last executing test programs: 5m44.142957386s ago: executing program 1 (id=3282): socket$isdn(0x22, 0x3, 0x0) 5m42.814535336s ago: executing program 1 (id=3284): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000040)={0x0, 0x1, 0xd7800000}) 5m42.547976931s ago: executing program 1 (id=3287): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000005c0)={0x4c, 0x0, &(0x7f00000002c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 5m42.000658675s ago: executing program 1 (id=3289): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200) r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r3, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x1a8, r4, 0x400, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x38}]}, @TIPC_NLA_MEDIA={0x5c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x40}]}, @TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "9eacbfae6cdcf0f3478eb5140a3ffe2289f3414e47bebaed97a7a80a5f376c2db4"}}]}, @TIPC_NLA_BEARER={0xac, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0xce, @mcast1, 0x9}}, {0x14, 0x2, @in={0x2, 0x4e20, @rand_addr=0x64010101}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8c}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe92d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4831}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x8004}, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000bc0)={{0x0, 0x1}, {0xe}, 0x2, 0x6, 0x2e}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001440)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r5, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, 0x0, 0x48005) readv(r0, &(0x7f0000001540)=[{&(0x7f0000001580)=""/4108, 0x100c}], 0x1) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602200000000e000a000d000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0x2400}, 0x0) 5m39.844513675s ago: executing program 1 (id=3296): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r1, &(0x7f0000001f00)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e150451160200000064c6", 0x15}, {&(0x7f00000002c0)="17460081ba60ccbb9d00001a", 0xc}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x38}}, 0x10, 0x0}}], 0x2, 0x4004040) 5m39.420656826s ago: executing program 1 (id=3299): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x11) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) 5m23.810775148s ago: executing program 32 (id=3299): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x11) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) 8.843142577s ago: executing program 3 (id=4072): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r0, 0x407, 0x0) write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) vmsplice(r0, &(0x7f0000000140), 0x0, 0x0) fcntl$setpipe(r0, 0x407, 0x2000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) writev(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) unshare(0x64000600) 6.979027179s ago: executing program 0 (id=4076): socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) dup(r0) socket$inet_sctp(0x2, 0x5, 0x84) r1 = userfaultfd(0x1) sched_setaffinity(0x0, 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_WRITEPROTECT(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}}) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x20000000000002, 0x2) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0) sendfile(r5, r5, &(0x7f0000000000)=0x7, 0x4) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000002000128008000100677265001400028008000600ac14142408000700e000000108000a00", @ANYRES32], 0x48}}, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500a00000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r7}, 0x10) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000040)="09000000010001", 0x7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4) socket(0x10, 0x3, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 6.978829409s ago: executing program 3 (id=4077): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000b", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$unix(0x1, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18070000000002b6", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.820963672s ago: executing program 3 (id=4078): pipe2(&(0x7f00000004c0), 0x800) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$alg(0x26, 0x5, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x54, 0x1}) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0x3d, 0x0, @fd, 0x0, 0x0, 0xffff, 0x0, 0x1}) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0) 5.73271555s ago: executing program 2 (id=4079): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) ioprio_set$uid(0x3, 0x0, 0x0) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)='%pS \x00'}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r2, &(0x7f00000004c0)}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f00000001c0)={0x1d, r5, 0x0, {0x1, 0xf0}}, 0x18) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000001440)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0xf0ffffffffffff, 0x0, 0x24000095}, 0x20000050) 5.01789315s ago: executing program 4 (id=4080): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=@gettaction={0x54, 0x32, 0x301, 0x0, 0x2, {}, [@action_gd=@TCA_ACT_TAB={0x18, 0x1, [{0x14, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0x14, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}]}]}, 0x54}}, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r6, 0x407, 0x0) write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) vmsplice(r6, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r6, 0x407, 0x2000000) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) syz_open_dev$vcsa(&(0x7f0000000180), 0x62b8, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x2002) 4.922097549s ago: executing program 2 (id=4081): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200) r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r3, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8004}, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000bc0)={{0x0, 0x1}, {0xe}, 0x2, 0x6, 0x2e}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001440)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r4, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, 0x0, 0x48005) readv(r0, &(0x7f0000001540)=[{&(0x7f0000001580)=""/4108, 0x100c}], 0x1) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602200000000e000a000d000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0x2400}, 0x0) 4.802176431s ago: executing program 3 (id=4082): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000440)={0x0, 0x7, 0x16d6, 0xa, 0x9, 0xffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) pipe(0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) mkdir(&(0x7f0000000140)='./control\x00', 0x0) r2 = inotify_init1(0x800) fcntl$setsig(r2, 0xa, 0xe) inotify_add_watch(r2, &(0x7f0000000180)='./control\x00', 0xa400080a) rmdir(&(0x7f0000000100)='./control\x00') 4.800954281s ago: executing program 0 (id=4083): rseq(&(0x7f0000000300), 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, 0x0, 0x0) 4.661379985s ago: executing program 0 (id=4084): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r0, 0x407, 0x0) write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) vmsplice(r0, &(0x7f0000000140)=[{0x0}], 0x1, 0x0) fcntl$setpipe(r0, 0x407, 0x2000000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) writev(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) unshare(0x64000600) 4.660359465s ago: executing program 3 (id=4085): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/udp6\x00') preadv(r0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/22}, {&(0x7f0000000280)=""/89}, {&(0x7f0000000380)=""/154}, {&(0x7f0000000440)=""/146}], 0x2, 0xa3, 0x8000800) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb8, &(0x7f0000000140), &(0x7f00000000c0)=0x4) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000180)=0x8) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r6, 0xc0845657, 0x0) syz_usb_connect(0x0, 0x4f, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000000)={0xffffffffffffffff, 0xfffffffe, {0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x12, 0x1d, 0x10, "de0c2dea1061a1db869ed5527d4127f9ba6226d3e30e89d8d3d3f2889bc1248c7210eb14d2e4d7e5d7f957fdcdb8a7cd2a8d24cee5c0043b1eae0b18bb5a9c65", "f25c6bf857339c73a535b0003cda37db33c12515eba545bbdb3217940e8e827a2a04871b510a7592b2906064586f333178a7fd36d37942a574aa00", "8f5a9a0103626e050a1f00000000000000edeeb78273ffffff00", [0x2, 0xad]}}) getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xc, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0xffffffff, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff3}}}, 0x24}}, 0x0) 3.936772035s ago: executing program 4 (id=4086): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_emit_ethernet(0x42, &(0x7f0000000800)={@link_local, @empty, @void, {@ipv4={0x800, @tipc={{0x7, 0x4, 0x2, 0x31, 0x34, 0x66, 0x0, 0x1, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x26}, {[@generic={0x7, 0x7, "1c06c2bbc0"}]}}, @payload_conn={{{0x18, 0x0, 0x0, 0x1, 0x0, 0x6, 0x1, 0x2, 0x6, 0x0, 0x3, 0x2, 0x4, 0x0, 0x8001, 0x2, 0x4, 0x4e24, 0x4e21}}}}}}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$kcm(0x2, 0x1000000000000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0) r1 = io_uring_setup(0xa2d, 0x0) close(r1) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = syz_open_dev$video(&(0x7f00000001c0), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x8, 0x1, 0x56555941, 0x3, 0x9, [{0x2cca, 0x10001}, {0x54, 0x5}, {0x4, 0x7}, {0x2, 0x3}, {0x9, 0x5}, {0x2, 0x10000}, {0x5, 0x400}, {0xc, 0x3000000}], 0xd, 0x7, 0x1, 0x1, 0x7}}) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) 3.58113077s ago: executing program 2 (id=4087): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/pm_freeze_timeout', 0x101a02, 0x15a) sendfile(r0, r0, 0x0, 0x0) 3.1689392s ago: executing program 2 (id=4088): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb101e, 0x0) umount2(&(0x7f0000000180)='./file0/../file0\x00', 0x4) 3.149166392s ago: executing program 4 (id=4089): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) ioprio_set$uid(0x3, 0x0, 0x0) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000240), &(0x7f0000000280)='%pS \x00'}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r2, &(0x7f00000004c0)}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f00000001c0)={0x1d, r5, 0x0, {0x1, 0xf0}}, 0x18) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000001440)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0xf0ffffffffffff, 0x0, 0x24000095}, 0x20000050) 3.030322634s ago: executing program 2 (id=4090): pipe2(&(0x7f00000004c0), 0x800) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$alg(0x26, 0x5, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x54, 0x1}) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0x3d, 0x0, @fd, 0x0, 0x0, 0xffff, 0x0, 0x1}) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2.316578434s ago: executing program 2 (id=4091): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$igmp6(0xa, 0x3, 0x2) r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0xc8c01) ioctl$IOC_PR_PREEMPT(r0, 0x8044610a, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x4, 0xfffffffe, 0x717e387b, 0x40, "1ae34e06a6ffffff7f0000000040794233a5bd", 0x4, 0x2}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x4080, &(0x7f0000000200)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') read$FUSE(r3, &(0x7f00000005c0)={0x2020}, 0x2020) mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0xc0}, 0x40080) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000040)=0x2fff) 2.031514741s ago: executing program 33 (id=4091): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$igmp6(0xa, 0x3, 0x2) r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0xc8c01) ioctl$IOC_PR_PREEMPT(r0, 0x8044610a, 0x0) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x4, 0xfffffffe, 0x717e387b, 0x40, "1ae34e06a6ffffff7f0000000040794233a5bd", 0x4, 0x2}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x4080, &(0x7f0000000200)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') read$FUSE(r3, &(0x7f00000005c0)={0x2020}, 0x2020) mount$fuse(0x0, &(0x7f0000002540)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0xc0}, 0x40080) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000040)=0x2fff) 2.026376202s ago: executing program 4 (id=4093): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x80081) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000080)={0x0, 0xa7cb, 0x0, 0x0, 0xe809}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0xef7, 0x30, 0x30, 0x0, @in6={0x1b, 0x4e20, 0x7, @empty, 0xbff}, @ib={0x1b, 0xf, 0xffa, {"50916300000000000000000700"}, 0x8000000000000001, 0x8, 0x3}}}, 0x118) 1.010320821s ago: executing program 4 (id=4094): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000300)=@gettaction={0x54, 0x32, 0x301, 0x0, 0x2, {}, [@action_gd=@TCA_ACT_TAB={0x18, 0x1, [{0x14, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0x10, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0x14, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}]}]}, 0x54}}, 0x4000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fcntl$setpipe(r6, 0x407, 0x0) write$FUSE_INIT(r6, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) vmsplice(r6, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r6, 0x407, 0x2000000) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) syz_open_dev$vcsa(&(0x7f0000000180), 0x62b8, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x2002) 375.489823ms ago: executing program 3 (id=4095): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200) r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r3, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8004}, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505330, &(0x7f0000000bc0)={{0x0, 0x1}, {0xe}, 0x2, 0x6, 0x2e}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001440)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r4, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r0, 0x0, 0x48005) readv(r0, &(0x7f0000001540)=[{&(0x7f0000001580)=""/4108, 0x100c}], 0x1) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602200000000e000a000d000000028000001294", 0x2e}], 0x1, 0x0, 0x0, 0x2400}, 0x0) 304.84882ms ago: executing program 0 (id=4096): syz_emit_ethernet(0x7e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x5, 0x0, 0x0, 0x5, 0x1, {0x15, 0x4, 0x0, 0x9, 0x686, 0x67, 0xfff9, 0x7, 0x2f, 0x1000, @multicast1, @rand_addr=0x64010102, {[@timestamp_prespec={0x44, 0x24, 0xc7, 0x3, 0xc, [{@broadcast, 0x4}, {@multicast1, 0x9}, {@private=0xa010100, 0x7000}, {@empty, 0x100}]}, @timestamp_addr={0x44, 0x1c, 0xf2, 0x1, 0x2, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@broadcast, 0x6}, {@multicast2, 0x8}]}]}}}}}}}, 0x0) 145.490265ms ago: executing program 0 (id=4097): setfsgid(0xee00) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) r3 = pidfd_getfd(r2, r2, 0x0) setns(r3, 0x66020000) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000040)='.\x00', 0x2) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 14.888448ms ago: executing program 0 (id=4098): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793f10d10501200002000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001180)={0x84, &(0x7f0000000d00)={0x40, 0x5, 0x2, "33ba"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f00000005c0)={0x1c, &(0x7f0000000600)=ANY=[@ANYBLOB="00146b000000"], 0x0, 0x0}) 0s ago: executing program 4 (id=4099): pipe2(&(0x7f00000004c0), 0x800) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$alg(0x26, 0x5, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x54, 0x1}) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0x3d, 0x0, @fd, 0x0, 0x0, 0xffff, 0x0, 0x1}) io_uring_enter(0xffffffffffffffff, 0x47bc, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): t rIP: 0x1be Unhandled WRMSR(0x11e) = 0x4000 [ 1283.408011][T17307] kvm: kvm [17306]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000 [ 1283.418984][T17307] kvm: kvm [17306]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000 [ 1284.294337][T17325] Cannot find add_set index 65532 as target [ 1284.994966][T17331] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1285.015041][T17331] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1286.424215][T17345] binder: 17344:17345 unknown command 0 [ 1286.429863][T17345] binder: 17344:17345 ioctl c0306201 200000000080 returned -22 [ 1286.644056][T17345] binder: BINDER_SET_CONTEXT_MGR already set [ 1286.650123][T17345] binder: 17344:17345 ioctl 4018620d 2000000002c0 returned -16 [ 1286.665779][T17345] binder_alloc: 17344: binder_alloc_buf, no vma [ 1287.410161][T16348] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1287.422387][T16348] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1287.431852][T16348] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1287.441105][T16348] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1287.448976][T16348] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1287.456802][T16348] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1287.506137][T17196] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1287.533900][T17196] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1288.163641][T17196] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1288.193742][T17196] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1289.402516][T17196] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1289.422959][T17196] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1289.596684][T16348] Bluetooth: hci1: command tx timeout [ 1289.815874][T17196] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1289.834583][T17196] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1289.970848][T17349] chnl_net:caif_netlink_parms(): no params data found [ 1290.495138][T17349] bridge0: port 1(bridge_slave_0) entered blocking state [ 1290.523146][T17349] bridge0: port 1(bridge_slave_0) entered disabled state [ 1290.570075][T17349] bridge_slave_0: entered allmulticast mode [ 1290.596547][T17349] bridge_slave_0: entered promiscuous mode [ 1290.625238][T17349] bridge0: port 2(bridge_slave_1) entered blocking state [ 1290.652994][T17349] bridge0: port 2(bridge_slave_1) entered disabled state [ 1290.660313][T17349] bridge_slave_1: entered allmulticast mode [ 1290.692036][T17349] bridge_slave_1: entered promiscuous mode [ 1290.745903][T17384] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2501'. [ 1290.758409][T17196] tipc: Left network mode [ 1290.798311][T17349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1290.824033][T17349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1291.069975][T17393] binder: 17392:17393 unknown command 0 [ 1291.082770][T17393] binder: 17392:17393 ioctl c0306201 200000000080 returned -22 [ 1291.101234][T17393] binder: BINDER_SET_CONTEXT_MGR already set [ 1291.110148][T17393] binder: 17392:17393 ioctl 4018620d 2000000002c0 returned -16 [ 1291.123544][T17393] binder_alloc: 17392: binder_alloc_buf, no vma [ 1291.190842][T17349] team0: Port device team_slave_0 added [ 1291.280707][T17349] team0: Port device team_slave_1 added [ 1291.980231][T16348] Bluetooth: hci1: command tx timeout [ 1293.468762][T17349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1293.485090][T17349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1293.517227][T17349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1293.606537][T17349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1293.650096][T17349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1293.693023][T17349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1293.837187][T17349] hsr_slave_0: