last executing test programs: 7.06351365s ago: executing program 1 (id=2077): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$packet(0x11, 0x2, 0x300) r0 = socket$alg(0x26, 0x5, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'tunl0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @local}}}}) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000002d40)=[{{0x0, 0x0, &(0x7f0000002c00)=[{&(0x7f0000002940)="99d661321aafe161f8daa3aa686b49201e28", 0x12}, {&(0x7f0000002980)="f555c15b70122cd0c98a5b39d975242bce2ae54f0a7ee6f8291bf1887f6fec817c26b1d863c34b037a56faa6dde89b09f5b752b2121b7fad3d1f6b7470ed80fece2a9b225b6f374dfe7761a3e1947198cd2e80db5039319fc789e105efe29c9fed9105d6c33e0349a8e3330282f27a58632de84541cac2cc7b21d99b0fd5ae4bfb5659bbda08606d62763806122f79162c835206d1d7adead527011943d2", 0x9e}, {&(0x7f0000002a40)="cedd02", 0x3}, {&(0x7f0000002b00)="ccf4d478ea4674b674d304c2f577f1bf3edcf361d2a56234a5f1d49af4b28f6cb9fffdedfbfe66d04276a5b7776a2c9f1366408c8cbde94e81b9d5aaf1df7468d4d9dc5331a21b85f9483318a39085ce0c42697a0db79feb1f6aea03ba242e87fa312419f10be40562264cffeb239c407716f0e67337bd09ec891e71fdae92b12a4864f25d27d77fcb4f434de62683beec9c42ae84dc6ce86531c64d50b07191721cd0dd2f40d4eb893e78172bd5708338ce03373eec8d300dacd21b7f9acd6a0360eac1d0690f873727440011ac07f627082060bdf97572abee5e501e3ed420cd5eb3fb1754", 0xe6}], 0x4}}], 0x1, 0x0) 6.324607892s ago: executing program 1 (id=2083): syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x9d, &(0x7f0000000180)={0x5, 0xf, 0x9d, 0x2, [@wireless={0xb}, @generic={0x8d, 0x10, 0x0, "6a66a17ba6f3dfb30a417a26ff2e4c76046cf4fcbdcab3217b7d513caa2a7bdf813a16cbaeb21d16be222d8b2fc82fdd7c7306e1750ed16af6db7ad5a82e61874f93f90908472dc3a55f7839b7a8a792ca8ad7288d07c59222e0f1084128bc0f7e461141d0cff03ceee9a0a78c6b75375f665646b6539fea8b40743ace635189d1c8892209e0d07db2a5"}]}}) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x95, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x83, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, [@mdlm_detail={0x48, 0x24, 0x13, 0x0, "2f08d62a2b30a77636f7f08a8b1f6000a4b2e720d6310f0c24b85f45feb86a2e8cca8e6c1fa36d05f37cb68719860b9d77d7f1fc9092da1983bb4a1d172477f38a68b7ed"}]}}}]}}]}}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 5.217757006s ago: executing program 4 (id=2088): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x83, 0x66, 0x7d, 0x10, 0x2040, 0x264, 0x4ed1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x90, 0xf1, 0x9c, 0x0, [], [{{0x9, 0x5, 0x84}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000080)={0x2c, &(0x7f0000000780)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f00000001c0)=ANY=[@ANYBLOB="009689"], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 3.634235294s ago: executing program 3 (id=2098): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 2.962650257s ago: executing program 1 (id=2101): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) semtimedop(0x0, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000009, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f00000003c0)) 2.599963896s ago: executing program 0 (id=2103): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) shutdown(0xffffffffffffffff, 0x0) getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, 0x0, &(0x7f0000001400)) 2.539234997s ago: executing program 3 (id=2104): poll(0x0, 0x0, 0x64) rt_sigreturn() syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x8, 0x0) poll(0x0, 0x0, 0x64) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) pipe(0x0) 2.459030122s ago: executing program 2 (id=2105): socket$kcm(0x11, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x27}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}, 0x0) unshare(0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) sendmsg$NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = socket(0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000800)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) accept(r2, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x3c}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 2.343938436s ago: executing program 0 (id=2106): recvmsg(0xffffffffffffffff, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = epoll_create1(0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0x8942, &(0x7f0000000180)={"f0433a2dab47613b64381191aa793846"}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000011c0)={0xffffffffffffffff}) getsockname(r1, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, &(0x7f0000000080)=0x80) close(r2) ioctl$PIO_FONTRESET(r0, 0x5450, 0x0) 2.31983212s ago: executing program 3 (id=2107): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x4}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, &(0x7f00000006c0)='ns/time\x00') 2.243929163s ago: executing program 0 (id=2108): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x0) ioctl$I2C_SMBUS(r1, 0x720, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000e, 0x28011, r0, 0x40000) openat$6lowpan_control(0xffffff9c, &(0x7f00000002c0), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.051281743s ago: executing program 3 (id=2109): socket$inet_tcp(0x2, 0x1, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[], 0xff2e) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000000)) 2.044796962s ago: executing program 2 (id=2110): r0 = socket$inet_sctp(0x2, 0x1, 0x84) recvmmsg(r0, &(0x7f0000003500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12001, 0x0) 1.861422192s ago: executing program 4 (id=2111): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000638477fbac141416ac14141607089f034d2f87e544026aab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2, 0x25, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008864"], 0x0) 1.731698467s ago: executing program 2 (id=2112): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8), 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xca}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @dccp={{0x5, 0x4, 0x0, 0x27, 0x24, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0bc0f7", 0x0, "de9560"}}}}}}, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000005c0)="a4", 0x1}], 0x1}}], 0x2, 0x2008800) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000380), 0x4) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r2 = socket(0x10, 0x3, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r4, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r3, 0x0, r5, 0x0, 0x4ffe6, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x2008084}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) socket$tipc(0x1e, 0x5, 0x0) connect$tipc(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_netdev_private(r6, 0x8946, &(0x7f0000000140)="a6cc04e2d8f1c38afbf14b29b86e3a") sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000001a0069ae01000000000000001c"], 0x24}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, 0x0, 0x0) 1.600481841s ago: executing program 4 (id=2113): r0 = epoll_create1(0x0) epoll_pwait(0xffffffffffffffff, &(0x7f0000000640)=[{}], 0x1, 0x401, 0x0, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0xc0000006}) 1.396971039s ago: executing program 4 (id=2114): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x5, 0x0, 0x0}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.023948077s ago: executing program 0 (id=2115): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)=""/62, 0x3e}, {&(0x7f0000000a40)=""/199, 0xc7}, {&(0x7f0000000b40)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/38, 0x26}], 0x4}, 0x0) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0) 1.023756537s ago: executing program 3 (id=2116): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000200)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001240)={r0, 0x0, 0xe, 0x0, &(0x7f0000000080)="925a95e24550ec24e8e1a95586dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 919.993245ms ago: executing program 1 (id=2117): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000004c0)={'wlan0\x00'}) syz_io_uring_setup(0x24f9, 0x0, 0x0, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) connect$inet(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000100)={0x0, 0x50565559, 0x780, 0x438, 