][ T6555] binder: 6554:6555 ioctl c0306201 200000000240 returned -11 [ 192.636330][ T6573] device syzkaller0 entered promiscuous mode [ 192.701365][ T6571] device syzkaller0 entered promiscuous mode [ 192.974226][ T6580] netlink: 4 bytes leftover after parsing attributes in process `syz.2.692'. [ 193.087507][ T6582] binder: 6581:6582 ioctl c0306201 200000000240 returned -11 [ 193.282457][ T6590] tipc: Enabled bearer , priority 0 [ 193.322285][ T6590] tipc: Resetting bearer [ 193.364567][ T6589] tipc: Disabling bearer [ 193.557403][ T6595] netlink: 48 bytes leftover after parsing attributes in process `syz.3.699'. [ 193.577924][ T6596] IPv6: NLM_F_CREATE should be specified when creating new route [ 193.771658][ T6602] device syzkaller0 entered promiscuous mode [ 194.027922][ T6620] binder: 6616:6620 ioctl c0306201 200000000240 returned -11 [ 194.320623][ T6636] device ip6gre2 entered promiscuous mode [ 194.349785][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.356226][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.400376][ T6636] syz.4.713 (6636) used greatest stack depth: 19088 bytes left [ 194.562045][ T6644] device syzkaller0 entered promiscuous mode [ 194.697822][ T6648] device syzkaller0 entered promiscuous mode [ 194.781892][ T6650] binder: BINDER_SET_CONTEXT_MGR already set [ 194.789799][ T6650] binder: 6649:6650 ioctl 4018620d 200000000040 returned -16 [ 194.798713][ T6650] binder: 6649:6650 ioctl c0306201 200000000240 returned -11 [ 195.089402][ T6664] netlink: 60 bytes leftover after parsing attributes in process `syz.2.726'. [ 195.135433][ T6664] siw: device registration error -23 [ 195.337441][ T6679] binder: BINDER_SET_CONTEXT_MGR already set [ 195.343745][ T6679] binder: 6678:6679 ioctl 4018620d 200000000040 returned -16 [ 195.359141][ T6679] binder: 6678:6679 ioctl c0306201 200000000240 returned -11 [ 195.417923][ T6682] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551371) [ 195.460779][ T6682] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 195.523876][ T6684] device syzkaller0 entered promiscuous mode [ 196.097471][ T6710] netlink: 60 bytes leftover after parsing attributes in process `syz.2.739'. [ 196.132512][ T6710] siw: device registration error -23 [ 196.141288][ T6712] device syzkaller0 entered promiscuous mode [ 196.171680][ T6708] tipc: Enabling of bearer rejected, failed to enable media [ 196.201849][ T6717] binder: BINDER_SET_CONTEXT_MGR already set [ 196.230973][ T6717] binder: 6716:6717 ioctl 4018620d 200000000040 returned -16 [ 196.261788][ T6717] binder: 6716:6717 ioctl c0306201 200000000240 returned -11 [ 196.426151][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.2.744'. [ 196.496092][ T6730] device syzkaller0 entered promiscuous mode [ 197.196226][ T5258] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 197.257934][ T6763] device syzkaller0 entered promiscuous mode [ 197.424719][ T6767] tipc: Enabled bearer , priority 0 [ 197.441674][ T6767] tipc: Resetting bearer [ 197.451996][ T6766] tipc: Disabling bearer [ 197.484895][ T6768] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 197.500920][ T6768] device syzkaller0 entered promiscuous mode [ 197.529811][ T6768] tipc: Enabled bearer , priority 0 [ 197.576109][ T5258] usb 3-1: config 0 has an invalid interface number: 39 but max is 0 [ 197.589848][ T5258] usb 3-1: config 0 has no interface number 0 [ 197.598202][ T5258] usb 3-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 197.611227][ T6765] tipc: Resetting bearer [ 197.645626][ T6765] tipc: Disabling bearer [ 197.680747][ T6770] netlink: 24 bytes leftover after parsing attributes in process `syz.0.760'. [ 197.720994][ T26] audit: type=1326 audit(1777015430.181:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6769 comm="syz.0.760" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8d4417dd9 code=0x0 [ 197.775499][ T5258] usb 3-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 197.797422][ T5258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.844451][ T5258] usb 3-1: Product: syz [ 197.853279][ T5258] usb 3-1: Manufacturer: syz [ 197.868773][ T5258] usb 3-1: SerialNumber: syz [ 197.907832][ T5258] usb 3-1: config 0 descriptor?? [ 198.082905][ T6782] netlink: 'syz.4.765': attribute type 9 has an invalid length. [ 198.133012][ T6782] netlink: 32 bytes leftover after parsing attributes in process `syz.4.765'. [ 198.333982][ T6790] netlink: 4 bytes leftover after parsing attributes in process `syz.4.768'. [ 198.366671][ T6791] tipc: Enabled bearer , priority 0 [ 198.374694][ T6790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.768'. [ 198.409693][ T6790] device syz_tun left promiscuous mode [ 198.476232][ T6791] tipc: Resetting bearer [ 198.572654][ T6789] tipc: Disabling bearer [ 198.823259][ T6801] device syzkaller0 entered promiscuous mode [ 198.844079][ T6803] tipc: Enabled bearer , priority 0 [ 199.131158][ T6811] tipc: Resetting bearer [ 199.168775][ T6802] tipc: Disabling bearer [ 199.333080][ T6818] 9pnet_virtio: no channels available for device syz [ 199.560435][ T6823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.781'. [ 199.587174][ T6823] netlink: 8 bytes leftover after parsing attributes in process `syz.0.781'. [ 199.611563][ T6823] device bridge0 left promiscuous mode [ 199.734826][ T6829] tipc: Enabled bearer , priority 0 [ 199.768183][ T5258] usb 3-1: USB disconnect, device number 3 [ 199.811242][ T6829] tipc: Resetting bearer [ 200.050012][ T6827] tipc: Disabling bearer [ 200.186275][ T6842] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 200.281846][ T4531] udevd[4531]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 201.096717][ T6845] device syzkaller0 entered promiscuous mode [ 201.265244][ T5258] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 