entered promiscuous mode [ 1293.855654][T17349] hsr_slave_1: entered promiscuous mode [ 1293.873237][T17349] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1293.883690][T17349] Cannot create hsr debugfs directory [ 1294.044906][T16348] Bluetooth: hci1: command tx timeout [ 1296.123076][ T51] Bluetooth: hci1: command tx timeout [ 1296.242616][T17196] hsr_slave_0: left promiscuous mode [ 1296.319947][T17196] hsr_slave_1: left promiscuous mode [ 1296.550659][T17196] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1296.630225][T17196] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1296.734412][T17196] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1296.816467][T17196] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1296.908027][T17196] bridge_slave_1: left allmulticast mode [ 1296.974236][T17196] bridge_slave_1: left promiscuous mode [ 1297.038367][T17196] bridge0: port 2(bridge_slave_1) entered disabled state [ 1297.165964][T17196] bridge_slave_0: left allmulticast mode [ 1297.215544][T17196] bridge_slave_0: left promiscuous mode [ 1297.266039][T17196] bridge0: port 1(bridge_slave_0) entered disabled state [ 1297.643104][ T51] Bluetooth: hci3: command 0x1003 tx timeout [ 1297.651638][T16348] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1297.806927][T17196] veth1_macvtap: left promiscuous mode [ 1297.867053][T17196] veth0_macvtap: left promiscuous mode [ 1297.920192][T17196] veth1_vlan: left promiscuous mode [ 1297.961606][T17196] veth0_vlan: left promiscuous mode [ 1300.452210][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.458637][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1302.161735][T17196] team0 (unregistering): Port device team_slave_1 removed [ 1302.228923][T17196] team0 (unregistering): Port device team_slave_0 removed [ 1302.291540][T17196] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1302.355841][T17196] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1303.024157][T17196] bond0 (unregistering): Released all slaves [ 1303.388314][T17349] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1303.398638][T17349] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1303.410396][T17349] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1303.423951][T17349] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1303.541720][T17349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1303.571303][T17349] 8021q: adding VLAN 0 to HW filter on device team0 [ 1303.585986][T13849] bridge0: port 1(bridge_slave_0) entered blocking state [ 1303.593223][T13849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1303.610865][T17217] bridge0: port 2(bridge_slave_1) entered blocking state [ 1303.618054][T17217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1303.831060][T17349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1303.882489][T17349] veth0_vlan: entered promiscuous mode [ 1303.898865][T17349] veth1_vlan: entered promiscuous mode [ 1303.933084][T17349] veth0_macvtap: entered promiscuous mode [ 1303.948631][T17349] veth1_macvtap: entered promiscuous mode [ 1303.978103][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1303.990149][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.000550][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1304.011485][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.021900][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1304.034404][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.045675][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1304.057574][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.072142][T17349] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1304.091323][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1304.101983][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.112142][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1304.123373][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.133486][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1304.143948][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.153913][T17349] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1304.165431][T17349] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1304.178003][T17349] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1304.192447][T17349] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1304.201586][T17349] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1304.211751][T17349] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1304.220922][T17349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1304.291095][T17217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1304.305569][T17217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1304.330212][T13849] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1304.338331][T13849] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1305.783476][T17474] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1305.813487][T17474] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1309.860939][T16348] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1309.867760][ T51] Bluetooth: hci3: command 0x1003 tx timeout [ 1312.563051][ T27] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1312.798233][ T27] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1312.823894][ T27] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1312.834734][ T27] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1312.844050][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1312.889859][T17514] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1312.926463][ T27] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 1313.936222][T16095] usb 4-1: USB disconnect, device number 14 [ 1314.362131][T17531] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1314.383808][T17531] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1315.181336][T13849] Bluetooth: hci3: Frame reassembly failed (-84) [ 1317.242877][ T7003] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1319.260469][T17552] syz.3.2555 (17552) used greatest stack depth: 16200 bytes left [ 1319.573443][T17573] binder: 17572:17573 unknown command 0 [ 1319.587480][T17573] binder: 17572:17573 ioctl c0306201 200000000080 returned -22 [ 1319.627991][T17573] binder: BINDER_SET_CONTEXT_MGR already set [ 1319.653692][T17573] binder: 17572:17573 ioctl 4018620d 200000000100 returned -16 [ 1319.677928][T17573] binder: BINDER_SET_CONTEXT_MGR already set [ 1319.691565][T17573] binder: 17572:17573 ioctl 4018620d 2000000002c0 returned -16 [ 1322.329429][T17611] binder: 17610:17611 unknown command 0 [ 1322.335226][T17611] binder: 17610:17611 ioctl c0306201 200000000080 returned -22 [ 1322.362430][T17611] binder: BINDER_SET_CONTEXT_MGR already set [ 1322.368639][T17611] binder: 17610:17611 ioctl 4018620d 200000000100 returned -16 [ 1322.390155][T17611] binder: BINDER_SET_CONTEXT_MGR already set [ 1322.396543][T17611] binder: 17610:17611 ioctl 4018620d 2000000002c0 returned -16 [ 1322.616177][T17616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2577'. [ 1333.469194][T17671] bridge_slave_0: default FDB implementation only supports local addresses [ 1334.779800][T17677] mac80211_hwsim hwsim12 wlan0: entered promiscuous mode [ 1334.788517][T17677] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1334.890223][T17666] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2594'. [ 1336.722259][T17704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2605'. [ 1338.220612][T17708] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode [ 1338.228717][T17708] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1338.640050][T17717] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2610'. [ 1340.606702][T17747] binder: BINDER_SET_CONTEXT_MGR already set [ 1340.617797][T17747] binder: 17745:17747 ioctl 4018620d 200000000100 returned -16 [ 1340.631598][T17747] binder: BINDER_SET_CONTEXT_MGR already set [ 1340.639718][T17747] binder: 17745:17747 ioctl 4018620d 2000000002c0 returned -16 [ 1341.561113][T17753] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode [ 1341.569438][T17753] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1342.444193][T17763] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2627'. [ 1342.454004][T17772] binder: BINDER_SET_CONTEXT_MGR already set [ 1342.460132][T17772] binder: 17771:17772 ioctl 4018620d 200000000100 returned -16 [ 1342.484120][T17772] binder: BINDER_SET_CONTEXT_MGR already set [ 1342.496641][T17772] binder: 17771:17772 ioctl 4018620d 2000000002c0 returned -16 [ 1344.124004][T17785] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1345.973579][T17802] binder: BINDER_SET_CONTEXT_MGR already set [ 1345.979648][T17802] binder: 17801:17802 ioctl 4018620d 200000000100 returned -16 [ 1346.016793][T17802] binder: BINDER_SET_CONTEXT_MGR already set [ 1346.026074][T17802] binder: 17801:17802 ioctl 4018620d 2000000002c0 returned -16 [ 1348.101637][T17826] binder: 17823:17826 unknown command 0 [ 1348.131700][T17826] binder: 17823:17826 ioctl c0306201 200000000080 returned -22 [ 1350.433351][T17851] binder: 17850:17851 unknown command 0 [ 1350.452852][T17851] binder: 17850:17851 ioctl c0306201 200000000080 returned -22 [ 1350.531162][T17844] pim6reg1: entered allmulticast mode [ 1353.722371][T17883] binder: 17882:17883 unknown command 0 [ 1353.728393][T17883] binder: 17882:17883 ioctl c0306201 200000000080 returned -22 [ 1353.921917][T17881] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2668'. [ 1356.804408][T17913] binder: 17912:17913 unknown command 0 [ 1356.810034][T17913] binder: 17912:17913 ioctl c0306201 200000000080 returned -22 [ 1357.112974][T17918] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2681'. [ 1359.322076][T17943] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2691'. [ 1361.838457][ T966] libceph: connect (1)[c::]:6789 error -101 [ 1361.867991][ T966] libceph: mon0 (1)[c::]:6789 connect error [ 1361.889795][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.896315][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.139845][T17972] syz.2.2697 uses obsolete (PF_INET,SOCK_PACKET) [ 1362.166273][ T5879] libceph: connect (1)[c::]:6789 error -101 [ 1362.172376][ T5879] libceph: mon0 (1)[c::]:6789 connect error [ 1362.796091][T17961] ceph: No mds server is up or the cluster is laggy [ 1363.804829][T17983] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1363.848593][T17983] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1364.123997][T17991] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2702'. [ 1366.696773][T18025] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1367.445122][T18032] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2710'. [ 1367.669089][T18043] binder: 18042:18043 unknown command 0 [ 1367.698712][T18043] binder: 18042:18043 ioctl c0306201 200000000080 returned -22 [ 1370.923251][ T5867] libceph: connect (1)[c::]:6789 error -101 [ 1370.929399][ T5867] libceph: mon0 (1)[c::]:6789 connect error [ 1371.194509][T18069] ceph: No mds server is up or the cluster is laggy [ 1372.394312][T18100] binder: 18099:18100 unknown command 0 [ 1372.413209][T18100] binder: 18099:18100 ioctl c0306201 200000000080 returned -22 [ 1373.145312][T18081] Process accounting resumed [ 1373.165374][T18110] binder: 18109:18110 ioctl 4018620d 0 returned -22 [ 1373.173609][T18110] binder: 18109:18110 unknown command 0 [ 1373.179301][T18110] binder: 18109:18110 ioctl c0306201 200000000080 returned -22 [ 1376.861597][T18153] binder: 18152:18153 ioctl 4018620d 0 returned -22 [ 1376.869012][T18153] binder: 18152:18153 unknown command 0 [ 1376.875037][T18153] binder: 18152:18153 ioctl c0306201 200000000080 returned -22 [ 1380.074537][T18195] binder: 18191:18195 ioctl 4018620d 0 returned -22 [ 1380.100189][T18195] binder: 18191:18195 unknown command 0 [ 1380.118594][T18195] binder: 18191:18195 ioctl c0306201 200000000080 returned -22 [ 1383.690568][T18240] binder: BINDER_SET_CONTEXT_MGR already set [ 1384.125266][T18240] binder: 18239:18240 ioctl 4018620d 200000000100 returned -16 [ 1384.132994][T18244] binder: BINDER_SET_CONTEXT_MGR already set [ 1384.139446][T18244] binder: 18239:18244 ioctl 4018620d 2000000002c0 returned -16 [ 1384.684602][ T7003] Bluetooth: hci0: command 0x0406 tx timeout [ 1388.745812][T18281] binder: BINDER_SET_CONTEXT_MGR already set [ 1388.751904][T18281] binder: 18280:18281 ioctl 4018620d 200000000100 returned -16 [ 1388.762421][T18281] binder: BINDER_SET_CONTEXT_MGR already set [ 1388.772144][T18281] binder: 18280:18281 ioctl 4018620d 2000000002c0 returned -16 [ 1391.363633][T18316] binder: BINDER_SET_CONTEXT_MGR already set [ 1391.400500][T18316] binder: 18315:18316 ioctl 4018620d 200000000100 returned -16 [ 1391.447057][T18316] binder: BINDER_SET_CONTEXT_MGR already set [ 1391.472884][T18316] binder: 18315:18316 ioctl 4018620d 2000000002c0 returned -16 [ 1393.666989][ T5879] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1394.042274][ T5879] usb 1-1: Using ep0 maxpacket: 8 [ 1394.362854][ T5879] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1394.382551][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1394.413412][T18341] binder: 18340:18341 ioctl c0306201 0 returned -14 [ 1394.421151][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1394.471970][ T5879] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1394.969476][ T5879] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1394.992231][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1395.390074][ T5879] usb 1-1: GET_CAPABILITIES returned 0 [ 1395.400361][ T5879] usbtmc 1-1:16.0: can't read capabilities [ 1395.481470][ T5879] usb 1-1: USB disconnect, device number 12 [ 1397.716160][T18375] binder: 18374:18375 ioctl c0306201 0 returned -14 [ 1397.756793][T18375] binder: BINDER_SET_CONTEXT_MGR already set [ 1397.776338][T18375] binder: 18374:18375 ioctl 4018620d 200000000100 returned -16 [ 1402.554803][T18416] binder: 18415:18416 ioctl c0306201 0 returned -14 [ 1405.336038][T18441] warning: `syz.2.2819' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1407.991196][T18468] tipc: Started in network mode [ 1407.996410][T18468] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 1408.021857][T18468] tipc: Enabled bearer , priority 10 [ 1408.953375][T16095] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1409.027138][ T787] tipc: Node number set to 4269801488 [ 1409.193035][T16095] usb 2-1: Using ep0 maxpacket: 32 [ 1409.259208][T16095] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 1409.267622][T16095] usb 2-1: config 0 has no interface number 0 [ 1409.305148][T16095] usb 2-1: config 0 interface 12 has no altsetting 0 [ 1409.430292][T16095] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1409.442736][T16095] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1409.457123][T16095] usb 2-1: Product: syz [ 1409.461755][T16095] usb 2-1: Manufacturer: syz [ 1409.466806][T16095] usb 2-1: SerialNumber: syz [ 1409.494040][T16095] usb 2-1: config 0 descriptor?? [ 1409.787252][T16095] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71 [ 1409.800502][T16095] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 1409.809162][T16095] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1409.844461][T16095] f81534: probe of 2-1:0.12 failed with error -71 [ 1409.869046][T16095] usb 2-1: USB disconnect, device number 10 [ 1410.080811][T16348] Bluetooth: hci1: command 0x0406 tx timeout [ 1411.312881][T18497] gfs2: gfs2 mount does not exist [ 1412.192818][ T787] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1412.333071][T18518] syz.0.2849 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1412.392839][ T787] usb 2-1: Using ep0 maxpacket: 8 [ 1412.410245][ T787] usb 2-1: config 0 has an invalid interface number: 56 but max is 0 [ 1412.432340][ T787] usb 2-1: config 0 has no interface number 0 [ 1412.452956][ T787] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 1412.465349][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1412.474485][ T787] usb 2-1: Product: syz [ 1412.478806][ T787] usb 2-1: Manufacturer: syz [ 1412.484818][ T787] usb 2-1: SerialNumber: syz [ 1412.492009][ T787] usb 2-1: config 0 descriptor?? [ 1412.500844][ T787] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 1412.509444][ T787] pctv452e: pctv452e_power_ctrl: 1 [ 1412.509444][ T787] [ 1412.519557][ T787] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 1412.519557][ T787] [ 1412.530572][ T787] dvb-usb: bulk message failed: -22 (5/0) [ 1412.539701][ T787] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1412.553582][ T787] dvbdev: DVB: registering new adapter (Technotrend TT Connect S2-3600) [ 1412.570342][ T787] usb 2-1: media controller created [ 1412.576857][ T787] dvb-usb: bulk message failed: -22 (8/0) [ 1412.583511][ T787] pctv452e: I2C error -22; AA 01 A0 01 14 -> aa 01 31 04 a0 01 14 [ 1412.592416][ T787] dvb-usb: MAC address reading failed. [ 1412.623047][ T27] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1412.647357][ T787] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1412.713816][T18507] dvb-usb: bulk message failed: -22 (7/0) [ 1412.720063][T18507] pctv452e: I2C error -22; AA 02 04 00 02 -> aa 02 31 03 04 00 02 [ 1412.732414][ T787] DVB: Unable to find symbol stb0899_attach() [ 1412.740900][ T787] dvb-usb: no frontend was attached by 'Technotrend TT Connect S2-3600' [ 1412.982810][ T787] rc_core: IR keymap rc-tt-1500 not found [ 1412.988587][ T787] Registered IR keymap rc-empty [ 1412.993587][ T27] usb 1-1: Using ep0 maxpacket: 32 [ 1413.755188][ T27] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 1413.765120][ T787] rc rc0: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 1413.778175][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1413.788984][ T787] input: Technotrend TT Connect S2-3600 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input33 [ 1413.803039][ T27] usb 1-1: config 0 descriptor?? [ 1413.833004][T16095] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1413.841358][ T787] dvb-usb: schedule remote query interval to 100 msecs. [ 1413.869975][ T787] pctv452e: pctv452e_power_ctrl: 0 [ 1413.869975][ T787] [ 1413.880375][ T787] dvb-usb: Technotrend TT Connect S2-3600 successfully initialized and connected. [ 1413.911399][ T787] usb 2-1: USB disconnect, device number 11 [ 1414.027071][ T27] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 1414.052860][T16095] usb 3-1: Using ep0 maxpacket: 8 [ 1414.083162][ T787] dvb-usb: Technotrend TT Connect S2-3600 successfully deinitialized and disconnected. [ 1414.097399][ T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1414.115280][T16095] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1414.168845][T16095] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1414.197716][ T27] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 1414.225754][T16095] usb 3-1: config 0 has no interfaces? [ 1414.236019][ T27] usb 1-1: media controller created [ 1414.268443][T16095] usb 3-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15 [ 1414.299522][T16095] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1414.324631][T16095] usb 3-1: Product: syz [ 1414.328926][T16095] usb 3-1: Manufacturer: syz [ 1414.335176][ T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1414.343725][T16095] usb 3-1: SerialNumber: syz [ 1414.356066][T16095] usb 3-1: config 0 descriptor?? [ 1414.394780][ T27] az6027: usb out operation failed. (-71) [ 1414.402474][ T27] az6027: usb out operation failed. (-71) [ 1414.408530][ T27] stb0899_attach: Driver disabled by Kconfig [ 1414.414646][ T27] az6027: no front-end attached [ 1414.414646][ T27] [ 1414.426445][ T27] az6027: usb out operation failed. (-71) [ 