0x0, @stepwise}) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) 711.760526ms ago: executing program 3 (id=2118): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0x0, 0x5}, 0x48) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5}]}}}]}, 0x3c}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0xfffffecc) r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0) r3 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, 0x0) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000005c0)=""/99, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000002c0)={0x1, r5}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x12}, 0x90) r6 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r6, &(0x7f0000001c80)={&(0x7f00000015c0)={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000001b80)=[{&(0x7f0000001680)="ca", 0x1}], 0x1}, 0x4028810) 664.010817ms ago: executing program 2 (id=2119): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x4, 0x4}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, &(0x7f00000006c0)='ns/time\x00') 595.917647ms ago: executing program 1 (id=2120): socket$kcm(0x11, 0x2, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x27}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}, 0x0) unshare(0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) sendmsg$NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = socket(0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000800)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) accept(r2, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}]}, 0x3c}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 595.589251ms ago: executing program 0 (id=2121): r0 = socket$inet_smc(0x2b, 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0xa) r1 = syz_io_uring_setup(0x6f66, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x10}) r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fchdir(r4) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0) unshare(0x2c020400) io_uring_enter(r1, 0xb15, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x11e, 0x1, 0x0, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000000)={'nat\x00', 0x0, 0x0, 0x0, [0x0, 0x0, 0x9, 0x3, 0x7]}, &(0x7f0000000080)=0x50) 506.478867ms ago: executing program 2 (id=2122): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000000)={0x3, 0x98f904}) close_range(r1, 0xffffffffffffffff, 0x0) 326.44404ms ago: executing program 2 (id=2123): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2d}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c07052c6bc314b0ac5c63bc2083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f008004be0ffff00124000638477fbac141416ac14141607089f034d2f87e544026aab845013f2325f1a39010702038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2, 0x25, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x40) syz_emit_ethernet(0xfdef, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa88a800008864"], 0x0) 219.950847ms ago: executing program 4 (id=2124): r0 = epoll_create1(0x0) epoll_pwait(r0, 0x0, 0x0, 0x401, 0x0, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0xc0000006}) 186.029159ms ago: executing program 0 (id=2125): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000380)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r1}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000001000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 160.780334ms ago: executing program 1 (id=2126): r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={@private2, @mcast1, @ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x2670}) 0s ago: executing program 4 (id=2127): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) sendto$inet6(r0, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0xe20, 0x0, @mcast1}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000300), 0x4) unshare(0x20000400) sendto$inet6(r0, &(0x7f0000000600)="2501f71d330b07000000000000002bbe9196e06d9bd46973ff740219a971634887b4", 0x22, 0x0, 0x0, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x2003, &(0x7f00000000c0)={0xa, 0x0, 0x0, @private2}, 0x20000000) kernel console output (not intermixed with test programs): rings: Mfr=1, Product=2, SerialNumber=3 [ 330.798473][ T5286] usb 1-1: Product: syz [ 330.802678][ T5286] usb 1-1: Manufacturer: syz [ 330.812892][ T5286] usb 1-1: SerialNumber: syz [ 330.852400][ T5286] usb 1-1: config 0 descriptor?? [ 330.861819][ T8942] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.876032][ T5286] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 330.897838][ T8942] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.926233][ T5286] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 330.943613][ T8942] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 331.364549][ T1117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.393740][ T1117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.562789][ T5286] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 331.581309][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.605913][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 332.493154][ T9230] loop3: detected capacity change from 0 to 512 [ 332.499946][ T5286] em28xx 1-1:0.0: write to i2c device at 0xa0 failed with unknown error (status=1) [ 332.521155][ T5286] em28xx 1-1:0.0: failed to read eeprom (err=-5) [ 332.553932][ T5286] em28xx 1-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 332.613516][ T9230] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 332.712511][ T9230] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 332.769403][ T5286] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 332.777279][ T5286] em28xx 1-1:0.0: dvb set to bulk mode. [ 332.809523][ T58] em28xx 1-1:0.0: Binding DVB extension [ 332.837252][ T29] audit: type=1800 audit(1722051983.233:47): pid=9230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1036" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 332.892279][ T5286] usb 1-1: USB disconnect, device number 13 [ 332.905239][ T5286] em28xx 1-1:0.0: Disconnecting em28xx [ 333.013503][ T7332] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.073974][ T58] em28xx 1-1:0.0: Registering input extension [ 333.087731][ T5286] em28xx 1-1:0.0: Closing input extension [ 333.145214][ T5286] em28xx 1-1:0.0: Freeing device [ 334.831999][ T9268] use of bytesused == 0 is deprecated and will be removed in the future, [ 334.844908][ T9268] use the actual size instead. [ 335.839423][ T9285] loop1: detected capacity change from 0 to 512 [ 335.899392][ T9285] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 335.930943][ T9285] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 336.192502][ T7437] EXT4-fs error (device loop1): ext4_readdir:260: inode #12: block 32: comm syz-executor: path /120/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 336.910355][ T9308] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 337.022357][ T9312] loop4: detected capacity change from 0 to 256 [ 337.116495][ T29] audit: type=1800 audit(1722051987.174:48): pid=9312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1064" name="file1" dev="loop4" ino=1048665 res=0 errno=0 [ 338.833677][ T9343] loop2: detected capacity change from 0 to 256 [ 338.909783][ T29] audit: type=1800 audit(1722051988.835:49): pid=9343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1076" name="file1" dev="loop2" ino=1048666 res=0 errno=0 [ 338.930581][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.210276][ T9435] netlink: 'syz.3.1106': attribute type 4 has an invalid length. [ 343.766169][ T54] Bluetooth: hci4: command 0x0406 tx timeout [ 343.773515][ T5241] Bluetooth: hci3: command 0x0406 tx timeout [ 345.788905][ T9513] loop4: detected capacity change from 0 to 512 [ 345.876122][ T9513] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 345.955914][ T9513] ext4 filesystem being mounted at /144/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 346.036336][ T7456] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.400371][ T5241] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 348.414112][ T5241] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 348.432277][ T5241] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 348.442257][ T5241] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 348.454998][ T5241] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 348.465907][ T5241] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 348.467535][ T7437] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.659671][ T1117] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.850301][ T1117] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.059816][ T1117] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.070480][ T5313] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 349.257060][ T1117] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.288687][ T5313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.316251][ T5238] Bluetooth: hci1: command 0x0406 tx timeout [ 349.327490][ T5313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.377617][ T5313] usb 1-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 349.438691][ T5313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.510718][ T5313] usb 1-1: config 0 descriptor?? [ 349.977589][ T5313] apple 0003:05AC:0262.0005: bogus close delimiter [ 350.017344][ T5313] apple 0003:05AC:0262.0005: item 0 1 2 10 parsing failed [ 350.022288][ T9572] chnl_net:caif_netlink_parms(): no params data found [ 350.025346][ T5313] apple 0003:05AC:0262.0005: parse failed [ 350.081734][ T5313] apple 0003:05AC:0262.0005: probe with driver apple failed with error -22 [ 350.091341][ T1117] bridge_slave_1: left allmulticast mode [ 350.113983][ T1117] bridge_slave_1: left promiscuous mode [ 350.147250][ T1117] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.190930][ T1117] bridge_slave_0: left allmulticast mode [ 350.206294][ T8] usb 1-1: USB disconnect, device number 14 [ 350.235120][ T1117] bridge_slave_0: left promiscuous mode [ 350.240930][ T1117] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.701437][ T4618] Bluetooth: hci4: command tx timeout [ 350.738136][ T5238] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 350.765173][ T5238] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 350.776095][ T5238] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 350.810413][ T5238] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 350.820661][ T5238] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 350.835305][ T5238] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 351.344223][ T1117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.372589][ T1117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.389854][ T1117] bond0 (unregistering): Released all slaves [ 351.414039][ T1117] bond1 (unregistering): Released all slaves [ 351.739130][ T1117] tipc: Disabling bearer [ 351.746846][ T1117] tipc: Left network mode [ 352.188742][ T9572] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.204491][ T9572] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.237749][ T9572] bridge_slave_0: entered allmulticast mode [ 352.253862][ T9572] bridge_slave_0: entered promiscuous mode [ 352.294443][ T9572] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.331916][ T9572] bridge0: port 2(bridge_slave_1) entered disabled state [ 352.352044][ T9572] bridge_slave_1: entered allmulticast mode [ 352.366677][ T9572] bridge_slave_1: entered promiscuous mode [ 352.716468][ T9572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 352.880419][ T9572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 352.953484][ T4618] Bluetooth: hci4: command tx timeout [ 353.089702][ T1117] hsr_slave_0: left promiscuous mode [ 353.096716][ T1117] hsr_slave_1: left promiscuous mode [ 353.119535][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 353.128540][ T4618] Bluetooth: hci6: command tx timeout [ 353.139837][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 353.152592][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 353.161923][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 353.203241][ T1117] veth1_macvtap: left promiscuous mode [ 353.208987][ T1117] veth0_macvtap: left promiscuous mode [ 353.216356][ T1117] veth1_vlan: left promiscuous mode [ 353.222051][ T1117] veth0_vlan: left promiscuous mode [ 354.416903][ T1117] team0 (unregistering): Port device team_slave_1 removed [ 354.465124][ T1117] team0 (unregistering): Port device team_slave_0 removed [ 354.993493][ T9572] team0: Port device team_slave_0 added [ 355.029593][ T9572] team0: Port device team_slave_1 added [ 355.207519][ T4618] Bluetooth: hci4: command tx timeout [ 355.263570][ T9572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 355.275107][ T9734] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 355.282824][ T9572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 355.367892][ T9572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 355.381869][ T4618] Bluetooth: hci6: command tx timeout [ 355.483392][ T9736] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1208'. [ 355.501254][ T9572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 355.544540][ T9572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 355.598443][ T9572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 355.860140][ T9631] chnl_net:caif_netlink_parms(): no params data found [ 355.926419][ T9572] hsr_slave_0: entered promiscuous mode [ 355.985002][ T9572] hsr_slave_1: entered promiscuous mode [ 355.991836][ T9572] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 356.024809][ T9572] Cannot create hsr debugfs directory [ 356.909620][ T9631] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.922401][ T9631] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.954009][ T9631] bridge_slave_0: entered allmulticast mode [ 356.961716][ T9631] bridge_slave_0: entered promiscuous mode [ 357.014378][ T9631] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.032766][ T9631] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.061810][ T9631] bridge_slave_1: entered allmulticast mode [ 357.084033][ T9631] bridge_slave_1: entered promiscuous mode [ 357.132532][ T9786] loop4: detected capacity change from 0 to 256 [ 357.155677][ T1117] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.199933][ T9786] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 357.236851][ T9786] FAT-fs (loop4): Filesystem has been set read-only [ 357.258342][ T9786] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 357.309506][ T9786] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 357.334732][ T29] audit: type=1800 audit(1722052005.846:50): pid=9786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1218" name="file1" dev="loop4" ino=1048667 res=0 errno=0 [ 357.413749][ T1117] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.446939][ T9796] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 357.472601][ T4618] Bluetooth: hci4: command tx timeout [ 357.518445][ T9793] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 357.645786][ T4618] Bluetooth: hci6: command tx timeout [ 357.664529][ T1117] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.769159][ T9800] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1220'. [ 357.835936][ T9631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 358.003512][ T1117] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.062413][ T9631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.564326][ T9631] team0: Port device team_slave_0 added [ 358.609341][ T9631] team0: Port device team_slave_1 added [ 358.731570][ T9631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 358.738588][ T9631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.780291][ T9631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 358.795178][ T9631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 358.802506][ T9631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.833133][ T9631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 358.947770][ T9841] loop4: detected capacity change from 0 to 256 [ 359.013676][ T9841] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 359.033751][ T9841] FAT-fs (loop4): Filesystem has been set read-only [ 359.051329][ T9841] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 359.086814][ T9631] hsr_slave_0: entered promiscuous mode [ 359.095971][ T9631] hsr_slave_1: entered promiscuous mode [ 359.107936][ T9841] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 359.123776][ T29] audit: type=1800 audit(1722052007.489:51): pid=9841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1228" name="file1" dev="loop4" ino=1048668 res=0 errno=0 [ 359.154874][ T9631] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 359.162794][ T9631] Cannot create hsr debugfs directory [ 359.219627][ T9572] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 359.267086][ T9572] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 359.425172][ T9844] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 359.486664][ T1117] bridge_slave_1: left allmulticast mode [ 359.492505][ T1117] bridge_slave_1: left promiscuous mode [ 359.510736][ T1117] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.565237][ T1117] bridge_slave_0: left allmulticast mode [ 359.605007][ T1117] bridge_slave_0: left promiscuous mode [ 359.616563][ T1117] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.888163][ T4618] Bluetooth: hci6: command tx timeout [ 359.966483][ T9862] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 360.015135][ T9864] loop4: detected capacity change from 0 to 256 [ 360.086621][ T29] audit: type=1800 audit(1722052008.384:52): pid=9864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1237" name="file1" dev="loop4" ino=1048669 res=0 errno=0 [ 360.736314][ T1117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 360.760815][ T1117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 360.779677][ T1117] bond0 (unregistering): Released all slaves [ 360.804809][ T9572] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 360.825526][ T9572] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 360.922822][ T9865] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1235'. [ 361.259793][ T9883] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 361.718539][ T1117] hsr_slave_0: left promiscuous mode [ 361.773558][ T1117] hsr_slave_1: left promiscuous mode [ 361.829220][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 361.836734][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.872043][ T1117] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 361.879511][ T1117] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 361.962999][ T1117] veth1_macvtap: left promiscuous mode [ 361.995815][ T1117] veth0_macvtap: left promiscuous mode [ 362.012193][ T1117] veth1_vlan: left promiscuous mode [ 362.017590][ T1117] veth0_vlan: left promiscuous mode [ 363.096073][ T1117] team0 (unregistering): Port device team_slave_1 removed [ 363.169009][ T1117] team0 (unregistering): Port device team_slave_0 removed [ 363.289675][ T9914] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 363.904155][ T9903] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1247'. [ 363.920988][ T9915] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1250'. [ 364.370879][ T9572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.396960][ T9929] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 364.456543][ T9572] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.571355][ T5283] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.578582][ T5283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.630381][ T5283] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.637637][ T5283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 365.123151][ T9631] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 365.187304][ T9631] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 365.236561][ T9631] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 365.273382][ T9631] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 365.299009][ T9962] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 365.338426][ T9953] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1259'. [ 365.384489][ T9957] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1259'. [ 365.415475][ T9966] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1260'. [ 365.829048][ T9631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 365.890884][ T9984] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 365.949320][ T9631] 8021q: adding VLAN 0 to HW filter on device team0 [ 365.990247][ T5279] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.997443][ T5279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.040105][ T5283] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.047330][ T5283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.093311][ T9572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.370646][ T9631] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 366.435937][ T9572] veth0_vlan: entered promiscuous mode [ 366.508995][ T9572] veth1_vlan: entered promiscuous mode [ 366.661972][ T9572] veth0_macvtap: entered promiscuous mode [ 366.706901][ T9572] veth1_macvtap: entered promiscuous mode [ 366.773214][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.810587][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.849786][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.882719][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.916890][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.951191][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.961112][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.982495][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.992434][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.023758][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.056346][ T9572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 367.128580][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.176474][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.208575][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.242057][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.285962][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.334843][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.352002][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.378158][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.399086][T10031] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 367.408119][ T9572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.427430][ T9572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.445231][ T9572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 367.463218][T10028] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 367.497358][T10035] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1275'. [ 367.521241][ T9572] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.548387][ T9572] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.579261][ T9572] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.605997][ T9572] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 367.672755][ T9631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 368.018426][ T2528] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.058477][ T2528] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.100510][ T9631] veth0_vlan: entered promiscuous mode [ 368.190625][ T9631] veth1_vlan: entered promiscuous mode [ 368.193095][ T1103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.218472][ T1103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.326612][ T9631] veth0_macvtap: entered promiscuous mode [ 368.389889][ T9631] veth1_macvtap: entered promiscuous mode [ 368.503494][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.557000][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.588877][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.634587][T10071] loop1: detected capacity change from 0 to 512 [ 368.640942][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.684210][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.715613][T10071] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 368.738619][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.775750][T10071] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 368.786905][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.832672][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.866366][ T29] audit: type=1800 audit(1722052016.479:53): pid=10071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1146" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 