201.326765][ T6858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.795'. [ 201.505252][ T5258] usb 3-1: Using ep0 maxpacket: 8 [ 201.625500][ T5258] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 201.706141][ T5258] usb 3-1: config 0 has no interface number 0 [ 201.746350][ T4231] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 201.822721][ T5258] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 201.991837][ T5258] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 202.105648][ T6872] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 202.125343][ T4231] usb 5-1: config 0 has an invalid interface number: 39 but max is 0 [ 202.154126][ T4231] usb 5-1: config 0 has no interface number 0 [ 202.154143][ T5258] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.232417][ T4231] usb 5-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 202.240014][ T5258] usb 3-1: config 0 descriptor?? [ 202.335484][ T6875] device syzkaller0 entered promiscuous mode [ 202.449175][ T4231] usb 5-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 202.479796][ T4231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.527901][ T4231] usb 5-1: Product: syz [ 202.548207][ T4231] usb 5-1: Manufacturer: syz [ 202.572885][ T4231] usb 5-1: SerialNumber: syz [ 202.583925][ T5258] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 202.619349][ T4231] usb 5-1: config 0 descriptor?? [ 202.991176][ T5258] usb 3-1: USB disconnect, device number 4 [ 203.132679][ T6884] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 203.802113][ T6886] tipc: Enabling of bearer rejected, failed to enable media [ 204.156121][ T6900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.807'. [ 204.206196][ T6898] tipc: Enabled bearer , priority 0 [ 204.226983][ T6903] device syzkaller0 entered promiscuous mode [ 204.295650][ T6898] tipc: Resetting bearer [ 204.311794][ T6894] tipc: Resetting bearer [ 204.349742][ T6894] tipc: Disabling bearer [ 204.372991][ T4231] usb 5-1: USB disconnect, device number 9 [ 204.443861][ T6908] device syzkaller0 entered promiscuous mode [ 204.456352][ T6910] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 204.626811][ T4531] udevd[4531]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 204.693280][ T6917] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 204.743341][ T6917] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 204.852960][ T6924] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 204.866462][ T6924] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 205.214601][ T6934] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 206.071291][ T6951] tipc: Enabling of bearer rejected, failed to enable media [ 206.451961][ T6969] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 206.459365][ T6969] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 206.548432][ T6969] vhci_hcd vhci_hcd.0: Device attached [ 206.560316][ T6974] binder: BINDER_SET_CONTEXT_MGR already set [ 206.572979][ T6974] binder: 6973:6974 ioctl 4018620d 200000000040 returned -16 [ 206.588036][ T6974] binder: 6973:6974 ioctl c0306201 200000000240 returned -11 [ 206.669530][ T6976] netlink: 4 bytes leftover after parsing attributes in process `syz.4.826'. [ 206.680524][ T6976] device syz_tun entered promiscuous mode [ 206.709443][ T6976] netlink: 8 bytes leftover after parsing attributes in process `syz.4.826'. [ 206.736518][ T6976] device syz_tun left promiscuous mode [ 206.755201][ T5255] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 206.805433][ T4231] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 207.008168][ T6983] tun0: tun_chr_ioctl cmd 1074025678 [ 207.026513][ T6983] tun0: group set to 0 [ 207.125496][ T5255] usb 1-1: config 0 has no interfaces? [ 207.131415][ T5255] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 207.299843][ T5255] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.322779][ T6989] device syzkaller0 entered promiscuous mode [ 207.349929][ T5255] usb 1-1: config 0 descriptor?? [ 207.403558][ T6990] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 208.145453][ T6970] vhci_hcd: connection closed [ 208.165135][ T4211] vhci_hcd: stop threads [ 208.178414][ T5255] usb 1-1: USB disconnect, device number 11 [ 208.214030][ T4211] vhci_hcd: release socket [ 208.239346][ T4211] vhci_hcd: disconnect device [ 208.305270][ T4231] usb 33-1: device descriptor read/64, error -71 [ 208.424887][ T7001] tipc: Enabling of bearer rejected, failed to enable media [ 208.443007][ T7002] binder: BINDER_SET_CONTEXT_MGR already set [ 208.449410][ T7002] binder: 7000:7002 ioctl 4018620d 200000000040 returned -16 [ 208.458429][ T7002] binder: 7000:7002 ioctl c0306201 200000000240 returned -11 [ 208.515252][ T4231] vhci_hcd: vhci_device speed not set [ 208.591519][ T7006] netlink: 4 bytes leftover after parsing attributes in process `syz.1.838'. [ 208.614392][ T7006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.838'. [ 208.693797][ T7006] device bridge0 left promiscuous mode [ 208.843453][ T7019] netlink: 56 bytes leftover after parsing attributes in process `syz.3.841'. [ 208.869190][ T7017] netlink: 4 bytes leftover after parsing attributes in process `syz.0.840'. [ 208.902693][ T7019] netlink: 1 bytes leftover after parsing attributes in process `syz.3.841'. [ 209.118610][ T7027] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 209.291239][ T7026] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 209.313279][ T7026] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 209.450452][ T7041] binder: BINDER_SET_CONTEXT_MGR already set [ 209.477234][ T7041] binder: 7039:7041 ioctl 4018620d 200000000040 returned -16 [ 209.504111][ T7041] binder: 7039:7041 ioctl c0306201 200000000240 returned -11 [ 209.721743][ T7052] tipc: Enabling of bearer rejected, failed to enable media [ 209.829873][ T7056] tipc: Enabling of bearer rejected, failed to enable media [ 210.436833][ T7079] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 210.443449][ T7079] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 210.502390][ T7079] vhci_hcd vhci_hcd.0: Device attached [ 210.637004][ T7092] netlink: 24 bytes leftover after parsing attributes in process `syz.1.862'. [ 210.796098][ T13] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 211.616521][ T4243] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 211.645311][ T5255] usb 5-1: new low-speed USB device number 10 using dummy_hcd [ 211.995510][ T4243] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.015442][ T5255] usb 5-1: config 0 has no interfaces? [ 212.021021][ T5255] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 212.025359][ T4243] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 212.055254][ T4243] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.077614][ T7119] tipc: Enabling of bearer rejected, failed to enable media [ 212.089213][ T5255] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.093787][ T4243] usb 1-1: config 0 descriptor?? [ 212.129730][ T5255] usb 5-1: config 0 descriptor?? [ 212.389717][ T4231] usb 5-1: USB disconnect, device number 10 [ 212.397213][ T7080] vhci_hcd: connection closed [ 212.397568][ T4211] vhci_hcd: stop threads [ 212.424338][ T4211] vhci_hcd: release socket [ 212.442163][ T4211] vhci_hcd: disconnect device [ 212.465470][ T13] vhci_hcd: vhci_device speed not set [ 212.475837][ T4243] usbhid 1-1:0.0: can't add hid device: -71 [ 212.499091][ T4243] usbhid: probe of 1-1:0.0 failed with error -71 [ 212.512448][ T4243] usb 1-1: USB disconnect, device number 12 [ 212.531328][ T7129] tipc: Enabling of bearer rejected, failed to enable media [ 212.965232][ T4243] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 213.046362][ T7151] device syzkaller0 entered promiscuous mode [ 213.235359][ T4243] usb 1-1: Using ep0 maxpacket: 32 [ 213.344884][ T7159] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.359956][ T7159] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.371658][ T7159] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.380550][ T7159] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.402161][ T4243] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.426746][ T4243] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 213.444988][ T4243] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.452800][ C0] hrtimer: interrupt took 408693 ns [ 213.473239][ T4243] usb 1-1: config 0 descriptor?? [ 213.532258][ T4243] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 213.562973][ T4243] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 213.655441][ T7164] tipc: Enabling of bearer rejected, failed to enable media [ 213.933735][ T4243] usb 1-1: USB disconnect, device number 13 [ 213.964256][ T4243] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 213.964723][ T7180] tipc: Enabling of bearer rejected, failed to enable media [ 214.274048][ T7195] device syzkaller0 entered promiscuous mode [ 214.465743][ T7202] binder: 7201:7202 unknown command 0 [ 214.471982][ T7202] binder: 7201:7202 ioctl c0306201 200000000080 returned -22 [ 215.144291][ T7232] netlink: 5280 bytes leftover after parsing attributes in process `syz.4.899'. [ 215.166387][ T7232] netlink: 5280 bytes leftover after parsing attributes in process `syz.4.899'. [ 215.722860][ T7253] netlink: 76 bytes leftover after parsing attributes in process `syz.4.908'. [ 215.742504][ T7255] sch_tbf: burst 555 is lower than device syzkaller0 mtu (1514) ! [ 215.754935][ T7255] device syzkaller0 entered promiscuous mode [ 215.770152][ T7255] tipc: Enabled bearer , priority 0 [ 215.841081][ T7254] tipc: Resetting bearer [ 215.863111][ T7254] tipc: Disabling bearer [ 216.122720][ T7264] 9pnet_virtio: no channels available for device syz [ 216.405424][ T7277] device syzkaller0 entered promiscuous mode [ 216.633336][ T7284] serio: Serial port ptm0 [ 216.682789][ T7287] netlink: 76 bytes leftover after parsing attributes in process `syz.4.921'. [ 217.257477][ T4231] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 217.625474][ T4231] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 217.656339][ T4231] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 217.685829][ T4231] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 217.697469][ T4231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.736193][ T7295] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 218.135706][ T4231] usb 2-1: USB disconnect, device number 10 [ 218.256766][ T7322] netlink: 76 bytes leftover after parsing attributes in process `syz.4.935'. [ 218.551444][ T7331] device syzkaller0 entered promiscuous mode [ 218.591735][ T7332] binder: BINDER_SET_CONTEXT_MGR already set [ 218.612052][ T7332] binder: 7330:7332 ioctl 4018620d 200000000040 returned -16 [ 218.681868][ T7332] binder: 7330:7332 ioctl c0306201 200000000240 returned -11 [ 219.264721][ T7351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.948'. [ 219.283562][ T7351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.948'. [ 219.359988][ T4243] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 219.769680][ T4243] usb 2-1: config 0 interface 0 altsetting 251 has an invalid endpoint with address 0x2C, skipping [ 219.793023][ T4243] usb 2-1: config 0 interface 0 has no altsetting 0 [ 219.916417][ T7364] binder: BINDER_SET_CONTEXT_MGR already set [ 219.922671][ T7364] binder: 7363:7364 ioctl 4018620d 200000000040 returned -16 [ 219.990083][ T7364] binder: 7363:7364 ioctl c0306201 200000000240 returned -11 [ 219.998524][ T4243] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 