1414.432830][ T27] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 1414.446451][ T27] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input34 [ 1414.466826][ T27] dvb-usb: schedule remote query interval to 400 msecs. [ 1414.474833][ T27] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 1414.486535][ T27] usb 1-1: USB disconnect, device number 13 [ 1414.544545][ T27] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 1414.941295][T18539] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 1416.751682][ T966] usb 3-1: USB disconnect, device number 19 [ 1417.942084][T18556] sg_write: process 382 (syz.3.2862) changed security contexts after opening file descriptor, this is not allowed. [ 1421.333490][T18589] Bluetooth: MGMT ver 1.22 [ 1423.068902][ T787] IPVS: starting estimator thread 0... [ 1423.274271][T18623] IPVS: using max 18 ests per chain, 43200 per kthread [ 1423.332567][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.339243][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1425.122963][ T787] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1425.322951][ T787] usb 4-1: device descriptor read/64, error -71 [ 1425.812751][ T787] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1425.992804][ T787] usb 4-1: device descriptor read/64, error -71 [ 1426.126836][ T787] usb usb4-port1: attempt power cycle [ 1427.182847][ T787] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1427.223459][ T787] usb 4-1: device descriptor read/8, error -71 [ 1427.523431][ T787] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1430.152769][ T787] usb 4-1: device descriptor read/8, error -71 [ 1430.282062][ T787] usb usb4-port1: unable to enumerate USB device [ 1430.331397][ T28] audit: type=1326 audit(1761445040.200:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1430.394174][ T28] audit: type=1326 audit(1761445040.210:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1430.806811][ T28] audit: type=1326 audit(1761445040.210:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1430.970209][ T28] audit: type=1326 audit(1761445040.210:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1431.226145][ T28] audit: type=1326 audit(1761445040.210:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1432.372031][ T28] audit: type=1326 audit(1761445040.210:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1432.394998][ T28] audit: type=1326 audit(1761445040.210:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1432.462718][ T28] audit: type=1326 audit(1761445040.210:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f753dd8efc9 code=0x7ffc0000 [ 1432.512819][ T28] audit: type=1326 audit(1761445040.210:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f753dd85e67 code=0x7ffc0000 [ 1432.565492][ T28] audit: type=1326 audit(1761445040.210:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18687 comm="syz.1.2904" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f753dd2b099 code=0x7ffc0000 [ 1435.573816][T16241] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 1435.831658][T16241] usb 4-1: config 0 interface 0 altsetting 128 has an invalid endpoint with address 0x0, skipping [ 1435.932125][T16241] usb 4-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1435.958654][T16241] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1435.967152][T16241] usb 4-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00 [ 1435.976826][T16241] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1435.987762][T16241] usb 4-1: config 0 descriptor?? [ 1436.005648][T16241] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input35 [ 1438.870110][ T5144] bcm5974 4-1:0.0: could not read from device [ 1438.986655][ T5144] bcm5974 4-1:0.0: could not read from device [ 1439.065088][T16241] usb 4-1: USB disconnect, device number 19 [ 1443.602746][T16095] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 1443.817568][T16095] usb 3-1: config 0 interface 0 altsetting 128 has an invalid endpoint with address 0x0, skipping [ 1443.828392][T16095] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1443.912842][T16095] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1443.933025][T16095] usb 3-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00 [ 1443.942433][T16095] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1444.053335][T16095] usb 3-1: config 0 descriptor?? [ 1444.381336][T16095] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input36 [ 1446.332887][ T5144] bcm5974 3-1:0.0: could not read from device [ 1446.609564][T16095] usb 3-1: USB disconnect, device number 20 [ 1447.262741][T16095] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1447.444669][T16095] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 1447.462798][T16095] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1447.491637][T16095] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1447.523146][T16095] usb 4-1: config 220 has no interface number 2 [ 1447.541193][T16095] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1447.578628][T16095] usb 4-1: config 220 interface 0 has no altsetting 0 [ 1447.586896][T16095] usb 4-1: config 220 interface 76 has no altsetting 0 [ 1447.594185][T16095] usb 4-1: config 220 interface 1 has no altsetting 0 [ 1447.604438][T16095] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1447.614085][T16095] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1447.625730][T16095] usb 4-1: Product: syz [ 1447.630051][T16095] usb 4-1: Manufacturer: syz [ 1447.635634][T16095] usb 4-1: SerialNumber: syz [ 1447.873734][T16095] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 1447.891808][T16095] usb 4-1: No valid video chain found. [ 1447.920334][T16095] usb 4-1: selecting invalid altsetting 0 [ 1447.960007][T16095] usb 4-1: selecting invalid altsetting 0 [ 1447.972539][T16095] usbtest: probe of 4-1:220.1 failed with error -22 [ 1447.991883][T16095] usb 4-1: USB disconnect, device number 20 [ 1449.756597][T18854] binder: 18853:18854 unknown command 0 [ 1449.770305][T18854] binder: 18853:18854 ioctl c0306201 200000000080 returned -22 [ 1449.839737][T18854] binder: BINDER_SET_CONTEXT_MGR already set [ 1449.859926][T18854] binder: 18853:18854 ioctl 4018620d 2000000002c0 returned -16 [ 1449.860530][ T28] kauditd_printk_skb: 61 callbacks suppressed [ 1449.860545][ T28] audit: type=1326 audit(1761445059.730:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1449.926873][T18854] binder_alloc: 18853: binder_alloc_buf, no vma [ 1449.973687][ T28] audit: type=1326 audit(1761445059.790:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1450.030510][ T28] audit: type=1326 audit(1761445059.790:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1450.089938][ T28] audit: type=1326 audit(1761445059.790:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1451.040629][ T28] audit: type=1326 audit(1761445059.790:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1451.129018][ T28] audit: type=1326 audit(1761445059.790:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1451.174407][ T28] audit: type=1326 audit(1761445059.800:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1451.197094][ T28] audit: type=1326 audit(1761445059.800:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1823585e67 code=0x7ffc0000 [ 1451.220077][ T28] audit: type=1326 audit(1761445059.800:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f182352b099 code=0x7ffc0000 [ 1451.242867][ T28] audit: type=1326 audit(1761445059.800:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18856 comm="syz.3.2958" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1453.479761][T18890] binder: 18889:18890 unknown command 0 [ 1453.508132][T18890] binder: 18889:18890 ioctl c0306201 200000000080 returned -22 [ 1453.553546][T18890] binder: 18889:18890 ioctl c0306201 0 returned -14 [ 1453.927678][T18900] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1453.937036][T18900] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1457.830546][T18941] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1457.841424][T18941] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1459.965535][T18944] ALSA: mixer_oss: invalid OSS volume '' [ 1462.993581][T18977] binder: 18976:18977 unknown command 0 [ 1462.999265][T18977] binder: 18976:18977 ioctl c0306201 200000000080 returned -22 [ 1464.299474][T18995] bridge_slave_0: default FDB implementation only supports local addresses [ 1465.731809][T19013] binder: 19011:19013 unknown command 0 [ 1465.791513][T19013] binder: 19011:19013 ioctl c0306201 200000000080 returned -22 [ 1467.423228][ T5867] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1467.752053][ T5867] usb 3-1: config 0 has no interfaces? [ 1468.120474][ T5867] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1468.132773][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1468.140832][ T5867] usb 3-1: Product: syz [ 1468.151813][ T5867] usb 3-1: Manufacturer: syz [ 1468.156586][ T5867] usb 3-1: SerialNumber: syz [ 1468.173995][ T5867] usb 3-1: config 0 descriptor?? [ 1468.180074][T19045] binder: 19044:19045 unknown command 0 [ 1468.192776][T19045] binder: 19044:19045 ioctl c0306201 200000000080 returned -22 [ 1469.722047][ T28] kauditd_printk_skb: 60 callbacks suppressed [ 1469.722064][ T28] audit: type=1326 audit(1761445079.600:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1469.870338][ T28] audit: type=1326 audit(1761445079.600:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1469.971003][ T28] audit: type=1326 audit(1761445079.600:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1470.050841][ T28] audit: type=1326 audit(1761445079.600:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1470.234804][ T28] audit: type=1326 audit(1761445079.600:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1470.404982][ T28] audit: type=1326 audit(1761445079.600:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1470.518906][ T28] audit: type=1326 audit(1761445079.600:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1470.578033][ T28] audit: type=1326 audit(1761445079.600:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1823585e67 code=0x7ffc0000 [ 1470.600713][ T28] audit: type=1326 audit(1761445079.600:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f182352b099 code=0x7ffc0000 [ 1470.685071][ T28] audit: type=1326 audit(1761445079.600:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19061 comm="syz.3.3026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1470.883315][T19024] team0 (unregistering): Port device team_slave_0 removed [ 1470.900759][T19075] binder: 19074:19075 unknown command 0 [ 1470.911295][T19075] binder: 19074:19075 ioctl c0306201 200000000080 returned -22 [ 1470.929944][T19024] team0 (unregistering): Port device team_slave_1 removed [ 1471.065894][ T6970] usb 3-1: USB disconnect, device number 21 [ 1472.362906][T19099] netlink: 'syz.3.3039': attribute type 4 has an invalid length. [ 1476.008778][ T28] kauditd_printk_skb: 139 callbacks suppressed [ 1476.008790][ T28] audit: type=1326 audit(1761445085.890:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.079832][ T28] audit: type=1326 audit(1761445085.930:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.144697][ T28] audit: type=1326 audit(1761445085.930:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.209586][ T28] audit: type=1326 audit(1761445085.930:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.249414][ T28] audit: type=1326 audit(1761445085.930:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19130 comm="syz.2.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1476.726204][ T28] audit: type=1326 audit(1761445085.930:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.765867][ T28] audit: type=1326 audit(1761445085.930:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.792316][ T28] audit: type=1326 audit(1761445085.930:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.819078][ T28] audit: type=1326 audit(1761445085.940:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19135 comm="syz.3.3053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1476.938540][ T28] audit: type=1326 audit(1761445085.930:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19130 comm="syz.2.3051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1480.193550][ T5867] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 1480.475258][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1480.497112][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1480.528200][ T5867] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1480.557781][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1480.594576][ T5867] usb 3-1: config 0 descriptor?? [ 1480.628325][ T5867] hub 3-1:0.0: USB hub found [ 1480.903394][ T5867] hub 3-1:0.0: config failed, hub has too many ports! (err -19) [ 1481.179099][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 1481.191821][ T5867] usbhid 3-1:0.0: can't add hid device: -71 [ 1482.192808][ T5867] usbhid: probe of 3-1:0.0 failed with error -71 [ 1482.243752][ T5867] usb 3-1: USB disconnect, device number 22 [ 1484.775962][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.782439][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1488.232972][T12626] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1488.473228][T12626] usb 3-1: Using ep0 maxpacket: 32 [ 1488.529488][T12626] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 1488.538379][T12626] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1488.547377][T12626] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1488.564833][T12626] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1488.603871][T12626] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1488.664266][T12626] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 1488.680313][T12626] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1488.722684][T12626] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1488.743532][T12626] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1488.760891][T12626] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1488.781763][T12626] usb 3-1: config 0 descriptor?? [ 1488.800445][T19244] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1489.113748][T12626] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 23 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1489.388163][T12964] usb 3-1: USB disconnect, device number 23 [ 1489.611291][T12964] usblp0: removed [ 1498.647980][ T28] kauditd_printk_skb: 61 callbacks suppressed [ 1498.648004][ T28] audit: type=1326 audit(1761445108.530:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1498.703173][ T28] audit: type=1326 audit(1761445108.550:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1498.839887][ T28] audit: type=1326 audit(1761445108.550:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1499.296035][ T28] audit: type=1326 audit(1761445108.550:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1499.333252][ T28] audit: type=1326 audit(1761445108.550:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1499.358365][ T28] audit: type=1326 audit(1761445108.550:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1499.396704][ T28] audit: type=1326 audit(1761445108.550:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1499.437933][ T28] audit: type=1326 audit(1761445108.550:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1499.472306][ T28] audit: type=1326 audit(1761445108.550:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1823585e67 code=0x7ffc0000 [ 1499.501206][ T28] audit: type=1326 audit(1761445108.550:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19355 comm="syz.3.3125" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f182352b099 code=0x7ffc0000 [ 1499.713605][T19368] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3131'. [ 1499.747425][T19368] tipc: Started in network mode [ 1499.753680][T19368] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1499.770346][T19368] tipc: Enabled bearer , priority 10 [ 1501.077988][T12626] tipc: Node number set to 1 [ 1502.893032][T12626] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 1503.565780][T12626] usb 3-1: config 228 has an invalid interface number: 80 but max is 0 [ 1503.579228][T12626] usb 3-1: config 228 has no interface number 0 [ 1503.604647][T12626] usb 3-1: config 228 interface 80 altsetting 16 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 1503.652699][T12626] usb 3-1: config 228 interface 80 has no altsetting 0 [ 1503.683272][T12626] usb 3-1: New USB device found, idVendor=2f26, idProduct=e263, bcdDevice= a.eb [ 1503.712715][T12626] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1503.720977][T12626] usb 3-1: Product: syz [ 1503.745189][T12626] usb 3-1: Manufacturer: syz [ 1503.749872][T12626] usb 3-1: SerialNumber: syz [ 1504.005555][T12626] rndis_wlan 3-1:228.80: invalid descriptor buffer length [ 1504.038995][T12626] usb 3-1: bad CDC descriptors [ 1504.066526][T12626] rndis_host 3-1:228.80: invalid descriptor buffer length [ 1504.082679][T12626] usb 3-1: bad CDC descriptors [ 1504.105686][T12626] usb 3-1: USB disconnect, device number 24 [ 1504.288795][T19411] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3145'. [ 1504.318343][T19411] tipc: Started in network mode [ 1504.324096][T19411] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 1510.294435][T19411] tipc: Enabled bearer , priority 10 [ 1511.302987][T12626] tipc: Node number set to 1 [ 1519.231608][ T28] kauditd_printk_skb: 197 callbacks suppressed [ 1519.231626][ T28] audit: type=1326 audit(1761445129.110:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1519.240939][T19469] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3167'. [ 1519.304643][T19469] tipc: Enabling of bearer rejected, already enabled [ 1519.313257][ T28] audit: type=1326 audit(1761445129.110:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1519.413294][ T28] audit: type=1326 audit(1761445129.110:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1519.442734][ T28] audit: type=1326 audit(1761445129.110:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1519.538902][ T28] audit: type=1326 audit(1761445129.150:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1519.846182][ T28] audit: type=1326 audit(1761445129.150:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1519.987515][ T28] audit: type=1326 audit(1761445129.150:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1520.019327][ T28] audit: type=1326 audit(1761445129.150:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1a67d85e67 code=0x7ffc0000 [ 1520.045496][ T28] audit: type=1326 audit(1761445129.150:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1a67d2b099 code=0x7ffc0000 [ 1520.082354][ T28] audit: type=1326 audit(1761445129.150:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19470 comm="syz.2.3175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1520.197178][T19480] binder: BINDER_SET_CONTEXT_MGR already set [ 1520.233799][T19480] binder: 19477:19480 ioctl 4018620d 200000000040 returned -16 [ 1520.340261][T19483] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1520.362741][T19483] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1521.134868][T19496] loop5: detected capacity change from 0 to 7 [ 1521.442956][T19496] Dev loop5: unable to read RDB block 7 [ 1521.452491][T19496] loop5: unable to read partition table [ 1521.474156][T19496] loop5: partition table beyond EOD, truncated [ 1521.494331][T19496] loop_reread_partitions: partition scan of loop5 (ъщ) failed (rc=-5) [ 1524.799232][T19534] loop5: detected capacity change from 0 to 7 [ 1524.875597][T19534] Dev loop5: unable to read RDB block 7 [ 1524.882251][T19534] loop5: unable to read partition table [ 1524.906376][T19534] loop5: partition table beyond EOD, truncated [ 1524.917207][T19534] loop_reread_partitions: partition scan of loop5 (ъщ) failed (rc=-5) [ 1525.954890][T19543] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3188'. [ 1526.923067][T19551] binder: 19550:19551 unknown command 0 [ 1526.928702][T19551] binder: 19550:19551 ioctl c0306201 200000000080 returned -22 [ 1528.259864][T19566] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1528.334973][T19566] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1533.602222][T19625] netlink: 'syz.3.3214': attribute type 10 has an invalid length. [ 1533.611828][T19625] bond0: (slave wlan1): Opening slave failed [ 1535.634837][T19669] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1535.644185][T19669] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1537.037731][T19685] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3223'. [ 1537.425560][T19685] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 1537.678303][T12626] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1538.834972][ T28] kauditd_printk_skb: 61 callbacks suppressed [ 1538.835023][ T28] audit: type=1326 audit(1761445148.640:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1538.915903][ T28] audit: type=1326 audit(1761445148.640:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.298271][ T28] audit: type=1326 audit(1761445148.640:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.361481][ T28] audit: type=1326 audit(1761445148.640:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.430125][ T28] audit: type=1326 audit(1761445148.640:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.454827][ T28] audit: type=1326 audit(1761445148.650:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.514056][ T28] audit: type=1326 audit(1761445148.650:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.538465][ T28] audit: type=1326 audit(1761445148.650:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.561236][T12626] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1539.570523][ T28] audit: type=1326 audit(1761445148.650:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1539.603690][T12626] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1539.611330][T12626] usb 2-1: can't read configurations, error -71 [ 1539.636207][ T28] audit: type=1326 audit(1761445148.650:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19692 comm="syz.3.