368.889576][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.932653][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.959021][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.998806][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.027352][ T9631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 369.042415][ T9572] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 369.110611][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.158097][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.205976][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.232166][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.280331][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.307806][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.320554][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.363750][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.389615][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.408389][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.451059][ T9631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.463463][ T9631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.490153][ T9631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 369.633626][ T9631] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.651377][ T9631] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.682447][ T9631] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.700828][ T9631] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.721539][T10105] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 369.897967][T10107] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1291'. [ 370.010105][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 370.037613][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.127390][T10086] loop0: detected capacity change from 0 to 32768 [ 370.193482][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 370.212504][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.554468][T10126] loop2: detected capacity change from 0 to 512 [ 370.624116][T10126] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 370.653113][T10126] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 370.685983][ T29] audit: type=1800 audit(1722052018.159:54): pid=10126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1297" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 370.758652][ T9631] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.452006][T10160] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 371.568115][T10163] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1309'. [ 373.155647][T10231] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 373.261643][T10236] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1334'. [ 374.388165][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 381.671656][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 381.908656][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 381.946196][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 381.990803][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.028778][ T9] usb 1-1: config 0 descriptor?? [ 382.038191][ T9] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 384.110218][ C1] eth0: bad gso: type: 1, size: 1408 [ 384.573020][ T8] usb 1-1: USB disconnect, device number 15 [ 384.789374][T10564] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1443'. [ 385.899874][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 385.906364][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.989890][T10601] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1456'. [ 386.226482][ T5278] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 386.434311][ T5278] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 386.477268][ T5278] usb 5-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 386.525820][ T5278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.557419][ T5278] usb 5-1: config 0 descriptor?? [ 386.589407][ T5278] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 386.990302][T10636] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1471'. [ 387.831972][T10676] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1486'. [ 388.787931][T10701] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1497'. [ 389.141293][ T5278] usb 5-1: USB disconnect, device number 9 [ 389.544755][T10736] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1510'. [ 390.381911][T10769] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1522'. [ 390.806663][T10784] netlink: 'syz.3.1528': attribute type 29 has an invalid length. [ 390.828348][T10784] netlink: 'syz.3.1528': attribute type 29 has an invalid length. [ 390.854371][T10784] netlink: 'syz.3.1528': attribute type 29 has an invalid length. [ 391.498576][T10814] netlink: 'syz.0.1541': attribute type 29 has an invalid length. [ 391.517311][T10814] netlink: 'syz.0.1541': attribute type 29 has an invalid length. [ 391.556302][T10814] netlink: 'syz.0.1541': attribute type 29 has an invalid length. [ 392.559759][T10851] netlink: 'syz.2.1556': attribute type 29 has an invalid length. [ 392.616963][T10851] netlink: 'syz.2.1556': attribute type 29 has an invalid length. [ 392.647773][T10851] netlink: 'syz.2.1556': attribute type 29 has an invalid length. [ 393.370036][T10881] netlink: 'syz.2.1569': attribute type 29 has an invalid length. [ 394.747916][T10927] fuse: Bad value for 'fd' [ 395.109479][ T5286] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 395.337145][ T5286] usb 5-1: Using ep0 maxpacket: 16 [ 395.359439][ T5286] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 395.389134][ T5286] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 395.400125][ T5286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.452472][ T5286] usb 5-1: Product: syz [ 395.477769][ T5286] usb 5-1: Manufacturer: syz [ 395.482590][ T5286] usb 5-1: SerialNumber: syz [ 395.540013][ T5286] usb 5-1: config 0 descriptor?? [ 395.570053][ T5286] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 395.609348][ T5286] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 395.685363][T10960] fuse: Bad value for 'fd' [ 396.267136][ T5286] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 396.583912][T10989] fuse: Bad value for 'fd' [ 396.654726][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 396.855970][T11001] validate_nla: 12 callbacks suppressed [ 396.855994][T11001] netlink: 'syz.3.1620': attribute type 29 has an invalid length. [ 396.896410][T11001] netlink: 'syz.3.1620': attribute type 29 has an invalid length. [ 396.917650][T11001] netlink: 'syz.3.1620': attribute type 29 has an invalid length. [ 396.938569][T11001] netlink: 'syz.3.1620': attribute type 29 has an invalid length. [ 396.947298][ T5286] em28xx 5-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 396.990760][ T5286] em28xx 5-1:0.0: board has no eeprom [ 397.081174][ T5286] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 397.089079][ T5286] em28xx 5-1:0.0: dvb set to bulk mode. [ 397.126618][ T5278] em28xx 5-1:0.0: Binding DVB extension [ 397.161174][ T5286] usb 5-1: USB disconnect, device number 10 [ 397.179726][ T5286] em28xx 5-1:0.0: Disconnecting em28xx [ 397.219628][ T5278] em28xx 5-1:0.0: Registering input extension [ 397.251933][ T5286] em28xx 5-1:0.0: Closing input extension [ 397.310240][ T5286] em28xx 5-1:0.0: Freeing device [ 397.559753][T11020] fuse: Invalid rootmode [ 397.862173][T11033] netlink: 'syz.2.1634': attribute type 29 has an invalid length. [ 397.894136][T11033] netlink: 'syz.2.1634': attribute type 29 has an invalid length. [ 397.927171][T11033] netlink: 'syz.2.1634': attribute type 29 has an invalid length. [ 397.954502][T11033] netlink: 'syz.2.1634': attribute type 29 has an invalid length. [ 398.367498][T11050] fuse: Invalid rootmode [ 398.805545][T11068] netlink: 'syz.0.1648': attribute type 29 has an invalid length. [ 398.872506][T11068] netlink: 'syz.0.1648': attribute type 29 has an invalid length. [ 399.287842][T11083] fuse: Invalid rootmode [ 401.458250][ T5286] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 401.645006][ T5238] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 401.661545][ T5238] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 401.670946][ T5238] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 401.679541][ T5238] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 401.689703][ T5286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 401.703828][ T5238] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 401.711373][ T5286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 401.721536][ T5238] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 401.729113][ T5286] usb 3-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 401.738695][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.786804][ T5286] usb 3-1: config 0 descriptor?? [ 401.805798][ T5286] usbhid 3-1:0.0: can't add hid device: -22 [ 401.812294][ T5286] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 401.910032][ T2512] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.089324][ T2512] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.300379][ T2512] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.547004][ T2512] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.734536][ C1] eth0: bad gso: type: 1, size: 1408 [ 403.068239][T11143] chnl_net:caif_netlink_parms(): no params data found [ 403.215083][ T2512] erspan0: left allmulticast mode [ 403.223986][ T2512] erspan0: left promiscuous mode [ 403.247741][ T2512] bridge0: port 4(erspan0) entered disabled state [ 403.316022][ T2512] batadv0: left allmulticast mode [ 403.321135][ T2512] batadv0: left promiscuous mode [ 403.340138][ T2512] bridge0: port 3(batadv0) entered disabled state [ 403.377616][ T2512] bridge_slave_1: left allmulticast mode [ 403.402796][ T2512] bridge_slave_1: left promiscuous mode [ 403.421265][ T2512] bridge0: port 2(bridge_slave_1) entered disabled state [ 403.459452][ T2512] bridge_slave_0: left allmulticast mode [ 403.488404][ T2512] bridge_slave_0: left promiscuous mode [ 403.494388][ T2512] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.004417][ T5238] Bluetooth: hci5: command tx timeout [ 404.400313][ T58] usb 3-1: USB disconnect, device number 7 [ 404.599044][ T2512] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 404.621158][ T2512] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 404.634536][ T2512] bond0 (unregistering): Released all slaves [ 405.009726][T11204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1698'. [ 405.124756][T11208] loop3: detected capacity change from 0 to 512 [ 405.195613][T11208] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 405.316111][T11208] serio: Serial port ptm0 [ 405.913433][T11143] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.928128][T11143] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.949054][T11143] bridge_slave_0: entered allmulticast mode [ 406.011546][T11143] bridge_slave_0: entered promiscuous mode [ 406.059620][T11227] tipc: Started in network mode [ 406.073917][T11227] tipc: Node identity , cluster identity 4711 [ 406.088288][T11227] tipc: Failed to set node id, please configure manually [ 406.114938][T11227] tipc: Enabling of bearer rejected, failed to enable media [ 406.140006][T11143] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.191487][T11143] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.219032][T11143] bridge_slave_1: entered allmulticast mode [ 406.245602][T11143] bridge_slave_1: entered promiscuous mode [ 406.258921][ T5238] Bluetooth: hci5: command tx timeout [ 406.542969][ T2512] hsr_slave_0: left promiscuous mode [ 406.564800][ T2512] hsr_slave_1: left promiscuous mode [ 406.582055][ T2512] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 406.609561][ T2512] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 406.645747][ T2512] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 406.673736][ T2512] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 406.795163][ T2512] veth1_macvtap: left promiscuous mode [ 406.813151][ T2512] veth0_macvtap: left promiscuous mode [ 406.827196][ T2512] veth1_vlan: left promiscuous mode [ 406.851284][ T2512] veth0_vlan: left promiscuous mode [ 408.205249][ T4618] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 408.217290][ T4618] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 408.240846][ T4618] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 408.250242][ T4618] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 408.267588][ T4618] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 408.280000][ T4618] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 408.511327][ T4618] Bluetooth: hci5: command tx timeout [ 408.567867][ T2512] team0 (unregistering): Port device team_slave_1 removed [ 408.659436][ T2512] team0 (unregistering): Port device team_slave_0 removed [ 409.173925][T11143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.196359][T11143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.206537][T11253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1710'. [ 409.367764][T11274] tipc: Started in network mode [ 409.372692][T11274] tipc: Node identity , cluster identity 4711 [ 409.389299][T11274] tipc: Failed to set node id, please configure manually [ 409.397461][T11274] tipc: Enabling of bearer rejected, failed to enable media [ 409.495187][T11276] validate_nla: 2 callbacks suppressed [ 409.495209][T11276] netlink: 'syz.2.1720': attribute type 29 has an invalid length. [ 409.550574][T11277] netlink: 'syz.2.1720': attribute type 29 has an invalid length. [ 409.577130][T11143] team0: Port device team_slave_0 added [ 409.588239][T11143] team0: Port device team_slave_1 added [ 409.594440][T11280] netlink: 'syz.2.1720': attribute type 29 has an invalid length. [ 409.667363][T11283] netlink: 'syz.2.1720': attribute type 29 has an invalid length. [ 409.679661][T11143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 409.689874][T11143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.757240][T11143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 409.819266][T11143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 409.839839][T11143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.883233][T11143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.381612][T11143] hsr_slave_0: entered promiscuous mode [ 410.419427][T11143] hsr_slave_1: entered promiscuous mode [ 410.513115][ T4618] Bluetooth: hci2: command tx timeout [ 410.764950][ T4618] Bluetooth: hci5: command tx timeout [ 411.084505][ T2512] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.369864][ T2512] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.410784][T11319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1728'. [ 411.568671][ T2512] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.602502][T11324] loop4: detected capacity change from 0 to 47 [ 411.664728][T11265] chnl_net:caif_netlink_parms(): no params data found [ 411.747676][T11326] netlink: 'syz.1.1732': attribute type 29 has an invalid length. [ 411.811294][ T2512] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.868615][T11327] netlink: 'syz.1.1732': attribute type 29 has an invalid length. [ 411.981692][T11326] netlink: 'syz.1.1732': attribute type 29 has an invalid length. [ 411.998877][T11329] netlink: 'syz.1.1732': attribute type 29 has an invalid length. [ 412.273608][T11265] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.306963][T11265] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.322751][T11265] bridge_slave_0: entered allmulticast mode [ 412.339421][T11265] bridge_slave_0: entered promiscuous mode [ 412.368745][T11265] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.377997][T11265] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.392542][T11265] bridge_slave_1: entered allmulticast mode [ 412.414708][T11265] bridge_slave_1: entered promiscuous mode [ 412.759186][ T4618] Bluetooth: hci2: command tx timeout [ 412.838830][T11265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.910910][T11265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 413.135180][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 413.241228][T11265] team0: Port device team_slave_0 added [ 413.311682][ T2512] bridge_slave_1: left allmulticast mode [ 413.323433][ T2512] bridge_slave_1: left promiscuous