220.015137][ T4243] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 220.071531][ T4243] usb 2-1: Product: syz [ 220.076354][ T4243] usb 2-1: Manufacturer: syz [ 220.081296][ T4243] usb 2-1: SerialNumber: syz [ 220.104101][ T4243] usb 2-1: config 0 descriptor?? [ 220.217977][ T4243] snd-usb-audio: probe of 2-1:0.0 failed with error -22 [ 220.337414][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 220.430224][ T7383] netlink: 4 bytes leftover after parsing attributes in process `syz.3.960'. [ 220.653617][ T7384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.960'. [ 220.659137][ T4229] usb 2-1: USB disconnect, device number 11 [ 221.051193][ T7397] netlink: 76 bytes leftover after parsing attributes in process `syz.1.965'. [ 221.087921][ T7400] binder: BINDER_SET_CONTEXT_MGR already set [ 221.094003][ T7400] binder: 7398:7400 ioctl 4018620d 200000000040 returned -16 [ 221.163026][ T7405] tipc: Enabled bearer , priority 0 [ 221.170745][ T7400] binder: 7398:7400 ioctl c0306201 200000000240 returned -11 [ 221.197134][ T7405] tipc: Resetting bearer [ 221.228152][ T7403] tipc: Disabling bearer [ 221.518214][ T7419] device syzkaller0 entered promiscuous mode [ 221.605208][ T5255] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 221.696469][ T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 221.855201][ T5255] usb 5-1: Using ep0 maxpacket: 16 [ 221.975403][ T5255] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 221.998688][ T23] usb 1-1: Using ep0 maxpacket: 32 [ 222.145380][ T5255] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 222.152923][ T23] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 222.160944][ T5255] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.179558][ T5255] usb 5-1: Product: syz [ 222.184025][ T5255] usb 5-1: Manufacturer: syz [ 222.189043][ T5255] usb 5-1: SerialNumber: syz [ 222.215632][ T5255] usb 5-1: config 0 descriptor?? [ 222.256538][ T5255] hub 5-1:0.0: bad descriptor, ignoring hub [ 222.270426][ T5255] hub: probe of 5-1:0.0 failed with error -5 [ 222.379983][ T23] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 222.402859][ T7431] APIC base relocation is unsupported by KVM [ 222.404070][ T7431] Disabled LAPIC found during irq injection [ 222.405234][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.445214][ T23] usb 1-1: Product: syz [ 222.468402][ T23] usb 1-1: Manufacturer: syz [ 222.475701][ T23] usb 1-1: SerialNumber: syz [ 222.494419][ T23] usb 1-1: config 0 descriptor?? [ 222.535566][ T7417] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 222.555977][ T23] hub 1-1:0.0: bad descriptor, ignoring hub [ 222.562486][ T23] hub: probe of 1-1:0.0 failed with error -5 [ 222.632775][ T4243] usb 5-1: USB disconnect, device number 11 [ 222.753923][ T7436] binder: BINDER_SET_CONTEXT_MGR already set [ 222.783130][ T7436] binder: 7435:7436 ioctl 4018620d 200000000040 returned -16 [ 222.804681][ T7436] binder: 7435:7436 ioctl c0306201 200000000240 returned -11 [ 222.854870][ T7429] mmap: syz.2.978 (7429) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 222.895534][ T23] usb 1-1: USB disconnect, device number 14 [ 222.904269][ T7439] netlink: 76 bytes leftover after parsing attributes in process `syz.3.981'. [ 223.281262][ T7454] netlink: 12 bytes leftover after parsing attributes in process `syz.3.987'. [ 223.323983][ T7448] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 223.367576][ T7457] Disabled LAPIC found during irq injection [ 223.483321][ T7455] netlink: 8 bytes leftover after parsing attributes in process `syz.3.987'. [ 223.522264][ T7455] netlink: 24 bytes leftover after parsing attributes in process `syz.3.987'. [ 223.554333][ T7455] bond1: (slave veth3): Enslaving as an active interface with an up link [ 223.792529][ T7473] binder: BINDER_SET_CONTEXT_MGR already set [ 223.817592][ T7473] binder: 7472:7473 ioctl 4018620d 200000000040 returned -16 [ 223.975183][ T7477] netlink: 76 bytes leftover after parsing attributes in process `syz.3.993'. [ 224.221928][ T7494] xt_hashlimit: size too large, truncated to 1048576 [ 224.654103][ T7511] tipc: Enabled bearer , priority 0 [ 224.691916][ T7511] device syzkaller0 entered promiscuous mode [ 224.764133][ T7511] tipc: Resetting bearer [ 224.796357][ T7510] tipc: Resetting bearer [ 224.844084][ T7510] tipc: Disabling bearer [ 225.181415][ T7525] binder: BINDER_SET_CONTEXT_MGR already set [ 225.211066][ T7525] binder: 7523:7525 ioctl 4018620d 200000000040 returned -16 [ 225.455614][ T7536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1006'. [ 225.776769][ T7547] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1008'. [ 225.810639][ T7547] device syzkaller0 entered promiscuous mode [ 226.310644][ T7561] tipc: Enabled bearer , priority 0 [ 226.365495][ T7561] device syzkaller0 entered promiscuous mode [ 226.417680][ T7561] tipc: Resetting bearer [ 226.441997][ T7559] tipc: Resetting bearer [ 226.473454][ T7559] tipc: Disabling bearer [ 226.676607][ T7571] binder: BINDER_SET_CONTEXT_MGR already set [ 226.715294][ T7571] binder: 7570:7571 ioctl 4018620d 200000000040 returned -16 [ 226.851480][ T7576] device syzkaller1 entered promiscuous mode [ 227.293042][ T7584] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1023'. [ 227.528983][ T7590] tipc: Enabled bearer , priority 0 [ 227.600749][ T7590] device syzkaller0 entered promiscuous mode [ 227.629440][ T7588] tipc: Resetting bearer [ 227.742480][ T7588] tipc: Disabling bearer [ 227.975657][ T7601] tipc: Enabled bearer , priority 0 [ 227.998672][ T7601] tipc: Resetting bearer [ 228.007003][ T7598] tipc: Disabling bearer [ 228.152964][ T7604] binder: BINDER_SET_CONTEXT_MGR already set [ 228.158361][ T7603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.176992][ T7604] binder: 7602:7604 ioctl 4018620d 200000000040 returned -16 [ 228.198465][ T7604] binder: 7602:7604 ioctl c0306201 200000000240 returned -11 [ 228.625268][ T7621] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1034'. [ 228.668743][ T7621] 8021q: adding VLAN 0 to HW filter on device bond1 [ 228.821756][ T7627] tipc: Enabled bearer , priority 0 [ 228.878703][ T7630] device syzkaller0 entered promiscuous mode [ 228.906658][ T7632] binder: 7631:7632 ioctl c0306201 200000000080 returned -14 [ 228.913602][ T7627] tipc: Resetting bearer [ 228.937391][ T7632] binder: 7631:7632 ioctl c0306201 2000000003c0 returned -14 [ 228.975687][ T7625] tipc: Resetting bearer [ 229.011055][ T7625] tipc: Disabling bearer [ 229.123087][ T7638] binder: BINDER_SET_CONTEXT_MGR already set [ 229.155779][ T7638] binder: 7637:7638 ioctl 4018620d 200000000040 returned -16 [ 229.176879][ T7638] binder: 7637:7638 ioctl c0306201 200000000240 returned -11 [ 229.420544][ T7648] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1045'. [ 229.550270][ T7657] 9pnet_virtio: no channels available for device syz [ 230.074993][ T7689] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1059'. [ 230.129565][ T7692] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 231.040882][ T7728] kvm [7725]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x100001096 [ 231.050831][ T7728] kvm [7725]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 231.071398][ T7728] kvm [7725]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x2055 [ 231.105949][ T7728] kvm [7725]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 231.160195][ T7728] kvm [7725]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x8f4 [ 231.188044][ T7728] kvm [7725]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 231.219800][ T13] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 231.244463][ T7728] kvm [7725]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x8ae4 [ 231.280257][ T7728] kvm [7725]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc1 data 0x0 [ 231.300035][ T7728] kvm [7725]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x4868 [ 231.319404][ T7728] kvm [7725]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0 [ 231.370263][ T7728] kvm [7725]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0xfa02 [ 231.402453][ T7728] kvm [7725]: vcpu0, guest rIP: 0x1b8 ignored wrmsr: 0x11e data 0xbe702111 [ 231.443894][ T7728] kvm [7725]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0xf10b [ 231.460104][ T7728] kvm [7725]: vcpu0, guest rIP: 0x1b8 ignored wrmsr: 0x11e data 0xbe702111 [ 231.483807][ T7747] program syz.1.1078 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 231.595925][ T13] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 231.649978][ T13] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 231.691937][ T13] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 231.740175][ T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.800538][ T7762] binder: BINDER_SET_CONTEXT_MGR already set [ 231.807411][ T7762] binder: 7760:7762 ioctl 4018620d 200000000040 returned -16 [ 231.820421][ T7762] binder: 7760:7762 ioctl c0306201 200000000240 returned -11 [ 231.957887][ T7765] device syzkaller0 entered promiscuous mode [ 232.007692][ T13] usb 4-1: usb_control_msg returned -32 [ 232.013460][ T13] usbtmc 4-1:16.0: can't read capabilities [ 232.494497][ T7777] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 232.621261][ T4229] usb 4-1: USB disconnect, device number 10 [ 233.319272][ T7788] 9pnet_virtio: no channels available for device syz [ 233.374898][ T7789] binder: BINDER_SET_CONTEXT_MGR already set [ 233.394940][ T7789] binder: 7787:7789 ioctl 4018620d 200000000040 returned -16 [ 233.436629][ T7794] binder_alloc: 7792: binder_alloc_buf, no vma [ 233.559282][ T7800] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1098'. [ 233.935280][ T7813] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 235.118457][ T7828] device syzkaller0 entered promiscuous mode [ 235.145211][ T4243] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 235.245198][ T23] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 235.498406][ T7832] binder: BINDER_SET_CONTEXT_MGR already set [ 235.505518][ T4243] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.529193][ T4243] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.555240][ T4243] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 235.572584][ T7832] binder: 7831:7832 ioctl 4018620d 200000000040 returned -16 [ 235.608719][ T23] usb 1-1: config 0 has an invalid interface number: 39 but max is 0 [ 235.637278][ T23] usb 1-1: config 0 has no interface number 0 [ 235.648612][ T4243] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 235.701938][ T23] usb 1-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 235.722475][ T4243] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.771835][ T4243] usb 4-1: config 0 descriptor?? [ 235.905488][ T23] usb 1-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 235.925504][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.958808][ T23] usb 1-1: Product: syz [ 235.963041][ T23] usb 1-1: Manufacturer: syz [ 235.974054][ T23] usb 1-1: SerialNumber: syz [ 236.006343][ T23] usb 1-1: config 0 descriptor?? [ 236.278033][ T4243] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 236.343627][ T4243] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 236.649592][ T7845] device syzkaller0 entered promiscuous mode [ 236.976165][ T7850] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 237.727709][ C1] plantronics 0003:047F:FFFF.0003: usb_submit_urb(ctrl) failed: -1 [ 237.739927][ T4229] usb 4-1: USB disconnect, device number 11 [ 237.952741][ T7854] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1115'. [ 238.100747][ T7865] binder: BINDER_SET_CONTEXT_MGR already set [ 238.107454][ T7865] binder: 7864:7865 ioctl 4018620d 200000000040 returned -16 [ 238.116505][ T7865] binder: 7864:7865 ioctl c0306201 200000000240 returned -11 [ 238.180824][ T23] usb 1-1: USB disconnect, device number 15 [ 238.230445][ T7868] device syzkaller0 entered promiscuous mode [ 238.325412][ T5255] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 238.521513][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 238.686324][ T7879] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 239.655721][ T5255] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.692123][ T5255] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.731301][ T5255] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 239.752974][ T5255] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 239.763634][ T5255] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.784310][ T7888] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1128'. [ 239.816433][ T5255] usb 2-1: config 0 descriptor?? [ 239.901647][ T7888] device syzkaller0 entered promiscuous mode [ 240.149211][ T7895] binder: BINDER_SET_CONTEXT_MGR already set [ 240.155592][ T7895] binder: 7894:7895 ioctl 4018620d 200000000040 returned -16 [ 240.164500][ T7895] binder: 7894:7895 ioctl c0306201 200000000240 returned -11 [ 240.185240][ T4243] Bluetooth: hci5: command 0x1003 tx timeout [ 240.191417][ T4202] Bluetooth: hci5: sending frame failed (-49) [ 240.306792][ T5255] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd [ 240.355350][ T5255] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 240.363206][ T5255] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 240.371376][ T5255] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 240.402389][ T5255] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 240.415315][ T4231] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 240.423771][ T7898] block device autoloading is deprecated and will be removed. [ 240.587623][ T4243] usb 2-1: USB disconnect, device number 12 [ 240.794053][ T7903] device syzkaller0 entered promiscuous mode [ 240.855619][ T4231] usb 3-1: config 0 has an invalid interface number: 39 but max is 0 [ 240.864767][ T4231] usb 3-1: config 0 has no interface number 0 [ 240.892009][ T4231] usb 3-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 241.137816][ T4231] usb 3-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 241.158248][ T4231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.232804][ T4231] usb 3-1: Product: syz [ 241.263165][ T4231] usb 3-1: Manufacturer: syz [ 241.279174][ T7912] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1137'. [ 241.293862][ T4231] usb 3-1: SerialNumber: syz [ 241.327080][ T4231] usb 3-1: config 0 descriptor?? [ 241.505665][ T7913] device syzkaller0 entered promiscuous mode [ 241.801725][ T7920] binder: BINDER_SET_CONTEXT_MGR already set [ 241.817872][ T7920] binder: 7919:7920 ioctl 4018620d 200000000040 returned -16 [ 241.868314][ T7920] binder: 7919:7920 ioctl c0306201 200000000240 returned -11 [ 241.920538][ T7921] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1140'. [ 242.164446][ T7930] device syzkaller0 entered promiscuous mode [ 242.265439][ T4173] Bluetooth: hci5: command 0x1001 tx timeout [ 242.276054][ T4202] Bluetooth: hci5: sending frame failed (-49) [ 243.013493][ T7942] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 244.021628][ T4231] usb 3-1: USB disconnect, device number 5 [ 244.034577][ T7950] binder: BINDER_SET_CONTEXT_MGR already set [ 244.058305][ T7950] binder: 7949:7950 ioctl 4018620d 200000000040 returned -16 [ 244.076769][ T7950] binder: 7949:7950 ioctl c0306201 200000000240 returned -11 [ 244.098054][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 244.243561][ T7958] device syzkaller0 entered promiscuous mode [ 244.284872][ T7957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1153'. [ 244.341725][ T7961] gfs2: not a GFS2 filesystem [ 244.347271][ T4243] Bluetooth: hci5: command 0x1009 tx timeout [ 244.378739][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.409241][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.453523][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.472773][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.498647][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.522206][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.549366][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.570759][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.592022][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.613490][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.630471][ T7969] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1158'. [ 244.639893][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.649473][ T26] audit: type=1326 audit(1777015477.111:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.0.1158" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8d4417dd9 code=0x0 [ 244.672983][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.682156][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.691008][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.698935][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.715294][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.730607][ T4231] hid-generic 0006:0004:0009.0005: unknown main item tag 0x0 [ 244.759068][ T4231] hid-generic 0006:0004:0009.0005: hidraw0: VIRTUAL HID v0.04 Device [syz1] on syz0 [ 245.073532][ T7978] fido_id[7978]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 245.210186][ T7984] device syzkaller0 entered promiscuous mode [ 245.519963][ T7993] binder: BINDER_SET_CONTEXT_MGR already set [ 245.543822][ T7993] binder: 7992:7993 ioctl 4018620d 200000000040 returned -16 [ 245.566360][ T7993] binder: 7992:7993 ioctl c0306201 200000000240 returned -11 [ 245.693663][ T8002] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1168'. [ 245.705322][ T4243] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 245.740541][ T8002] siw: device registration error -23 [ 246.065594][ T4243] usb 3-1: config 0 has an invalid interface number: 39 but max is 0 [ 246.107845][ T4243] usb 3-1: config 0 has no interface number 0 [ 246.119371][ T4243] usb 3-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 246.233350][ T8022] device syzkaller0 entered promiscuous mode [ 246.295739][ T4243] usb 3-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 246.316384][ T4243] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.336720][ T4243] usb 3-1: Product: syz [ 246.348957][ T4243] usb 3-1: Manufacturer: syz [ 246.380620][ T4243] usb 3-1: SerialNumber: syz [ 246.399487][ T4243] usb 3-1: config 0 descriptor?? [ 246.510449][ T8031] binder: BINDER_SET_CONTEXT_MGR already set [ 246.516911][ T8031] binder: 8030:8031 ioctl 4018620d 200000000040 returned -16 [ 246.531470][ T8031] binder: 8030:8031 ioctl c0306201 200000000240 returned -11 [ 246.642302][ T8026] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1175'. [ 246.690779][ T8026] device bridge0 entered promiscuous mode [ 246.741500][ T8034] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1175'. [ 246.814807][ T8034] device bridge0 left promiscuous mode [ 247.086789][ T8050] loop5: detected capacity change from 0 to 7 [ 247.200136][ T4531] Dev loop5: unable to read RDB block 7 [ 247.211378][ T4531] loop5: unable to read partition table [ 247.243195][ T4531] loop5: partition table beyond EOD, truncated [ 247.271041][ T8050] Dev loop5: unable to read RDB block 7 [ 247.282985][ T8050] loop5: unable to read partition table [ 247.314183][ T8050] loop5: partition table beyond EOD, truncated [ 247.392228][ T8050] loop_reread_partitions: partition scan of loop5 (Wý* %4FLQk݊5) failed (rc=-5) [ 247.509763][ T8043] [ 247.512215][ T8043] ====================================================== [ 247.519523][ T8043] WARNING: possible circular locking dependency detected [ 247.526699][ T8043] syzkaller #0 Not tainted [ 247.531270][ T8043] ------------------------------------------------------ [ 247.538311][ T8043] syz.1.1183/8043 is trying to acquire lock: [ 247.544472][ T8043] ffff88801b3c7938 ((wq_completion)loop5){+.+.}-{0:0}, at: flush_workqueue+0x150/0x13d0 [ 247.554396][ T8043] [ 247.554396][ T8043] but task is already holding lock: [ 247.562334][ T8043] ffff8881477c5468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 247.571139][ T8043] [ 247.571139][ T8043] which lock already depends on the new lock. [ 247.571139][ T8043] [ 247.581550][ T8043] [ 247.581550][ T8043] the existing dependency chain (in reverse order) is: [ 247.590743][ T8043] [ 247.590743][ T8043] -> #6 (&lo->lo_mutex){+.+.}-{3:3}: [ 247.598233][ T8043] __mutex_lock_common+0x1e3/0x2400 [ 247.603993][ T8043] mutex_lock_killable_nested+0x17/0x20 [ 247.610139][ T8043] lo_open+0x6a/0x100 [ 247.614661][ T8043] blkdev_get_whole+0x90/0x390 [ 247.619956][ T8043] blkdev_get_by_dev+0x2d0/0xa60 [ 247.625509][ T8043] blkdev_open+0x12d/0x2c0 [ 247.630488][ T8043] do_dentry_open+0x7ff/0xf80 [ 247.635711][ T8043] path_openat+0x26f5/0x2fa0 [ 247.640957][ T8043] do_filp_open+0x1e2/0x410 [ 247.646028][ T8043] do_sys_openat2+0x150/0x4b0 [ 247.651347][ T8043] __x64_sys_openat+0x135/0x160 [ 247.656744][ T8043] do_syscall_64+0x4c/0xa0 [ 247.662130][ T8043] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.668572][ T8043] [ 247.668572][ T8043] -> #5 (&disk->open_mutex){+.+.}-{3:3}: [ 247.676638][ T8043] __mutex_lock_common+0x1e3/0x2400 [ 247.682654][ T8043] mutex_lock_nested+0x17/0x20 [ 247.688063][ T8043] blkdev_get_by_dev+0x157/0xa60 [ 247.693568][ T8043] swsusp_check+0xa1/0x2b0 [ 247.698531][ T8043] software_resume+0xc6/0x3b0 [ 247.703946][ T8043] resume_store+0xe4/0x130 [ 247.709052][ T8043] kernfs_fop_write_iter+0x379/0x4c0 [ 247.715012][ T8043] vfs_write+0x745/0xd60 [ 247.719936][ T8043] ksys_write+0x152/0x260 [ 247.724803][ T8043] do_syscall_64+0x4c/0xa0 [ 247.729926][ T8043] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.736352][ T8043] [ 247.736352][ T8043] -> #4 (system_transition_mutex/1){+.+.}-{3:3}: [ 247.744899][ T8043] __mutex_lock_common+0x1e3/0x2400 [ 247.750637][ T8043] mutex_lock_nested+0x17/0x20 [ 247.756036][ T8043] software_resume+0x7c/0x3b0 [ 247.761393][ T8043] resume_store+0xe4/0x130 [ 247.766350][ T8043] kernfs_fop_write_iter+0x379/0x4c0 [ 247.772177][ T8043] vfs_write+0x745/0xd60 [ 247.776954][ T8043] ksys_write+0x152/0x260 [ 247.781842][ T8043] do_syscall_64+0x4c/0xa0 [ 247.786882][ T8043] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.793509][ T8043] [ 247.793509][ T8043] -> #3 (&of->mutex){+.+.}-{3:3}: [ 247.800831][ T8043] __mutex_lock_common+0x1e3/0x2400 [ 247.806571][ T8043] mutex_lock_nested+0x17/0x20 [ 247.811968][ T8043] kernfs_seq_start+0x51/0x3c0 [ 247.817262][ T8043] seq_read_iter+0x3c4/0xd50 [ 247.822571][ T8043] vfs_read+0x759/0xd60 [ 247.827306][ T8043] ksys_read+0x152/0x260 [ 247.832080][ T8043] do_syscall_64+0x4c/0xa0 [ 247.837029][ T8043] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 247.843460][ T8043] [ 247.843460][ T8043] -> #2 (&p->lock){+.+.}-{3:3}: [ 247.850507][ T8043] __mutex_lock_common+0x1e3/0x2400 [ 247.856360][ T8043] mutex_lock_nested+0x17/0x20 [ 247.861650][ T8043] seq_read_iter+0xad/0xd50 [ 247.866684][ T8043] do_iter_readv_writev+0x47e/0x5f0 [ 247.872566][ T8043] do_iter_read+0x20b/0x7c0 [ 247.877786][ T8043] loop_process_work+0x16dd/0x24a0 [ 247.883451][ T8043] process_one_work+0x85f/0x1010 [ 247.888917][ T8043] worker_thread+0xaa6/0x1290 [ 247.894206][ T8043] kthread+0x436/0x520 [ 247.898814][ T8043] ret_from_fork+0x1f/0x30 [ 247.903754][ T8043] [ 247.903754][ T8043] -> #1 ((work_completion)(&lo->rootcg_work)){+.