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1542.025014][T19728] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1542.044375][T19728] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1542.053561][T19727] netlink: 'syz.1.3237': attribute type 10 has an invalid length. [ 1542.073955][T19727] bond0: (slave wlan1): Opening slave failed [ 1542.363556][T19733] afs: Unknown parameter '' [ 1545.163132][T19754] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3245'. [ 1546.214547][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.220920][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.971671][T19770] loop2: detected capacity change from 0 to 7 [ 1547.044986][T19770] Dev loop2: unable to read RDB block 7 [ 1547.076392][T19770] loop2: AHDI p1 p2 p3 [ 1547.102121][T19770] loop2: partition table partially beyond EOD, truncated [ 1547.172868][T19770] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1547.271423][T19770] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1547.284253][T19770] netlink: 'syz.3.3250': attribute type 10 has an invalid length. [ 1547.292401][T19770] bridge0: port 3(netdevsim0) entered blocking state [ 1548.065425][T19770] bridge0: port 3(netdevsim0) entered disabled state [ 1548.113422][T19770] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 1548.200070][T19770] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1548.280542][T19770] bridge0: port 3(netdevsim0) entered blocking state [ 1548.288033][T19770] bridge0: port 3(netdevsim0) entered forwarding state [ 1548.859469][ T28] kauditd_printk_skb: 110 callbacks suppressed [ 1548.859485][ T28] audit: type=1326 audit(1761445158.740:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.004905][ T28] audit: type=1326 audit(1761445158.740:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.103032][ T28] audit: type=1326 audit(1761445158.780:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.143895][T19792] binder: 19791:19792 unknown command 0 [ 1549.149536][T19792] binder: 19791:19792 ioctl c0306201 200000000080 returned -22 [ 1549.160176][ T28] audit: type=1326 audit(1761445158.780:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.220850][ T28] audit: type=1326 audit(1761445158.780:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.286893][ T28] audit: type=1326 audit(1761445158.780:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.340540][ T28] audit: type=1326 audit(1761445158.780:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.453017][ T28] audit: type=1326 audit(1761445158.780:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1549.476385][ T28] audit: type=1326 audit(1761445158.840:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1550.344993][ T28] audit: type=1326 audit(1761445158.840:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19782 comm="syz.2.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1550.370758][T19799] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1550.386097][T19799] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1552.940317][T19828] binder: 19827:19828 unknown command 0 [ 1552.999318][T19828] binder: 19827:19828 ioctl c0306201 200000000080 returned -22 [ 1554.663216][ T28] kauditd_printk_skb: 53 callbacks suppressed [ 1554.663228][ T28] audit: type=1326 audit(1761445164.550:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1554.936392][ T28] audit: type=1326 audit(1761445164.550:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1554.984274][ T28] audit: type=1326 audit(1761445164.580:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1555.849435][ T28] audit: type=1326 audit(1761445164.580:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1555.875586][ T28] audit: type=1326 audit(1761445164.590:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1555.981144][ T28] audit: type=1326 audit(1761445164.590:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1556.036011][ T28] audit: type=1326 audit(1761445164.590:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1556.070910][ T28] audit: type=1326 audit(1761445164.590:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1556.095008][ T28] audit: type=1326 audit(1761445164.600:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1556.133039][ T28] audit: type=1326 audit(1761445164.600:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19839 comm="syz.2.3270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1a67d85e67 code=0x7ffc0000 [ 1556.260140][T19850] loop2: detected capacity change from 0 to 7 [ 1556.277051][T19850] Dev loop2: unable to read RDB block 7 [ 1556.302667][T19850] loop2: AHDI p1 p2 p3 [ 1556.306994][T19850] loop2: partition table partially beyond EOD, truncated [ 1556.354317][T19850] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1556.361143][T19850] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1556.482860][T19853] netlink: 'syz.2.3273': attribute type 10 has an invalid length. [ 1556.511282][T19853] bridge0: port 3(netdevsim0) entered blocking state [ 1556.522880][T19853] bridge0: port 3(netdevsim0) entered disabled state [ 1556.529882][T19853] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 1556.538779][T19853] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1556.549643][T19853] bridge0: port 3(netdevsim0) entered blocking state [ 1556.556659][T19853] bridge0: port 3(netdevsim0) entered forwarding state [ 1556.829109][T19859] binder: 19858:19859 unknown command 0 [ 1556.836316][T19859] binder: 19858:19859 ioctl c0306201 200000000080 returned -22 [ 1559.500915][T19886] binder: 19884:19886 unknown command 0 [ 1559.515382][T19886] binder: 19884:19886 ioctl c0306201 200000000080 returned -22 [ 1559.568984][T19886] binder: 19884:19886 ioctl c0306201 0 returned -14 [ 1560.270668][T19893] loop2: detected capacity change from 0 to 7 [ 1560.313358][T19893] Dev loop2: unable to read RDB block 7 [ 1560.319004][T19893] loop2: AHDI p1 p2 p3 [ 1560.325889][T19893] loop2: partition table partially beyond EOD, truncated [ 1560.375579][T19893] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1560.392395][T19893] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1560.428879][T19897] netlink: 'syz.1.3289': attribute type 10 has an invalid length. [ 1560.452897][T19897] bridge0: port 3(netdevsim0) entered blocking state [ 1560.459907][T19897] bridge0: port 3(netdevsim0) entered disabled state [ 1560.479101][T19897] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 1560.517578][T19897] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 1560.530118][T19897] bridge0: port 3(netdevsim0) entered blocking state [ 1560.537070][T19897] bridge0: port 3(netdevsim0) entered forwarding state [ 1562.053014][ T28] kauditd_printk_skb: 123 callbacks suppressed [ 1562.053031][ T28] audit: type=1326 audit(1761445171.930:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.107034][ T28] audit: type=1326 audit(1761445171.930:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.134322][ T28] audit: type=1326 audit(1761445171.930:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.217937][ T28] audit: type=1326 audit(1761445171.930:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.245438][ T28] audit: type=1326 audit(1761445171.930:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.273580][ T28] audit: type=1326 audit(1761445171.930:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.461534][ T28] audit: type=1326 audit(1761445171.930:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.525668][ T28] audit: type=1326 audit(1761445171.930:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1823585e67 code=0x7ffc0000 [ 1562.560834][T19915] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3298'. [ 1562.599714][T19917] binder: 19916:19917 unknown command 0 [ 1562.601783][ T28] audit: type=1326 audit(1761445171.930:1087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f182352b099 code=0x7ffc0000 [ 1562.622846][T19917] binder: 19916:19917 ioctl c0306201 200000000080 returned -22 [ 1562.658969][ T28] audit: type=1326 audit(1761445171.930:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19909 comm="syz.3.3295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1562.696344][T19917] binder: BINDER_SET_CONTEXT_MGR already set [ 1562.722461][T19917] binder: 19916:19917 ioctl 4018620d 2000000002c0 returned -16 [ 1562.750153][T19917] binder: 19916:19917 ioctl c0306201 0 returned -14 [ 1565.717823][T19951] binder: 19950:19951 unknown command 0 [ 1565.732333][T19951] binder: 19950:19951 ioctl c0306201 200000000080 returned -22 [ 1565.786661][T19955] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3310'. [ 1565.821995][T19951] binder: 19950:19951 ioctl c0306201 0 returned -14 [ 1569.603451][T19987] binder: 19986:19987 unknown command 0 [ 1569.627043][T19987] binder: 19986:19987 ioctl c0306201 200000000080 returned -22 [ 1569.648262][T19989] loop2: detected capacity change from 0 to 7 [ 1569.703821][T19989] Dev loop2: unable to read RDB block 7 [ 1569.738506][T19989] loop2: AHDI p1 p2 p3 [ 1569.773677][T19989] loop2: partition table partially beyond EOD, truncated [ 1569.796459][T19989] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1569.818418][T19989] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1571.294106][T20000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3325'. [ 1572.516279][T20013] binder: 20012:20013 unknown command 0 [ 1572.542940][T20013] binder: 20012:20013 ioctl c0306201 200000000080 returned -22 [ 1572.633537][T20018] loop2: detected capacity change from 0 to 7 [ 1572.640854][T20018] Dev loop2: unable to read RDB block 7 [ 1572.652736][T20018] loop2: AHDI p1 p2 p3 [ 1572.656934][T20018] loop2: partition table partially beyond EOD, truncated [ 1572.677892][T20018] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1572.690112][T20018] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1573.025625][T20023] input: syz0 as /devices/virtual/input/input37 [ 1578.444102][T20047] binder: 20044:20047 unknown command 0 [ 1578.449895][T20047] binder: 20044:20047 ioctl c0306201 200000000080 returned -22 [ 1580.413643][T16348] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1580.425875][T16348] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1580.448355][T16348] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1580.462922][T16348] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1580.471796][T16348] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1580.479813][T16348] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1582.243312][ T42] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1582.684450][T16348] Bluetooth: hci0: command tx timeout [ 1583.619423][ T42] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1583.704859][T20074] binder: 20073:20074 unknown command 0 [ 1583.710597][T20074] binder: 20073:20074 ioctl c0306201 200000000080 returned -22 [ 1583.807398][ T42] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1583.902802][ T42] bridge0: port 3(netdevsim0) entered disabled state [ 1584.011720][ T42] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 1584.029964][ T42] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode [ 1584.042450][ T42] bridge0: port 3(netdevsim0) entered disabled state [ 1584.097224][ T42] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1584.420065][T20091] syz.3.3356[20091] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1584.420229][T20091] syz.3.3356[20091] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1585.108586][T16348] Bluetooth: hci0: command tx timeout [ 1585.506989][T20057] chnl_net:caif_netlink_parms(): no params data found [ 1585.570769][ T42] tipc: Disabling bearer [ 1585.605972][ T42] tipc: Left network mode [ 1587.040412][T20113] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3360'. [ 1587.128990][T20057] bridge0: port 1(bridge_slave_0) entered blocking state [ 1587.140780][T20057] bridge0: port 1(bridge_slave_0) entered disabled state [ 1587.150155][T20057] bridge_slave_0: entered allmulticast mode [ 1587.164209][T16348] Bluetooth: hci0: command tx timeout [ 1587.182817][T20057] bridge_slave_0: entered promiscuous mode [ 1587.282923][T20057] bridge0: port 2(bridge_slave_1) entered blocking state [ 1587.290141][T20057] bridge0: port 2(bridge_slave_1) entered disabled state [ 1587.312979][T20057] bridge_slave_1: entered allmulticast mode [ 1587.320614][T20057] bridge_slave_1: entered promiscuous mode [ 1589.243429][ T7003] Bluetooth: hci0: command tx timeout [ 1589.273429][T20057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1589.371976][T20057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1589.413539][T20132] ieee802154 phy0 wpan0: encryption failed: -22 [ 1589.482365][T20057] team0: Port device team_slave_0 added [ 1589.500508][T20057] team0: Port device team_slave_1 added [ 1590.471771][T20057] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1590.493595][T20057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1590.782047][T20057] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1591.083098][T20141] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3369'. [ 1591.198908][T20057] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1591.268664][T20057] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1591.330078][T20057] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1591.673994][T20057] hsr_slave_0: entered promiscuous mode [ 1591.696088][T20057] hsr_slave_1: entered promiscuous mode [ 1591.718524][T20057] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1591.741752][T20057] Cannot create hsr debugfs directory [ 1591.916897][T20147] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3371'. [ 1592.895063][ T42] hsr_slave_0: left promiscuous mode [ 1592.950478][ T42] hsr_slave_1: left promiscuous mode [ 1592.962027][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1593.124774][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1593.138117][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1593.145738][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1593.164614][ T42] bridge_slave_1: left allmulticast mode [ 1593.176326][ T42] bridge_slave_1: left promiscuous mode [ 1593.845577][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 1593.891597][ T42] bridge_slave_0: left allmulticast mode [ 1593.906698][ T42] bridge_slave_0: left promiscuous mode [ 1593.927997][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 1594.025661][ T42] veth1_macvtap: left promiscuous mode [ 1594.031328][ T42] veth0_macvtap: left promiscuous mode [ 1594.037203][ T42] veth1_vlan: left promiscuous mode [ 1594.043044][ T42] veth0_vlan: left promiscuous mode [ 1595.735212][ T42] team0 (unregistering): Port device team_slave_1 removed [ 1595.814487][ T42] team0 (unregistering): Port device team_slave_0 removed [ 1595.881767][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1595.949662][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1596.676949][ T42] bond0 (unregistering): Released all slaves [ 1597.984000][T20057] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1598.021436][T20057] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1598.096313][T20057] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1598.141113][T20190] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3385'. [ 1598.186090][T20057] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1599.287108][T20057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1599.370073][T20057] 8021q: adding VLAN 0 to HW filter on device team0 [ 1599.390240][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1599.397516][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1599.431306][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1599.438577][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1600.484115][ T28] kauditd_printk_skb: 195 callbacks suppressed [ 1600.484130][ T28] audit: type=1326 audit(1761445210.370:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1600.547033][ T28] audit: type=1326 audit(1761445210.400:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1600.619688][ T28] audit: type=1326 audit(1761445210.400:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1600.736476][ T28] audit: type=1326 audit(1761445210.400:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1600.808026][ T28] audit: type=1326 audit(1761445210.400:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1600.877613][ T28] audit: type=1326 audit(1761445210.400:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1600.971905][ T28] audit: type=1326 audit(1761445210.400:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f1a67d8efc9 code=0x7ffc0000 [ 1600.975386][T20057] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1601.018989][ T28] audit: type=1326 audit(1761445210.410:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1a67d85e67 code=0x7ffc0000 [ 1601.072727][ T28] audit: type=1326 audit(1761445210.410:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1a67d2b099 code=0x7ffc0000 [ 1601.101015][ T28] audit: type=1326 audit(1761445210.410:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20210 comm="syz.2.3389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1a67d85e67 code=0x7ffc0000 [ 1601.798115][T20057] veth0_vlan: entered