mode [ 413.329410][ T2512] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.348443][ T2512] bridge_slave_0: left allmulticast mode [ 413.373408][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 413.385063][ T2512] bridge_slave_0: left promiscuous mode [ 413.392556][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 413.404851][ T2512] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.416223][ T8] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 413.426762][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.456756][ T8] usb 2-1: Product: syz [ 413.463987][ T8] usb 2-1: Manufacturer: syz [ 413.468982][ T8] usb 2-1: SerialNumber: syz [ 413.483223][ T8] usb 2-1: config 0 descriptor?? [ 413.494886][ T8] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 413.514158][ T8] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 413.881041][T11371] loop4: detected capacity change from 0 to 47 [ 414.173353][ T8] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 414.313985][ T2512] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 414.327318][ T2512] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 414.343780][ T2512] bond0 (unregistering): Released all slaves [ 414.377571][T11265] team0: Port device team_slave_1 added [ 414.643801][ T2512] tipc: Disabling bearer [ 414.659350][T11265] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 414.667768][ T2512] tipc: Left network mode [ 414.672674][T11265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.704236][T11265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 414.727955][T11265] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 414.740798][T11265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.832398][T11265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 415.012229][ T4618] Bluetooth: hci2: command tx timeout [ 415.090786][ T8] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 415.111533][ T8] em28xx 2-1:0.0: board has no eeprom [ 415.239440][ T8] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 415.247661][ T8] em28xx 2-1:0.0: dvb set to bulk mode. [ 415.259323][ T9] em28xx 2-1:0.0: Binding DVB extension [ 415.330016][ T8] usb 2-1: USB disconnect, device number 7 [ 415.376602][ T8] em28xx 2-1:0.0: Disconnecting em28xx [ 415.411152][T11265] hsr_slave_0: entered promiscuous mode [ 415.489573][T11265] hsr_slave_1: entered promiscuous mode [ 415.498493][ T9] em28xx 2-1:0.0: Registering input extension [ 415.532345][ T8] em28xx 2-1:0.0: Closing input extension [ 415.542835][T11265] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 415.576783][ T8] em28xx 2-1:0.0: Freeing device [ 415.582635][T11265] Cannot create hsr debugfs directory [ 416.040340][ T2512] hsr_slave_0: left promiscuous mode [ 416.049587][ T2512] hsr_slave_1: left promiscuous mode [ 416.067081][ T2512] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 416.074938][ T2512] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 416.109460][ T2512] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 416.120260][ T2512] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 416.195004][ T2512] veth1_macvtap: left promiscuous mode [ 416.218842][ T2512] veth0_macvtap: left promiscuous mode [ 416.236982][ T2512] veth1_vlan: left promiscuous mode [ 416.253397][ T2512] veth0_vlan: left promiscuous mode [ 417.265637][ T4618] Bluetooth: hci2: command tx timeout [ 417.474029][ T2512] team0 (unregistering): Port device team_slave_1 removed [ 417.564956][ T2512] team0 (unregistering): Port device team_slave_0 removed [ 418.802108][T11143] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 418.881919][T11418] netlink: 'syz.1.1754': attribute type 29 has an invalid length. [ 418.959935][T11143] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 419.010615][T11143] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 419.047884][T11421] netlink: 'syz.1.1754': attribute type 29 has an invalid length. [ 419.207305][T11143] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 419.224246][T11423] netlink: 'syz.1.1754': attribute type 29 has an invalid length. [ 419.238121][T11418] netlink: 'syz.1.1754': attribute type 29 has an invalid length. [ 419.315627][ T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 419.551872][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 419.574693][ T8] usb 5-1: config 253 has an invalid interface number: 157 but max is 3 [ 419.604749][ T8] usb 5-1: config 253 contains an unexpected descriptor of type 0x2, skipping [ 419.640829][ T8] usb 5-1: config 253 has an invalid interface number: 213 but max is 3 [ 419.666298][ T8] usb 5-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 419.714861][ T8] usb 5-1: config 253 has 2 interfaces, different from the descriptor's value: 4 [ 419.732416][T11143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.754665][ T8] usb 5-1: config 253 has no interface number 0 [ 419.779848][ T8] usb 5-1: config 253 has no interface number 1 [ 419.795012][ T8] usb 5-1: config 253 interface 157 altsetting 4 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 419.813457][ T8] usb 5-1: config 253 interface 157 altsetting 4 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 419.849896][T11143] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.864628][ T8] usb 5-1: config 253 interface 157 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 419.882504][ T8] usb 5-1: config 253 interface 213 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 419.918034][ T8] usb 5-1: config 253 interface 157 has no altsetting 0 [ 419.929768][ T8] usb 5-1: config 253 interface 213 has no altsetting 0 [ 419.944063][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.951215][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.983042][ T8] usb 5-1: New USB device found, idVendor=0b05, idProduct=1791, bcdDevice= 4.57 [ 419.994829][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.002140][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 420.011660][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.021499][ T8] usb 5-1: Product: syz [ 420.025758][ T8] usb 5-1: Manufacturer: syz [ 420.031978][ T8] usb 5-1: SerialNumber: syz [ 420.037747][T11265] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 420.049494][T11265] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 420.082497][T11265] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 420.129633][T11265] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 420.300135][ T8] r8712u: register rtl8712_netdev_ops to netdev_ops [ 420.308632][ T8] usb 5-1: r8712u: USB_SPEED_HIGH with 4 endpoints [ 420.325035][ T8] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 420.346954][ T8] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 420.379526][ T8] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 420.466730][ T8] usb 5-1: Found UVC 0.00 device syz (0b05:1791) [ 420.496026][ T8] usb 5-1: No valid video chain found. [ 420.516732][ T8] r8712u: register rtl8712_netdev_ops to netdev_ops [ 420.523396][ T8] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 420.578290][T11448] loop2: detected capacity change from 0 to 512 [ 420.580984][ T8] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 420.596070][ T8] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 420.635101][ T8] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 420.651032][T11265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 420.653202][T11448] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 420.681176][T11448] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 420.692174][ T8] usb 5-1: USB disconnect, device number 11 [ 420.869917][T11265] 8021q: adding VLAN 0 to HW filter on device team0 [ 420.936121][ T5283] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.943372][ T5283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.226286][ T5283] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.233534][ T5283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.240042][ T9631] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 421.275886][T11143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.540053][T11468] netlink: 'syz.2.1767': attribute type 29 has an invalid length. [ 