+.}-{0:0}: [ 247.913385][ T8043] process_one_work+0x7bb/0x1010 [ 247.919172][ T8043] worker_thread+0xaa6/0x1290 [ 247.924501][ T8043] kthread+0x436/0x520 [ 247.929133][ T8043] ret_from_fork+0x1f/0x30 [ 247.934086][ T8043] [ 247.934086][ T8043] -> #0 ((wq_completion)loop5){+.+.}-{0:0}: [ 247.942171][ T8043] __lock_acquire+0x2c42/0x7d10 [ 247.947579][ T8043] lock_acquire+0x19e/0x400 [ 247.952641][ T8043] flush_workqueue+0x16c/0x13d0 [ 247.958020][ T8043] drain_workqueue+0xcf/0x380 [ 247.963223][ T8043] destroy_workqueue+0x7b/0xb20 [ 247.968601][ T8043] __loop_clr_fd+0x234/0xb90 [ 247.973719][ T8043] blkdev_put+0x53f/0x7d0 [ 247.978601][ T8043] blkdev_close+0x76/0xa0 [ 247.983483][ T8043] __fput+0x234/0x930 [ 247.988025][ T8043] task_work_run+0x125/0x1a0 [ 247.993369][ T8043] exit_to_user_mode_loop+0x10f/0x130 [ 247.999284][ T8043] exit_to_user_mode_prepare+0xee/0x180 [ 248.005468][ T8043] syscall_exit_to_user_mode+0x16/0x40 [ 248.011456][ T8043] do_syscall_64+0x58/0xa0 [ 248.016502][ T8043] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 248.023042][ T8043] [ 248.023042][ T8043] other info that might help us debug this: [ 248.023042][ T8043] [ 248.033481][ T8043] Chain exists of: [ 248.033481][ T8043] (wq_completion)loop5 --> &disk->open_mutex --> &lo->lo_mutex [ 248.033481][ T8043] [ 248.047097][ T8043] Possible unsafe locking scenario: [ 248.047097][ T8043] [ 248.054704][ T8043] CPU0 CPU1 [ 248.060100][ T8043] ---- ---- [ 248.065484][ T8043] lock(&lo->lo_mutex); [ 248.069950][ T8043] lock(&disk->open_mutex); [ 248.077067][ T8043] lock(&lo->lo_mutex); [ 248.083836][ T8043] lock((wq_completion)loop5); [ 248.088778][ T8043] [ 248.088778][ T8043] *** DEADLOCK *** [ 248.088778][ T8043] [ 248.097144][ T8043] 2 locks held by syz.1.1183/8043: [ 248.102346][ T8043] #0: ffff888021441918 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xf9/0x7d0 [ 248.111692][ T8043] #1: ffff8881477c5468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xaa/0xb90 [ 248.121012][ T8043] [ 248.121012][ T8043] stack backtrace: [ 248.127122][ T8043] CPU: 1 PID: 8043 Comm: syz.1.1183 Not tainted syzkaller #0 [ 248.134608][ T8043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 248.144758][ T8043] Call Trace: [ 248.148046][ T8043] [ 248.150982][ T8043] dump_stack_lvl+0x188/0x250 [ 248.155669][ T8043] ? load_image+0x400/0x400 [ 248.160199][ T8043] ? show_regs_print_info+0x20/0x20 [ 248.165448][ T8043] ? print_circular_bug+0x12b/0x1a0 [ 248.170658][ T8043] check_noncircular+0x296/0x330 [ 248.175599][ T8043] ? add_chain_block+0x940/0x940 [ 248.180547][ T8043] ? lockdep_lock+0xf1/0x1f0 [ 248.185155][ T8043] ? lockdep_unlock+0x143/0x2e0 [ 248.190037][ T8043] ? mark_lock+0x94/0x320 [ 248.194635][ T8043] __lock_acquire+0x2c42/0x7d10 [ 248.199497][ T8043] ? __lock_acquire+0x13bc/0x7d10 [ 248.204623][ T8043] ? verify_lock_unused+0x140/0x140 [ 248.209844][ T8043] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 248.216019][ T8043] ? memset+0x1e/0x40 [ 248.220010][ T8043] lock_acquire+0x19e/0x400 [ 248.224536][ T8043] ? flush_workqueue+0x150/0x13d0 [ 248.229589][ T8043] ? __mutex_trylock_common+0x155/0x260 [ 248.235154][ T8043] ? read_lock_is_recursive+0x10/0x10 [ 248.240564][ T8043] ? __init_swait_queue_head+0xa5/0x150 [ 248.246116][ T8043] flush_workqueue+0x16c/0x13d0 [ 248.251098][ T8043] ? flush_workqueue+0x150/0x13d0 [ 248.256148][ T8043] ? __lock_acquire+0x7d10/0x7d10 [ 248.261189][ T8043] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 248.267267][ T8043] ? _raw_spin_lock_irqsave+0x8b/0x100 [ 248.272737][ T8043] ? rcu_work_rcufn+0x120/0x120 [ 248.277674][ T8043] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 248.283318][ T8043] ? finish_wait+0xc0/0x1d0 [ 248.287935][ T8043] drain_workqueue+0xcf/0x380 [ 248.292620][ T8043] destroy_workqueue+0x7b/0xb20 [ 248.297653][ T8043] __loop_clr_fd+0x234/0xb90 [ 248.302455][ T8043] ? lo_release+0x172/0x1f0 [ 248.306986][ T8043] ? lo_open+0x100/0x100 [ 248.311248][ T8043] blkdev_put+0x53f/0x7d0 [ 248.315590][ T8043] blkdev_close+0x76/0xa0 [ 248.320012][ T8043] ? blkdev_open+0x2c0/0x2c0 [ 248.324634][ T8043] __fput+0x234/0x930 [ 248.328625][ T8043] task_work_run+0x125/0x1a0 [ 248.333222][ T8043] exit_to_user_mode_loop+0x10f/0x130 [ 248.338611][ T8043] exit_to_user_mode_prepare+0xee/0x180 [ 248.344194][ T8043] syscall_exit_to_user_mode+0x16/0x40 [ 248.349672][ T8043] do_syscall_64+0x58/0xa0 [ 248.354099][ T8043] ? clear_bhb_loop+0x30/0x80 [ 248.358776][ T8043] ? clear_bhb_loop+0x30/0x80 [ 248.363469][ T8043] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 248.369420][ T8043] RIP: 0033:0x7fbf3a7eedd9 [ 248.373847][ T8043] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 248.393479][ T8043] RSP: 002b:00007ffcdf496158 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 248.401903][ T8043] RAX: 0000000000000000 RBX: 00007fbf3aa69da0 RCX: 00007fbf3a7eedd9 [ 248.409970][ T8043] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 248.417947][ T8043] RBP: 00007fbf3aa69da0 R08: 00007fbf3aa68038 R09: 0000000000000000 [ 248.425920][ T8043] R10: 00000000003ffd80 R11: 0000000000000246 R12: 000000000003c7e9 [ 248.433922][ T8043] R13: 00007fbf3aa6809c R14: 000000000003c54f R15: 00007ffcdf496260 [ 248.441907][ T8043] [ 248.699038][ T4243] usb 3-1: USB disconnect, device number 6 [ 248.711363][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.39/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 255.787127][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.793503][ T1422] ieee802154 phy1 wpan1: encryption failed: -22