promiscuous mode [ 1601.877746][T20057] veth1_vlan: entered promiscuous mode [ 1601.967376][T20224] loop2: detected capacity change from 0 to 7 [ 1601.992845][T20224] Dev loop2: unable to read RDB block 7 [ 1601.998687][T20057] veth0_macvtap: entered promiscuous mode [ 1602.026310][T20224] loop2: AHDI p1 p2 p3 [ 1602.035379][T20057] veth1_macvtap: entered promiscuous mode [ 1602.041350][T20224] loop2: partition table partially beyond EOD, truncated [ 1602.063786][T20224] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1602.070598][T20224] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1602.099495][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1602.112819][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.123824][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1602.134571][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.144769][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1602.161331][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.180620][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1602.192319][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.218296][T20057] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1602.258322][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1602.275770][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.288742][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1602.323807][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.358196][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1602.394137][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.408683][T20057] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1602.419854][T20057] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1602.446987][T20057] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1602.477932][T20057] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1602.499158][T20057] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1602.516245][T20057] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1602.542275][T20057] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1602.780740][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1602.801239][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1602.909031][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1602.942607][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1603.684451][T20243] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3337'. [ 1604.164039][T20247] input: syz1 as /devices/virtual/input/input39 [ 1605.230326][T20260] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1605.246918][T20260] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1605.297490][T20259] loop2: detected capacity change from 0 to 7 [ 1605.317387][T20259] Dev loop2: unable to read RDB block 7 [ 1605.333889][T20259] loop2: AHDI p1 p2 p3 [ 1605.660446][T20259] loop2: partition table partially beyond EOD, truncated [ 1605.698355][T20259] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1605.711849][T20259] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1606.741026][T20276] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3405'. [ 1607.131234][T20285] Bluetooth: MGMT ver 1.22 [ 1607.645978][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.652513][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.534231][ T28] kauditd_printk_skb: 158 callbacks suppressed [ 1608.534248][ T28] audit: type=1326 audit(1761445218.420:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.562930][ C1] vkms_vblank_simulate: vblank timer overrun [ 1608.641155][ T28] audit: type=1326 audit(1761445218.420:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.663804][ C1] vkms_vblank_simulate: vblank timer overrun [ 1608.775259][ T28] audit: type=1326 audit(1761445218.420:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.799248][ T28] audit: type=1326 audit(1761445218.420:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.854669][ T28] audit: type=1326 audit(1761445218.420:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.878212][ T28] audit: type=1326 audit(1761445218.420:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.901029][ T28] audit: type=1326 audit(1761445218.420:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.925419][ T28] audit: type=1326 audit(1761445218.420:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1608.948983][ T28] audit: type=1326 audit(1761445218.420:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2b5a185e67 code=0x7ffc0000 [ 1608.975790][ T28] audit: type=1326 audit(1761445218.420:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20292 comm="syz.4.3410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2b5a12b099 code=0x7ffc0000 [ 1609.093235][T20298] loop2: detected capacity change from 0 to 7 [ 1609.101529][T20298] Dev loop2: unable to read RDB block 7 [ 1609.107403][T20298] loop2: AHDI p1 p2 p3 [ 1609.114317][T20298] loop2: partition table partially beyond EOD, truncated [ 1609.122938][T20298] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1609.130645][T20298] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1609.723603][T20307] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1609.736364][T20307] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1612.077663][T20320] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3417'. [ 1613.087275][T20321] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3425'. [ 1614.577424][T20337] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3422'. [ 1615.004158][T16241] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 1615.260493][T16241] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 1615.268654][T16241] usb 1-1: config 0 has no interface number 0 [ 1615.275287][T16241] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1615.399393][T16241] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1615.418668][T16241] usb 1-1: config 0 descriptor?? [ 1615.431816][T16241] usb 1-1: selecting invalid altsetting 1 [ 1615.441179][T16241] dvb_ttusb_budget: ttusb_init_controller: error [ 1615.447665][T16241] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1615.512402][T16241] DVB: Unable to find symbol cx22700_attach() [ 1615.571292][T16241] DVB: Unable to find symbol tda10046_attach() [ 1615.579397][T16241] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1615.692050][ T5879] usb 1-1: USB disconnect, device number 14 [ 1616.560257][T20357] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1616.569659][T20357] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1618.286053][T20368] input: syz1 as /devices/virtual/input/input40 [ 1618.381882][T20369] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3431'. [ 1619.154287][T20377] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3432'. [ 1622.531125][T20400] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1622.540369][T20400] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1623.282927][T12964] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 1623.661025][T12964] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1624.084138][T12964] usb 5-1: config 0 has no interface number 0 [ 1624.405867][T12964] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1624.415079][T12964] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1624.537585][T12964] usb 5-1: config 0 descriptor?? [ 1624.547174][T12964] usb 5-1: selecting invalid altsetting 1 [ 1624.564460][T12964] dvb_ttusb_budget: ttusb_init_controller: error [ 1624.570863][T12964] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1624.762796][T12964] DVB: Unable to find symbol cx22700_attach() [ 1625.362762][T12964] DVB: Unable to find symbol tda10046_attach() [ 1625.369004][T12964] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1625.378915][T12964] usb 5-1: USB disconnect, device number 2 [ 1625.718297][T20438] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1625.742376][T20438] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1628.530121][T20466] loop2: detected capacity change from 0 to 7 [ 1628.551902][T20466] Dev loop2: unable to read RDB block 7 [ 1628.558849][T20466] loop2: AHDI p1 p2 p3 [ 1628.565936][T20466] loop2: partition table partially beyond EOD, truncated [ 1628.593271][T20466] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1628.608583][T20466] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1628.677684][T20466] netlink: 'syz.2.3457': attribute type 10 has an invalid length. [ 1630.079092][T20479] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3460'. [ 1630.227020][T20477] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1630.235872][T20477] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1630.424640][T20481] tc_dump_action: action bad kind [ 1635.648956][T20509] loop2: detected capacity change from 0 to 7 [ 1635.669164][T20509] Dev loop2: unable to read RDB block 7 [ 1635.680530][T20509] loop2: AHDI p1 p2 p3 [ 1635.713780][T20509] loop2: partition table partially beyond EOD, truncated [ 1635.720989][T20509] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1635.768923][T20513] netlink: 'syz.3.3470': attribute type 10 has an invalid length. [ 1635.795340][T20509] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1637.021740][T20523] tc_dump_action: action bad kind [ 1638.765028][T20538] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1638.774396][T20538] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1641.375069][T20553] loop2: detected capacity change from 0 to 7 [ 1641.405997][T20553] Dev loop2: unable to read RDB block 7 [ 1641.442951][T20553] loop2: AHDI p1 p2 p3 [ 1641.668713][T20553] loop2: partition table partially beyond EOD, truncated [ 1641.808076][T20553] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1641.947698][T20556] netlink: 'syz.3.3482': attribute type 10 has an invalid length. [ 1641.982974][T20553] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1642.199650][T20558] random: crng reseeded on system resumption [ 1644.731096][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 1644.731114][ T28] audit: type=1326 audit(1761445254.610:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1644.862875][ T28] audit: type=1326 audit(1761445254.610:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1644.977795][ T28] audit: type=1326 audit(1761445254.610:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1645.032701][ T28] audit: type=1326 audit(1761445254.610:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1645.098332][ T28] audit: type=1326 audit(1761445254.610:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1645.138303][ T28] audit: type=1326 audit(1761445254.650:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1645.222384][ T28] audit: type=1326 audit(1761445254.650:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1645.321985][ T28] audit: type=1326 audit(1761445254.650:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1645.365149][ T28] audit: type=1326 audit(1761445254.650:1493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1645.520982][ T28] audit: type=1326 audit(1761445254.650:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.3.3486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1823585e67 code=0x7ffc0000 [ 1647.366344][T20585] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1647.381456][T20585] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1647.463848][T20587] tc_dump_action: action bad kind [ 1649.269719][T20603] loop2: detected capacity change from 0 to 7 [ 1649.298060][T20603] Dev loop2: unable to read RDB block 7 [ 1649.305841][T20603] loop2: AHDI p1 p2 p3 [ 1649.317385][T20603] loop2: partition table partially beyond EOD, truncated [ 1649.350056][T20603] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1649.376358][T20603] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1649.554351][T20604] netlink: 'syz.2.3493': attribute type 10 has an invalid length. [ 1649.810608][T20611] misc userio: Invalid payload size [ 1651.232696][T12964] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 1651.444714][T12964] usb 4-1: config 0 interface 0 altsetting 2 has an invalid endpoint with address 0x0, skipping [ 1651.461199][T12964] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1651.477474][T12964] usb 4-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 1651.492772][T12964] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1651.505992][T12964] usb 4-1: Product: syz [ 1651.511768][T12964] usb 4-1: Manufacturer: syz [ 1651.517153][T12964] usb 4-1: SerialNumber: syz [ 1651.517744][T20623] tc_dump_action: action bad kind [ 1651.750214][T12964] usb 4-1: config 0 descriptor?? [ 1653.038429][T20636] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1653.048101][T20636] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1653.169550][T12964] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 1653.371315][T12964] imon 4-1:0.0: unable to initialize intf0, err -19 [ 1653.508893][T12964] imon:imon_probe: failed to initialize context! [ 1653.541336][T12964] imon 4-1:0.0: unable to register, err -19 [ 1653.561291][T12964] usb 4-1: USB disconnect, device number 21 [ 1653.583070][T20642] random: crng reseeded on system resumption [ 1653.643518][T20644] loop2: detected capacity change from 0 to 7 [ 1653.664831][T20644] Dev loop2: unable to read RDB block 7 [ 1653.670518][T20644] loop2: AHDI p1 p2 p3 [ 1653.682309][T20644] loop2: partition table partially beyond EOD, truncated [ 1653.691501][T20644] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1653.698716][T20644] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1653.812797][T20649] netlink: 'syz.0.3507': attribute type 10 has an invalid length. [ 1653.824321][T20649] bridge0: port 3(netdevsim0) entered blocking state [ 1653.832341][T20649] bridge0: port 3(netdevsim0) entered disabled state [ 1653.841750][T20649] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 1654.215449][T20649] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1654.327386][T20649] bridge0: port 3(netdevsim0) entered blocking state [ 1654.334275][T20649] bridge0: port 3(netdevsim0) entered forwarding state [ 1655.566755][T20662] tc_dump_action: action bad kind [ 1657.713456][T20687] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1657.783985][T20687] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1659.361496][T20700] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1660.730259][T20709] random: crng reseeded on system resumption [ 1662.729482][T20727] loop2: detected capacity change from 0 to 7 [ 1662.751579][T20727] Dev loop2: unable to read RDB block 7 [ 1662.774119][T20726] tc_dump_action: action bad kind [ 1662.930090][T20727] loop2: AHDI p1 p2 p3 [ 1662.939498][T20727] loop2: partition table partially beyond EOD, truncated [ 1662.972074][T20727] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1663.686291][T20727] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1663.737294][T20731] netlink: 'syz.0.3528': attribute type 10 has an invalid length. [ 1663.973409][T20736] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1663.986721][T20736] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1667.755298][T20760] loop2: detected capacity change from 0 to 7 [ 1667.781988][T20760] Dev loop2: unable to read RDB block 7 [ 1667.808076][T20760] loop2: AHDI p1 p2 p3 [ 1667.818674][T20760] loop2: partition table partially beyond EOD, truncated [ 1667.843873][T20760] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1667.883228][T20760] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1667.921254][T20760] netlink: 'syz.4.3539': attribute type 10 has an invalid length. [ 1667.966465][T20760] bridge0: port 3(netdevsim0) entered blocking state [ 1667.985733][T20760] bridge0: port 3(netdevsim0) entered disabled state [ 1667.996290][T20760] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 1668.042970][T20760] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 1668.081543][T20760] bridge0: port 3(netdevsim0) entered blocking state [ 1668.088486][T20760] bridge0: port 3(netdevsim0) entered forwarding state [ 1668.230272][T20764] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 1669.096369][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.102949][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.620727][T20783] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1669.656347][T20783] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1671.468247][T20798] loop2: detected capacity change from 0 to 7 [ 1671.507485][T20798] Dev loop2: unable to read RDB block 7 [ 1671.523843][T20798] loop2: AHDI p1 p2 p3 [ 1671.543247][T20798] loop2: partition table partially beyond EOD, truncated [ 1671.554990][T20798] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1671.565151][T20798] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1671.603197][T20798] netlink: 'syz.0.3550': attribute type 10 has an invalid length. [ 1672.638296][T20811] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1673.236454][T20814] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3556'. [ 1674.614713][T20825] overlayfs: failed to resolve './bus': -2 [ 1675.201118][T20839] loop2: detected capacity change from 0 to 7 [ 1675.212802][T20839] Dev loop2: unable to read RDB block 7 [ 1675.218542][T20839] loop2: AHDI p1 p2 p3 [ 1675.240118][T20839] loop2: partition table partially beyond EOD, truncated [ 1675.250180][T20839] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1675.257471][T20839] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1675.323159][T20840] netlink: 'syz.2.3564': attribute type 10 has an invalid length. [ 1675.715965][T20845] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3566'. [ 1676.968660][T20854] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3569'. [ 1677.067327][T20859] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1677.144226][T20862] tc_dump_action: action bad kind [ 1678.362638][T20866] overlayfs: failed to resolve './bus': -2 [ 1678.701519][T20874] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3575'. [ 1679.567997][T20887] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3577'. [ 1680.051289][T20890] loop2: detected capacity change from 0 to 7 [ 1680.066217][T20890] Dev loop2: unable to read RDB block 7 [ 1680.105741][T20890] loop2: AHDI p1 p2 p3 [ 1680.146356][T20890] loop2: partition table partially beyond EOD, truncated [ 1680.158153][T20890] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1680.184760][T20890] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1680.879144][T20892] netlink: 'syz.0.3578': attribute type 10 has an invalid length. [ 1681.903409][T20901] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3581'. [ 1681.924655][T20901] unsupported nlmsg_type 40 [ 1683.821085][T20910] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3585'. [ 1684.176401][ T6586] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1684.372636][ T6586] usb 1-1: Using ep0 maxpacket: 32 [ 1684.384128][ T6586] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 1684.392248][ T6586] usb 1-1: config 0 has no interface number 0 [ 1684.410131][ T6586] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 1684.419374][ T6586] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1684.430738][ T6586] usb 1-1: Product: syz [ 1684.435326][ T6586] usb 1-1: Manufacturer: syz [ 1684.440056][ T6586] usb 1-1: SerialNumber: syz [ 1684.494008][ T6586] usb 1-1: config 0 descriptor?? [ 1684.517567][ T6586] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1684.537636][ T6586] usb 1-1: selecting invalid altsetting 1 [ 1684.552690][ T6586] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1684.596426][ T6586] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1684.621957][ T6586] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1684.646931][ T6586] usb 1-1: media controller created [ 1684.714685][ T6586] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1685.784830][T20934] loop2: detected capacity change from 0 to 7 [ 1685.811563][T20934] Dev loop2: unable to read RDB block 7 [ 1685.829468][T20934] loop2: AHDI p1 p2 p3 [ 1685.844428][T20934] loop2: partition table partially beyond EOD, truncated [ 1685.944140][T20934] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1685.951067][T20934] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1686.012154][ T6586] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 1686.024717][T20934] netlink: 'syz.3.3589': attribute type 10 has an invalid length. [ 1686.039974][T20917] usb 1-1: dvb_usb_ce6230: I2C read not implemented [ 1686.048561][ T6586] zl10353_read_register: readreg error (reg=127, ret==-110) [ 1686.604735][ T6586] usb 1-1: USB disconnect, device number 15 [ 1688.523642][T20967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3597'. [ 1688.935973][T20971] loop2: detected capacity change from 0 to 7 [ 1688.950977][T20971] Dev loop2: unable to read RDB block 7 [ 1688.958973][T20971] loop2: AHDI p1 p2 p3 [ 1688.977656][T20971] loop2: partition table partially beyond EOD, truncated [ 1688.990513][T20971] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1689.022405][T20971] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1689.212053][T20971] netlink: 'syz.2.3600': attribute type 10 has an invalid length. [ 1689.548029][T20975] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3601'. [ 1690.219904][T20979] tc_dump_action: action bad kind [ 1692.767287][T20993] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3608'. [ 1692.776595][ T966] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1692.992663][ T966] usb 5-1: Using ep0 maxpacket: 32 [ 1693.181437][ T966] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1693.194401][ T966] usb 5-1: config 0 has no interface number 0 [ 1693.904475][ T966] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 1693.922809][ T966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1693.947253][ T966] usb 5-1: Product: syz [ 1693.952389][ T966] usb 5-1: Manufacturer: syz [ 1693.961483][ T966] usb 5-1: SerialNumber: syz [ 1693.970126][ T966] usb 5-1: config 0 descriptor?? [ 1693.987384][ T966] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1693.992397][T21006] loop2: detected capacity change from 0 to 7 [ 1693.997531][ T966] usb 5-1: selecting invalid altsetting 1 [ 1694.013350][ T966] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1694.021490][T21006] Dev loop2: unable to read RDB block 7 [ 1694.029157][ T966] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1694.033891][T21006] loop2: AHDI p1 p2 p3 [ 1694.044738][ T966] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1694.050020][T21006] loop2: partition table partially beyond EOD, truncated [ 1694.053923][ T966] usb 5-1: media controller created [ 1694.091558][T21006] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1694.099502][T21006] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1694.131227][ T966] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1694.182932][T21007] netlink: 'syz.3.3610': attribute type 10 has an invalid length. [ 1695.326551][ T966] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 1695.368335][ T966] zl10353_read_register: readreg error (reg=127, ret==-110) [ 1695.376084][T20989] usb 5-1: dvb_usb_ce6230: I2C read not implemented [ 1695.461370][T21018] tc_dump_action: action bad kind [ 1697.081378][ T5867] usb 5-1: USB disconnect, device number 3 [ 1697.408791][T21029] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3617'. [ 1699.294811][T21038] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3619'. [ 1699.307011][T21043] loop2: detected capacity change from 0 to 7 [ 1699.333442][T21043] Dev loop2: unable to read RDB block 7 [ 1699.347180][T21043] loop2: AHDI p1 p2 p3 [ 1699.351423][T21043] loop2: partition table partially beyond EOD, truncated [ 1699.390570][T21043] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1699.441109][T21043] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1699.521805][T21043] netlink: 'syz.2.3622': attribute type 10 has an invalid length. [ 1700.520812][T21053] tc_dump_action: action bad kind [ 1702.423620][ T5867] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 1702.692656][ T5867] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1702.731476][ T5867] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1702.748984][ T5867] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1702.812713][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1702.837648][ T5867] usb 5-1: config 0 descriptor?? [ 1702.853740][ T5867] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1702.862178][T21075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3628'. [ 1702.866958][ T5867] dvb-usb: bulk message failed: -22 (3/0) [ 1702.877288][T21075] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 1702.884587][T21075] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 1702.903062][T21075] bridge0: port 3(netdevsim0) entered disabled state [ 1702.948040][ T5867] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1702.963677][ T5867] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1702.981062][ T5867] usb 5-1: media controller created [ 1703.059217][T21084] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3631'. [ 1703.478416][T21075] bridge_slave_1: left allmulticast mode [ 1703.485633][T21075] bridge_slave_1: left promiscuous mode [ 1703.494136][T21075] bridge0: port 2(bridge_slave_1) entered disabled state [ 1703.499758][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1703.518048][T21075] bridge_slave_0: left allmulticast mode [ 1703.525137][T21075] bridge_slave_0: left promiscuous mode [ 1703.532064][T21075] bridge0: port 1(bridge_slave_0) entered disabled state [ 1703.556633][ T5867] dvb-usb: bulk message failed: -22 (6/0) [ 1703.570614][ T5867] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1703.599060][ T5867] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input42 [ 1703.618590][ T5867] dvb-usb: schedule remote query interval to 150 msecs. [ 1703.639360][ T5867] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1703.654142][ T5867] usb 5-1: USB disconnect, device number 4 [ 1703.735437][ T5867] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1705.434781][ T28] kauditd_printk_skb: 68 callbacks suppressed [ 1705.434815][ T28] audit: type=1326 audit(1761445315.300:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1705.663793][ T28] audit: type=1326 audit(1761445315.310:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1705.686421][ C1] vkms_vblank_simulate: vblank timer overrun [ 1705.741860][ T28] audit: type=1326 audit(1761445315.360:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1705.999601][ T28] audit: type=1326 audit(1761445315.380:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1706.765435][ T28] audit: type=1326 audit(1761445315.500:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1706.788149][ T28] audit: type=1326 audit(1761445315.500:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1706.811275][ T28] audit: type=1326 audit(1761445315.500:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1706.834189][ T28] audit: type=1326 audit(1761445315.510:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1706.858128][ T28] audit: type=1326 audit(1761445315.510:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1706.880921][ T28] audit: type=1326 audit(1761445315.510:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21099 comm="syz.0.3636" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1707.093314][T21096] Bluetooth: hci0: command 0x0406 tx timeout [ 1708.156751][T21117] loop5: detected capacity change from 0 to 7 [ 1708.316044][T21117] Dev loop5: unable to read RDB block 7 [ 1708.329133][T21117] loop5: unable to read partition table [ 1708.339678][T21117] loop5: partition table beyond EOD, truncated [ 1708.348752][T21117] loop_reread_partitions: partition scan of loop5 (ъщ) failed (rc=-5) [ 1709.505829][T21125] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3649'. [ 1710.268497][T21129] netlink: 'syz.3.3642': attribute type 10 has an invalid length. [ 1710.277049][T21129] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3642'. [ 1710.291421][T21129] batadv0: entered promiscuous mode [ 1710.346849][T21129] batadv0: entered allmulticast mode [ 1710.399106][T21129] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 1711.200916][T21136] tc_dump_action: action bad kind [ 1712.324598][T21144] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1712.344339][T21144] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1714.390690][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 1714.390710][ T28] audit: type=1326 audit(1761445323.630:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21146 comm="syz.2.3647" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a67d8efc9 code=0x0 [ 1715.076065][T21171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3653'. [ 1715.306310][T21169] loop5: detected capacity change from 0 to 7 [ 1715.324970][ T5879] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 1715.440516][T21169] Dev loop5: unable to read RDB block 7 [ 1715.450139][T21169] loop5: unable to read partition table [ 1715.458377][T21173] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3650'. [ 1715.473740][T21169] loop5: partition table beyond EOD, truncated [ 1715.482335][T21169] loop_reread_partitions: partition scan of loop5 (ъщ) failed (rc=-5) [ 1715.491089][T21173] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 1715.504023][T21173] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 1715.516829][T21173] bridge0: port 3(netdevsim0) entered disabled state [ 1715.530859][T21173] bridge_slave_1: left allmulticast mode [ 1715.760146][T21173] bridge_slave_1: left promiscuous mode [ 1715.771086][T21173] bridge0: port 2(bridge_slave_1) entered disabled state [ 1715.797006][ T5879] usb 3-1: config 0 has no interfaces? [ 1715.805479][ T5879] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1715.815125][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1715.826804][ T5879] usb 3-1: Product: syz [ 1715.831275][ T5879] usb 3-1: Manufacturer: syz [ 1715.856078][T21173] bridge_slave_0: left allmulticast mode [ 1715.868921][ T5879] usb 3-1: SerialNumber: syz [ 1715.878346][T21173] bridge_slave_0: left promiscuous mode [ 1715.888895][ T5879] usb 3-1: config 0 descriptor?? [ 1715.918558][T21173] bridge0: port 1(bridge_slave_0) entered disabled state [ 1716.197171][T21181] netlink: 'syz.0.3656': attribute type 10 has an invalid length. [ 1716.525461][T21187] tc_dump_action: action bad kind [ 1719.141399][T21200] binder: 21199:21200 ioctl 4018620d 0 returned -22 [ 1719.699092][T21204] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1719.733100][T21204] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1719.989062][ T6970] usb 3-1: USB disconnect, device number 25 [ 1721.069334][T21215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3664'. [ 1721.968352][T21224] netlink: 'syz.2.3666': attribute type 10 has an invalid length. [ 1721.976854][T21224] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3666'. [ 1721.986675][T21224] batadv0: entered promiscuous mode [ 1721.992003][T21224] batadv0: entered allmulticast mode [ 1722.004930][T21224] bridge0: port 4(batadv0) entered blocking state [ 1722.012068][T21224] bridge0: port 4(batadv0) entered disabled state [ 1722.331315][T21224] bridge0: port 4(batadv0) entered blocking state [ 1722.338168][T21224] bridge0: port 4(batadv0) entered forwarding state [ 1722.474216][ T6419] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 1722.484253][ T6419] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 1723.518484][T21234] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1724.468367][T21245] loop5: detected capacity change from 0 to 7 [ 1724.619921][T21245] Dev loop5: unable to read RDB block 7 [ 1724.626265][T21245] loop5: unable to read partition table [ 1724.648724][T21245] loop5: partition table beyond EOD, truncated [ 1724.783812][T21254] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1724.794363][T21254] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1724.876121][T21245] loop_reread_partitions: partition scan of loop5 (ъщ) failed (rc=-5) [ 1725.631631][T21252] xt_ecn: cannot match TCP bits for non-tcp packets [ 1726.403121][T21271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3678'. [ 1726.418274][T21271] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 1726.452840][T21271] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 1726.498225][T21271] bridge0: port 3(netdevsim0) entered disabled state [ 1726.514369][ T5867] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1726.669591][T21271] bridge_slave_1: left allmulticast mode [ 1726.693319][T21271] bridge_slave_1: left promiscuous mode [ 1726.700578][T21271] bridge0: port 2(bridge_slave_1) entered disabled state [ 1726.893352][ T5867] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1726.906786][ T5867] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1726.938187][ T5867] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1726.992656][ T5867] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 1727.002372][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1727.621792][ T5867] usb 4-1: config 0 descriptor?? [ 1727.626966][T21271] bridge_slave_0: left allmulticast mode [ 1727.654913][T21271] bridge_slave_0: left promiscuous mode [ 1727.672000][T21271] bridge0: port 1(bridge_slave_0) entered disabled state [ 1728.072190][ T5867] hid-led 0003:0FC5:B080.0002: unknown main item tag 0x0 [ 1728.083552][ T5867] hid-led 0003:0FC5:B080.0002: unknown main item tag 0x0 [ 1728.090787][ T5867] hid-led 0003:0FC5:B080.0002: unknown main item tag 0x0 [ 1728.101483][ T5867] hid-led 0003:0FC5:B080.0002: unknown main item tag 0x0 [ 1728.114751][ T5867] hid-led 0003:0FC5:B080.0002: unknown main item tag 0x0 [ 1728.504783][ T5867] hid-led: probe of 0003:0FC5:B080.0002 failed with error -71 [ 1728.526722][ T5867] usb 4-1: USB disconnect, device number 22 [ 1728.877788][T21289] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1728.888100][T21289] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1729.540203][T21294] tc_dump_action: action bad kind [ 1731.683727][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1731.690389][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1733.173072][ T6586] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 1733.412121][ T6586] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1733.422884][ T6586] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1733.432042][ T6586] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1733.500111][ T6586] usb 5-1: config 0 descriptor?? [ 1733.583714][ T6586] pwc: Askey VC010 type 2 USB webcam detected. [ 1733.960242][ T6586] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1733.974084][ T5867] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 1733.977188][ T6586] pwc: recv_control_msg error -32 req 02 val 2700 [ 1734.016756][ T6586] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1734.036608][ T6586] pwc: recv_control_msg error -32 req 04 val 1000 [ 1734.076684][ T6586] pwc: recv_control_msg error -32 req 04 val 1300 [ 1734.111540][ T6586] pwc: recv_control_msg error -32 req 04 val 1400 [ 1734.125370][ T6586] pwc: recv_control_msg error -32 req 02 val 2000 [ 1734.135110][ T6586] pwc: recv_control_msg error -32 req 02 val 2100 [ 1734.144238][ T6586] pwc: recv_control_msg error -32 req 04 val 1500 [ 1734.154808][ T6586] pwc: recv_control_msg error -32 req 02 val 2500 [ 1734.160949][ T5867] usb 4-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 1734.162192][ T6586] pwc: recv_control_msg error -32 req 02 val 2400 [ 1734.180884][ T6586] pwc: recv_control_msg error -32 req 02 val 2600 [ 1734.192301][ T6586] pwc: recv_control_msg error -32 req 02 val 2900 [ 1734.193103][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1734.199961][ T6586] pwc: recv_control_msg error -32 req 02 val 2800 [ 1734.277003][ T5867] usb 4-1: Product: syz [ 1734.289264][ T5867] usb 4-1: Manufacturer: syz [ 1734.295021][ T5867] usb 4-1: SerialNumber: syz [ 1734.319722][ T5867] usb 4-1: config 0 descriptor?? [ 1734.437313][ T6586] pwc: recv_control_msg error -71 req 04 val 1200 [ 1734.481298][ T6586] pwc: Registered as video103. [ 1734.505043][ T6586] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input43 [ 1734.585506][ T6586] usb 5-1: USB disconnect, device number 5 [ 1735.320189][T21312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1735.329235][T21312] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1735.436453][ T5867] usb_8dev 4-1:0.0 can0: sending command message failed [ 1735.468583][ T5867] usb_8dev 4-1:0.0 can0: can't get firmware version [ 1735.573979][ T5867] usb_8dev: probe of 4-1:0.0 failed with error -22 [ 1735.587449][ T5867] usb 4-1: USB disconnect, device number 23 [ 1735.754088][T21330] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1735.764471][T21330] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1736.523506][ T7003] Bluetooth: hci0: unexpected event for opcode 0x080e [ 1739.282314][T21350] tc_dump_action: action bad kind [ 1741.112237][T21364] netlink: 'syz.4.3709': attribute type 10 has an invalid length. [ 1742.786637][T21383] tc_dump_action: action bad kind [ 1743.252984][T15522] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1743.852858][T15522] usb 4-1: Using ep0 maxpacket: 32 [ 1743.878899][T15522] usb 4-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 1743.904286][T21394] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3718'. [ 1743.908461][T15522] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1743.976002][T15522] usb 4-1: config 0 descriptor?? [ 1744.000674][T15522] usb 4-1: dvb_usb_v2: found a 'Anysee' in warm state [ 1744.012736][T15522] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1744.030122][T15522] dvb_usb_anysee: probe of 4-1:0.0 failed with error -22 [ 1744.200838][T12626] usb 4-1: USB disconnect, device number 24 [ 1744.432245][T21402] tc_dump_action: action bad kind [ 1747.547130][T21423] netlink: 'syz.3.3724': attribute type 10 has an invalid length. [ 1747.872888][T21428] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1747.883168][T21428] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1748.894714][T21437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3729'. [ 1749.099813][T21442] tc_dump_action: action bad kind [ 1751.284784][T21461] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1752.366754][T21467] netlink: 'syz.0.3737': attribute type 10 has an invalid length. [ 1753.064561][T21472] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1753.075728][T21472] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1753.630494][T21477] tc_dump_action: action bad kind [ 1753.798873][T21479] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3740'. [ 1753.808250][T21479] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3740'. [ 1754.899571][T21479] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1755.173967][T21493] syz.3.3745: attempt to access beyond end of device [ 1755.173967][T21493] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1755.190248][T21493] SQUASHFS error: Failed to read block 0x0: -5 [ 1755.242709][T21493] unable to read squashfs_super_block [ 1755.739015][T21479] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1756.279086][T21479] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1757.134336][T21500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3746'. [ 1757.152575][T21500] bridge0: port 4(batadv0) entered disabled state [ 1757.226605][T21500] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 1757.237896][T21500] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 1757.272344][T21500] bridge0: port 3(netdevsim0) entered disabled state [ 1757.319413][T21500] bridge_slave_1: left allmulticast mode [ 1757.329799][T21500] bridge_slave_1: left promiscuous mode [ 1757.347755][T21500] bridge0: port 2(bridge_slave_1) entered disabled state [ 1757.360700][T21500] bridge_slave_0: left allmulticast mode [ 1757.368144][T21500] bridge_slave_0: left promiscuous mode [ 1757.380250][T21500] bridge0: port 1(bridge_slave_0) entered disabled state [ 1757.748483][T21479] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1757.932387][T21479] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1758.044943][T21479] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1759.570467][T21519] tc_dump_action: action bad kind [ 1760.848462][T21531] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1760.857733][T21531] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1762.835025][T21545] syz.2.3756: attempt to access beyond end of device [ 1762.835025][T21545] nbd2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1762.852692][T21545] SQUASHFS error: Failed to read block 0x0: -5 [ 1762.860527][T21545] unable to read squashfs_super_block [ 1764.092958][ T5879] usb 1-1: new low-speed USB device number 16 using dummy_hcd [ 1764.287181][ T5879] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1764.307372][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1764.321178][ T5879] usb 1-1: config 0 descriptor?? [ 1764.554177][ T5879] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 1764.702422][T21558] tc_dump_action: action bad kind [ 1767.129078][T21568] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1767.146842][T21568] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1767.495147][ T5879] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71 [ 1767.508528][ T5879] asix: probe of 1-1:0.0 failed with error -71 [ 1767.534141][ T5879] usb 1-1: USB disconnect, device number 16 [ 1767.640427][T21571] loop2: detected capacity change from 0 to 7 [ 1767.648099][T21571] Dev loop2: unable to read RDB block 7 [ 1767.653879][T21571] loop2: AHDI p1 p2 p3 [ 1767.658091][T21571] loop2: partition table partially beyond EOD, truncated [ 1767.665837][T21571] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1767.672782][T21571] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1767.736194][T21572] netlink: 'syz.3.3764': attribute type 10 has an invalid length. [ 1768.070104][T21574] netlink: 'syz.0.3766': attribute type 1 has an invalid length. [ 1768.796658][ T10] blk_print_req_error: 100 callbacks suppressed [ 1768.796699][ T10] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 1768.837417][ T10] buffer_io_error: 138 callbacks suppressed [ 1768.837438][ T10] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1768.852649][ T10] Buffer I/O error on dev nbd0, logical block 1, async page read [ 1768.860445][ T10] Buffer I/O error on dev nbd0, logical block 2, async page read [ 1768.894433][ T10] Buffer I/O error on dev nbd0, logical block 3, async page read [ 1769.005541][ T10] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 1769.014722][ T10] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1769.022816][ T10] Buffer I/O error on dev nbd0, logical block 1, async page read [ 1769.032577][ T10] Buffer I/O error on dev nbd0, logical block 2, async page read [ 1769.040373][ T10] Buffer I/O error on dev nbd0, logical block 3, async page read [ 1769.048688][ T10] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1769.057886][ T10] Buffer I/O error on dev nbd0, logical block 0, async page read [ 1769.066138][ T10] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1769.075293][ T10] Buffer I/O error on dev nbd0, logical block 1, async page read [ 1769.083352][ T10] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1769.092621][ T10] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1769.101876][ T10] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1769.272602][ T10] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 3 prio class 2 [ 1769.322848][ T9981] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 1769.362016][ T9981] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 1769.373785][T21585] ldm_validate_partition_table(): Disk read failed. [ 1769.382222][T21585] Dev nbd0: unable to read RDB block 0 [ 1769.405153][T21585] nbd0: unable to read partition table [ 1769.429403][T21585] SQUASHFS error: Failed to read block 0x0: -5 [ 1769.436971][T21585] unable to read squashfs_super_block [ 1772.997959][T21609] netlink: 168 bytes leftover after parsing attributes in process `syz.3.3773'. [ 1773.010848][T21609] netlink: 168 bytes leftover after parsing attributes in process `syz.3.3773'. [ 1773.738240][T21609] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1774.082400][T21622] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1774.091323][T21622] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1774.750233][T21609] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1774.917845][T21609] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1775.080748][T21609] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1775.279411][T21630] loop2: detected capacity change from 0 to 7 [ 1775.292321][T21630] Dev loop2: unable to read RDB block 7 [ 1775.298103][T21630] loop2: AHDI p1 p2 p3 [ 1775.353386][T21630] loop2: partition table partially beyond EOD, truncated [ 1775.360540][T21630] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1775.371099][T21609] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1775.376128][T21630] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1775.428514][T21609] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1775.449559][T21609] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1775.474338][T21609] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1775.483081][T21631] netlink: 'syz.4.3778': attribute type 10 has an invalid length. [ 1776.549316][T21640] syz.4.3779: attempt to access beyond end of device [ 1776.549316][T21640] nbd4: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1776.576744][T21640] SQUASHFS error: Failed to read block 0x0: -5 [ 1776.587852][T21640] unable to read squashfs_super_block [ 1776.728630][T21641] loop2: detected capacity change from 0 to 7 [ 1776.738629][T21641] Dev loop2: unable to read RDB block 7 [ 1776.861389][T21641] loop2: AHDI p1 p2 p3 [ 1776.866294][T21641] loop2: partition table partially beyond EOD, truncated [ 1776.873650][T21641] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1776.880470][T21641] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1777.821984][T21645] netlink: 'syz.0.3787': attribute type 10 has an invalid length. [ 1777.887151][T15522] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1778.683003][T15522] usb 3-1: Using ep0 maxpacket: 32 [ 1778.720500][T15522] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1778.934299][T15522] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1779.043028][T15522] usb 3-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1779.320153][T15522] usb 3-1: config 0 interface 0 has no altsetting 1 [ 1779.348385][T15522] usb 3-1: string descriptor 0 read error: -71 [ 1779.362858][T15522] usb 3-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57 [ 1779.382738][T15522] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1779.410031][T15522] usb 3-1: config 0 descriptor?? [ 1779.438586][T15522] usb 3-1: can't set config #0, error -71 [ 1779.454450][T15522] usb 3-1: USB disconnect, device number 26 [ 1779.811235][T21666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3788'. [ 1779.891025][T21668] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3789'. [ 1779.905433][T21668] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3789'. [ 1780.287787][T21670] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1780.312631][ T6586] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1780.574406][ T6586] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1780.615548][ T6586] usb 1-1: config 0 has no interfaces? [ 1780.631484][ T6586] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 1780.645251][ T6586] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1780.704571][ T6586] usb 1-1: config 0 descriptor?? [ 1780.755458][T21670] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1780.943373][T21670] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1781.329897][T21670] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1782.287276][T21679] loop2: detected capacity change from 0 to 7 [ 1782.305850][T21679] Dev loop2: unable to read RDB block 7 [ 1782.319325][T21679] loop2: AHDI p1 p2 p3 [ 1782.346059][T21680] netlink: 'syz.2.3792': attribute type 10 has an invalid length. [ 1782.362096][T21679] loop2: partition table partially beyond EOD, truncated [ 1782.432900][T21679] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1782.441190][T21679] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1782.492864][T21670] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1782.541251][T21670] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1782.569699][T21670] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1782.651599][T21670] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1783.330108][ T7003] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 1783.340173][ T7003] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 1783.612888][T15522] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 1784.762669][T15522] usb 5-1: Using ep0 maxpacket: 32 [ 1784.794350][T16095] usb 1-1: USB disconnect, device number 17 [ 1784.804554][T15522] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1784.853026][T15522] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1784.891719][T15522] usb 5-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1784.922201][T15522] usb 5-1: config 0 interface 0 has no altsetting 1 [ 1784.939964][T15522] usb 5-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57 [ 1784.966351][T15522] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1784.992569][T15522] usb 5-1: Product: syz [ 1784.996809][T15522] usb 5-1: Manufacturer: syz [ 1785.001433][T15522] usb 5-1: SerialNumber: syz [ 1785.199623][T15522] usb 5-1: config 0 descriptor?? [ 1787.207717][ T27] usb 5-1: USB disconnect, device number 6 [ 1787.534433][ T7003] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1787.572772][ T7003] Bluetooth: hci0: Injecting HCI hardware error event [ 1787.584425][T21096] Bluetooth: hci0: hardware error 0x00 [ 1787.653017][T21719] loop2: detected capacity change from 0 to 7 [ 1787.686975][T21719] Dev loop2: unable to read RDB block 7 [ 1787.700762][T21719] loop2: AHDI p1 p2 p3 [ 1787.705744][T21719] loop2: partition table partially beyond EOD, truncated [ 1787.718340][T21719] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1787.730336][T21719] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1787.735457][T21721] netlink: 'syz.4.3802': attribute type 10 has an invalid length. [ 1789.732685][T21096] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1789.795768][T21742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3807'. [ 1791.109679][T21756] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3810'. [ 1791.120934][T21756] IPVS: Error connecting to the multicast addr [ 1791.975507][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.981938][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1792.011497][T21758] tc_dump_action: action bad kind [ 1796.382763][T12626] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1796.600684][T12626] usb 3-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 1796.642023][T12626] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1796.657444][T12626] usb 3-1: Product: syz [ 1796.662992][T12626] usb 3-1: Manufacturer: syz [ 1796.667690][T12626] usb 3-1: SerialNumber: syz [ 1796.675392][T12626] usb 3-1: config 0 descriptor?? [ 1797.070944][T12626] mos7840 3-1:0.0: required endpoints missing [ 1797.113630][T12626] usb 3-1: USB disconnect, device number 27 [ 1797.623352][T21802] tc_dump_action: action bad kind [ 1798.808778][T21812] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1798.832701][T21812] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1801.628428][T21839] tc_dump_action: action bad kind [ 1804.938706][T21864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3842'. [ 1805.654837][T21884] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1805.665800][T21884] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1806.732174][T21897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3851'. [ 1806.876367][T21899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3851'. [ 1806.891025][T21899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3851'. [ 1806.903243][T21899] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3851'. [ 1809.781987][T21930] sch_tbf: peakrate 9 is lower than or equals to rate 16384 ! [ 1810.543185][T21945] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3865'. [ 1812.346134][T21960] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1812.357934][T21960] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1812.695268][T21963] delete_channel: no stack [ 1813.492954][T21965] sch_tbf: peakrate 9 is lower than or equals to rate 16384 ! [ 1816.739187][T22001] bond0: (slave bond_slave_0): Releasing backup interface [ 1816.755500][T22001] bond0: (slave bond_slave_1): Releasing backup interface [ 1816.793389][T22001] team0: Port device team_slave_0 removed [ 1816.878399][T22001] team0: Port device team_slave_1 removed [ 1816.885144][T22001] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1816.892795][T22001] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1817.131256][T22001] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1817.139001][T22001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1817.427127][T22003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3883'. [ 1817.584981][T22007] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1817.607347][T22007] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1817.635439][T22010] tc_dump_action: action bad kind [ 1820.687471][T22034] syz.4.3894: attempt to access beyond end of device [ 1820.687471][T22034] nbd4: rw=0, sector=1, nr_sectors = 1 limit=0 [ 1820.752768][T22034] qnx4: unable to read the superblock [ 1821.575625][T22042] tc_dump_action: action bad kind [ 1825.017928][T22071] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1825.039841][T22071] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1825.162446][T22072] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3903'. [ 1825.980139][T22080] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3905'. [ 1826.622585][ T5867] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1826.803764][ T5867] usb 5-1: Using ep0 maxpacket: 8 [ 1826.831521][ T5867] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 1826.905343][ T5867] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 1826.914548][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1826.923175][ T5867] usb 5-1: Product: syz [ 1826.927351][ T5867] usb 5-1: Manufacturer: syz [ 1826.931961][ T5867] usb 5-1: SerialNumber: syz [ 1826.954377][ T5867] usb 5-1: config 0 descriptor?? [ 1827.048043][ T5867] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 1827.098287][ T5867] usb 5-1: setting power ON [ 1827.106311][ T5867] dvb-usb: bulk message failed: -22 (2/0) [ 1827.119720][ T5867] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1827.132587][ T5867] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 1827.141455][ T5867] usb 5-1: media controller created [ 1827.195660][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1827.211336][T22077] dvb-usb: bulk message failed: -22 (3/0) [ 1827.221754][T22077] cxusb: i2c wr: len=79 is too big! [ 1827.221754][T22077] [ 1827.287781][ T5867] usb 5-1: selecting invalid altsetting 6 [ 1827.304099][ T5867] usb 5-1: digital interface selection failed (-22) [ 1827.322081][ T5867] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 1827.363942][ T5867] usb 5-1: setting power OFF [ 1827.388271][ T5867] dvb-usb: bulk message failed: -22 (2/0) [ 1827.404060][ T5867] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 1827.420944][ T5867] (NULL device *): no alternate interface [ 1827.506767][ T5867] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 1827.569937][ T5867] usb 5-1: USB disconnect, device number 7 [ 1827.612689][T22094] tc_dump_action: action bad kind [ 1829.688592][T22111] use of bytesused == 0 is deprecated and will be removed in the future, [ 1829.698100][T22111] use the actual size instead. [ 1833.657451][ T28] audit: type=1326 audit(1761445443.540:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22134 comm="syz.4.3921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1833.738727][ T28] audit: type=1326 audit(1761445443.540:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22134 comm="syz.4.3921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b5a18efc9 code=0x7ffc0000 [ 1834.198531][T22144] tc_dump_action: action bad kind [ 1835.162067][T16095] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1835.171047][T22149] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3923'. [ 1835.342625][T16095] usb 5-1: Using ep0 maxpacket: 8 [ 1837.009541][T16095] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1837.037355][T16095] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1837.051045][T16095] usb 5-1: can't read configurations, error -71 [ 1837.535277][T22172] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3930'. [ 1838.403572][T22175] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1838.413965][T22175] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1839.731262][T22184] tc_dump_action: action bad kind [ 1843.587906][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.600561][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.616105][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.634650][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.653361][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.671255][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.695751][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.742377][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.770206][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.814640][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.841626][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.864952][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.886604][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.911702][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.927408][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1843.999577][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1844.012600][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1844.036776][ T5867] hid-generic 0003:0004:0000.0003: unknown main item tag 0x0 [ 1844.087906][ T5867] hid-generic 0003:0004:0000.0003: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1845.801306][T22219] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1845.893542][T22219] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1847.092613][ T5867] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1847.275248][ T5867] usb 1-1: Using ep0 maxpacket: 8 [ 1847.294423][ T5867] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 1847.991808][T22240] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 1848.113033][ T5867] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 1848.134089][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1848.142210][ T5867] usb 1-1: Product: syz [ 1848.156898][ T5867] usb 1-1: Manufacturer: syz [ 1848.169626][ T5867] usb 1-1: SerialNumber: syz [ 1848.190602][ T5867] usb 1-1: config 0 descriptor?? [ 1848.205288][ T5867] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 1848.218854][ T5867] usb 1-1: setting power ON [ 1848.232969][ T5867] dvb-usb: bulk message failed: -22 (2/0) [ 1848.262330][ T5867] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1848.277630][ T5867] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 1848.295300][ T5867] usb 1-1: media controller created [ 1848.326564][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1848.348844][ T5867] usb 1-1: selecting invalid altsetting 6 [ 1848.364419][ T5867] usb 1-1: digital interface selection failed (-22) [ 1848.377353][ T5867] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 1848.389397][ T5867] usb 1-1: setting power OFF [ 1848.396724][ T5867] dvb-usb: bulk message failed: -22 (2/0) [ 1848.404629][ T5867] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 1848.421104][T22226] dvb-usb: bulk message failed: -22 (3/0) [ 1848.427296][ T5867] (NULL device *): no alternate interface [ 1848.432619][T22226] cxusb: i2c wr: len=79 is too big! [ 1848.432619][T22226] [ 1848.550095][ T5867] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 1848.615395][ T5867] usb 1-1: USB disconnect, device number 18 [ 1850.556596][T22267] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1850.569857][T22267] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1850.853741][ T28] audit: type=1326 audit(1761445460.740:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22265 comm="syz.2.3959" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1a67d8efc9 code=0x0 [ 1853.124636][T22293] tc_dump_action: action bad kind [ 1853.229956][ T966] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1853.593829][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.600273][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1854.048973][ T966] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1854.060481][ T966] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1854.072636][ T966] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 1854.093252][ T966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1854.111914][ T966] usb 3-1: config 0 descriptor?? [ 1854.856567][T16241] usb 3-1: USB disconnect, device number 28 [ 1855.231679][T22311] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1855.245699][T22311] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1858.677223][T22335] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3981'. [ 1858.692022][T22335] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1858.959552][T22335] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1860.134786][T22354] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1860.144751][T22354] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1863.692851][T12964] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1863.930685][T22380] loop2: detected capacity change from 0 to 7 [ 1863.935431][T22382] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3993'. [ 1863.943851][T12964] usb 3-1: Using ep0 maxpacket: 32 [ 1863.951785][T22380] Dev loop2: unable to read RDB block 7 [ 1863.961855][T22380] loop2: AHDI p1 p2 p3 [ 1863.966711][T12964] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1863.975765][T22380] loop2: partition table partially beyond EOD, truncated [ 1863.980299][T12964] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1863.996366][T22380] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1864.004693][T22380] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1864.021894][T12964] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 1864.195015][T12964] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1864.208771][T12964] usb 3-1: config 0 descriptor?? [ 1864.260066][T12964] usbhid 3-1:0.0: can't add hid device: -22 [ 1864.266924][T12964] usbhid: probe of 3-1:0.0 failed with error -22 [ 1864.847821][T22390] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1864.858604][T22390] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1866.600759][T12964] usb 3-1: USB disconnect, device number 29 [ 1867.782312][T22421] loop2: detected capacity change from 0 to 7 [ 1867.796410][T22421] Dev loop2: unable to read RDB block 7 [ 1867.806479][T22421] loop2: AHDI p1 p2 p3 [ 1867.810873][T22421] loop2: partition table partially beyond EOD, truncated [ 1867.821459][T22421] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1867.835756][T22421] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1867.928599][T22422] netlink: 'syz.0.4004': attribute type 10 has an invalid length. [ 1869.203324][T22427] block device autoloading is deprecated and will be removed. [ 1869.803780][T22441] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1869.812614][T22441] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1870.504879][T22447] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 1873.644083][T22459] tc_dump_action: action bad kind [ 1875.962913][T12964] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 1875.972597][T22483] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1875.989086][T22483] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1876.183044][T12964] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1876.205255][T12964] usb 5-1: config 14 has an invalid interface number: 15 but max is 0 [ 1876.234128][T12964] usb 5-1: config 14 has no interface number 0 [ 1876.241789][T12964] usb 5-1: config 14 interface 15 altsetting 251 bulk endpoint 0xC has invalid maxpacket 1024 [ 1876.256602][T12964] usb 5-1: config 14 interface 15 has no altsetting 0 [ 1876.287515][T12964] usb 5-1: New USB device found, idVendor=0cf3, idProduct=0005, bcdDevice=e9.80 [ 1876.312771][T12964] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1876.330302][T12964] usb 5-1: Product: syz [ 1876.334962][T12964] usb 5-1: Manufacturer: syz [ 1876.339687][T12964] usb 5-1: SerialNumber: syz [ 1876.357880][T22480] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1876.701800][T22488] syz.3.4023: attempt to access beyond end of device [ 1876.701800][T22488] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1876.738883][T22488] syz.3.4023: attempt to access beyond end of device [ 1876.738883][T22488] nbd3: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1876.752563][T22488] Mount JFS Failure: -5 [ 1876.758763][T22488] jfs_mount failed w/return code = -5 [ 1877.095431][T12964] usb 5-1: Could not find all expected endpoints [ 1877.114460][T12964] usb 5-1: USB disconnect, device number 10 [ 1877.722362][T22495] tc_dump_action: action bad kind [ 1878.481963][ T42] nci: nci_rx_work: unknown MT 0x6 [ 1880.014961][T22524] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1880.023961][T22524] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1881.280211][T22541] tc_dump_action: action bad kind [ 1883.737260][T22561] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1883.746171][T22561] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1883.812242][T22563] loop2: detected capacity change from 0 to 7 [ 1883.850252][T22563] Dev loop2: unable to read RDB block 7 [ 1883.858684][T22563] loop2: AHDI p1 p2 p3 [ 1883.866845][T22563] loop2: partition table partially beyond EOD, truncated [ 1883.883900][T22563] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1883.892948][T22563] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1883.949900][T22563] netlink: 'syz.4.4046': attribute type 10 has an invalid length. [ 1884.532610][T21096] Bluetooth: hci1: command 0x0406 tx timeout [ 1885.216203][T22579] tc_dump_action: action bad kind [ 1887.304647][ T28] audit: type=1326 audit(1761445497.180:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1887.837637][ T28] audit: type=1326 audit(1761445497.190:1581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1887.936084][ T28] audit: type=1326 audit(1761445497.190:1582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1887.963928][ T28] audit: type=1326 audit(1761445497.190:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1888.015648][T22602] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1888.024480][T22602] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1888.042689][ T28] audit: type=1326 audit(1761445497.190:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1888.146392][ T28] audit: type=1326 audit(1761445497.190:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1888.172634][ T28] audit: type=1326 audit(1761445497.190:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1888.237649][ T28] audit: type=1326 audit(1761445497.260:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1888.260749][T22605] loop2: detected capacity change from 0 to 7 [ 1888.271354][ T28] audit: type=1326 audit(1761445497.260:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1888.295026][T22605] Dev loop2: unable to read RDB block 7 [ 1888.311006][T22605] loop2: AHDI p1 p2 p3 [ 1888.311002][ T28] audit: type=1326 audit(1761445497.270:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22595 comm="syz.0.4055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f5eced8efc9 code=0x7ffc0000 [ 1888.472751][T22605] loop2: partition table partially beyond EOD, truncated [ 1888.479891][T22605] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1888.713257][T22605] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1888.803893][T22611] netlink: 'syz.3.4057': attribute type 10 has an invalid length. [ 1889.738565][T22621] tc_dump_action: action bad kind [ 1889.912368][T22623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4060'. [ 1891.336035][T22641] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1891.344964][T22641] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1892.765165][T22649] loop2: detected capacity change from 0 to 7 [ 1892.773934][T22650] tc_dump_action: action bad kind [ 1892.931368][T22649] Dev loop2: unable to read RDB block 7 [ 1892.941275][T22649] loop2: AHDI p1 p2 p3 [ 1892.945826][T22649] loop2: partition table partially beyond EOD, truncated [ 1892.961574][T22649] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1893.034125][T22649] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1893.453825][T22649] netlink: 'syz.2.4069': attribute type 10 has an invalid length. [ 1896.105338][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 1896.105352][ T28] audit: type=1326 audit(1761445505.180:1613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1896.250910][ T28] audit: type=1326 audit(1761445505.180:1614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1896.785848][ T28] audit: type=1326 audit(1761445505.190:1615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1896.861709][ T28] audit: type=1326 audit(1761445505.190:1616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1896.910737][ T28] audit: type=1326 audit(1761445505.190:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1896.935206][ T28] audit: type=1326 audit(1761445505.190:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1897.006203][ T28] audit: type=1326 audit(1761445505.190:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1897.062579][ T28] audit: type=1326 audit(1761445505.190:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1897.085610][ T28] audit: type=1326 audit(1761445505.190:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1897.123180][ T28] audit: type=1326 audit(1761445505.190:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22669 comm="syz.3.4077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f182358efc9 code=0x7ffc0000 [ 1897.154551][T22682] tc_dump_action: action bad kind [ 1897.191722][T22685] loop2: detected capacity change from 0 to 7 [ 1897.211825][T22685] Dev loop2: unable to read RDB block 7 [ 1897.248757][T22685] loop2: AHDI p1 p2 p3 [ 1897.339975][T22693] netlink: 'syz.2.4081': attribute type 10 has an invalid length. [ 1897.345482][T22685] loop2: partition table partially beyond EOD, truncated [ 1897.360454][T22685] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1897.368486][T22685] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1898.632619][T22705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4085'. [ 1899.679461][T17217] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1899.916641][T17217] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1900.928562][T17217] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1901.070370][T17217] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1901.115034][T22720] tc_dump_action: action bad kind [ 1901.594695][T22724] loop2: detected capacity change from 0 to 7 [ 1901.602144][T22724] Dev loop2: unable to read RDB block 7 [ 1901.614370][T22724] loop2: AHDI p1 p2 p3 [ 1901.629363][T22724] loop2: partition table partially beyond EOD, truncated [ 1901.663658][ T7003] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1901.671143][T22724] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1901.671170][T22724] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1901.693579][T17217] tipc: Disabling bearer [ 1901.716330][T17217] tipc: Left network mode [ 1901.716408][T22724] netlink: 'syz.3.4095': attribute type 10 has an invalid length. [ 1901.729655][ T7003] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1901.739681][ T7003] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1901.769803][ T7003] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1901.778639][ T7003] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1901.789571][ T7003] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1903.882881][T21096] Bluetooth: hci2: command tx timeout [ 1904.291620][T22762] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4104'. [ 1904.337393][T22725] chnl_net:caif_netlink_parms(): no params data found [ 1904.890502][T22766] tc_dump_action: action bad kind [ 1905.314705][T22725] bridge0: port 1(bridge_slave_0) entered blocking state [ 1905.432721][T22725] bridge0: port 1(bridge_slave_0) entered disabled state [ 1905.439956][T22725] bridge_slave_0: entered allmulticast mode [ 1905.940363][T22725] bridge_slave_0: entered promiscuous mode [ 1905.955173][T22725] bridge0: port 2(bridge_slave_1) entered blocking state [ 1905.962543][T21096] Bluetooth: hci2: command tx timeout [ 1905.982611][T22725] bridge0: port 2(bridge_slave_1) entered disabled state [ 1905.996342][T22725] bridge_slave_1: entered allmulticast mode [ 1906.003663][T22725] bridge_slave_1: entered promiscuous mode [ 1906.348671][T22725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1906.361703][T22725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1906.421933][T17217] hsr_slave_0: left promiscuous mode [ 1906.429438][T17217] hsr_slave_1: left promiscuous mode [ 1906.436528][T17217] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1906.445587][T17217] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1906.454604][T17217] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1906.462033][T17217] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1906.487488][T17217] veth1_vlan: left promiscuous mode [ 1906.492911][T17217] veth0_vlan: left promiscuous mode [ 1907.224930][T17217] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1907.294498][T17217] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1907.842371][T17217] bond0 (unregistering): Released all slaves [ 1907.903496][T22725] team0: Port device team_slave_0 added [ 1907.916802][T22725] team0: Port device team_slave_1 added [ 1907.948562][T22725] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1907.962458][T22725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1907.989166][T22725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1908.002325][T22725] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1908.010532][T22725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1908.057001][T21096] Bluetooth: hci2: command tx timeout [ 1908.062759][T22725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1908.131932][T22725] hsr_slave_0: entered promiscuous mode [ 1908.140470][T22725] hsr_slave_1: entered promiscuous mode [ 1908.384768][T22725] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1908.397499][T22725] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1908.428718][T22725] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1908.439606][T22725] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1908.582209][T22725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1908.609403][T22725] 8021q: adding VLAN 0 to HW filter on device team0 [ 1908.621496][T22751] bridge0: port 1(bridge_slave_0) entered blocking state [ 1908.628718][T22751] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1908.645460][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1908.652656][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1908.852204][T22725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1909.084987][T22725] veth0_vlan: entered promiscuous mode [ 1909.101567][T22725] veth1_vlan: entered promiscuous mode [ 1909.137636][T22725] veth0_macvtap: entered promiscuous mode [ 1909.148105][T22725] veth1_macvtap: entered promiscuous mode [ 1909.168207][T22725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1909.178817][T22725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1909.189214][T22725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1909.201104][T22725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1909.210981][T22725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1909.221735][T22725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1909.233779][T22725] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1909.250402][T22725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1909.261009][T22725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1909.271260][T22725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1909.282101][T22725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1909.294748][T22725] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1909.308818][T22725] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1909.318210][T22725] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1909.327304][T22725] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1909.336494][T22725] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1909.426981][T17217] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1909.439074][T17217] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1909.467345][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1909.475757][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1910.122849][T21096] Bluetooth: hci2: command tx timeout [ 1914.846586][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.853230][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1976.296649][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.303083][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2024.452602][T21096] Bluetooth: hci2: command 0x0406 tx timeout [ 2037.726950][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2037.733552][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2099.166732][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2099.173231][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 2160.616351][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.622934][ T1288] ieee802154 phy1 wpan1: encryption failed: -22