421.576952][T11471] netlink: 'syz.2.1767': attribute type 29 has an invalid length. [ 421.628547][T11468] netlink: 'syz.2.1767': attribute type 29 has an invalid length. [ 421.653791][T11468] netlink: 'syz.2.1767': attribute type 29 has an invalid length. [ 421.894395][ T63] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.955394][T11477] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1769'. [ 421.995257][T11475] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1769'. [ 422.028624][T11143] veth0_vlan: entered promiscuous mode [ 422.144279][ T63] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.200967][T11478] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1771'. [ 422.400590][ T63] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.523531][T11143] veth1_vlan: entered promiscuous mode [ 423.340236][ T63] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.570289][T11143] veth0_macvtap: entered promiscuous mode [ 423.682120][T11143] veth1_macvtap: entered promiscuous mode [ 423.827227][T11265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 423.893924][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 423.933096][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 423.971438][ T5238] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 423.984599][ T5238] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 424.004366][ T5238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 424.014638][ T5238] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 424.027081][ T5238] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 424.034505][ T5238] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 424.069433][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.079927][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.094346][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.108030][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.119694][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.130649][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.141460][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 424.152529][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.168746][T11143] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 424.229968][T11517] netlink: 'syz.1.1779': attribute type 29 has an invalid length. [ 424.293663][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.320889][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.350913][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.361397][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.394231][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.404827][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.423132][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.445606][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.460356][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 424.470905][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 424.483980][T11143] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 424.535478][T11522] netlink: 'syz.1.1779': attribute type 29 has an invalid length. [ 424.570396][T11523] netlink: 'syz.1.1779': attribute type 29 has an invalid length. [ 424.686757][T11143] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.695581][T11143] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.746222][T11143] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.761856][T11143] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.815144][T11526] netlink: 'syz.1.1779': attribute type 29 has an invalid length. [ 424.921900][ T63] bridge_slave_1: left allmulticast mode [ 424.934695][ T63] bridge_slave_1: left promiscuous mode [ 424.975124][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.011381][ T63] bridge_slave_0: left allmulticast mode [ 425.020271][ T63] bridge_slave_0: left promiscuous mode [ 425.034071][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.838993][T11556] loop2: detected capacity change from 0 to 512 [ 425.855128][T11556] ext4: Unknown parameter 'noacl' [ 426.280937][ T4618] Bluetooth: hci3: command tx timeout [ 426.852466][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 426.894571][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 426.927938][ T63] bond0 (unregistering): Released all slaves [ 427.015573][ T63] bond1 (unregistering): Released all slaves [ 427.148342][T11548] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1781'. [ 427.181639][ T63] tipc: Disabling bearer [ 427.198208][ T63] tipc: Left network mode [ 427.768107][T11265] veth0_vlan: entered promiscuous mode [ 427.918051][T11582] netlink: 'syz.2.1787': attribute type 29 has an invalid length. [ 427.949146][ T29] audit: type=1326 audit(1722052071.019:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11587 comm="syz.1.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f1777299 code=0x7ffc0000 [ 427.980093][ T29] audit: type=1326 audit(1722052071.019:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11587 comm="syz.1.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f1777299 code=0x7ffc0000 [ 428.027768][ T29] audit: type=1326 audit(1722052071.019:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11587 comm="syz.1.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7fd2f1777299 code=0x7ffc0000 [ 428.069501][ T2528] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 428.077351][ T29] audit: type=1326 audit(1722052071.019:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11587 comm="syz.1.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd2f1777299 code=0x7ffc0000 [ 428.103103][ T2528] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 428.139916][ T2512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 428.154472][ T2512] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 428.263405][T11583] netlink: 'syz.2.1787': attribute type 29 has an invalid length. [ 428.415329][T11265] veth1_vlan: entered promiscuous mode [ 428.427231][T11586] netlink: 'syz.2.1787': attribute type 29 has an invalid length. [ 428.458630][T11582] netlink: 'syz.2.1787': attribute type 29 has an invalid length. [ 428.566517][ T4618] Bluetooth: hci3: command tx timeout [ 428.648802][T11596] netlink: 3696 bytes leftover after parsing attributes in process `syz.1.1790'. [ 429.586488][T11513] chnl_net:caif_netlink_parms(): no params data found [ 430.202686][ T63] hsr_slave_0: left promiscuous mode [ 430.348998][ T63] hsr_slave_1: left promiscuous mode [ 430.488751][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 430.521113][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 430.570831][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 430.578365][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 430.670815][ T63] veth1_macvtap: left promiscuous mode [ 430.676445][ T63] veth0_macvtap: left promiscuous mode [ 430.691581][ T63] veth1_vlan: left promiscuous mode [ 430.697071][ T63] veth0_vlan: left promiscuous mode [ 430.787360][ T4618] Bluetooth: hci3: command tx timeout [ 430.797568][ T58] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 431.033419][ T58] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 431.045082][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.054316][ T58] usb 2-1: Product: syz [ 431.059116][ T58] usb 2-1: Manufacturer: syz [ 431.063867][ T58] usb 2-1: SerialNumber: syz [ 431.084326][ T58] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 431.166353][ T5281] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 431.454835][ T63] team0 (unregistering): Port device team_slave_1 removed [ 431.575330][ T63] team0 (unregistering): Port device team_slave_0 removed [ 432.205905][T11617] fuse: Unknown parameter '¥ˆ8€ÕXrootmode' [ 432.265697][ T5286] usb 2-1: USB disconnect, device number 8 [ 432.348665][ T5281] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 432.357934][ T5281] ath9k_htc: Failed to initialize the device [ 432.375866][ T5286] usb 2-1: ath9k_htc: USB layer deinitialized [ 432.701985][T11627] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1800'. [ 432.847057][T11513] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.858590][T11513] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.889245][T11513] bridge_slave_0: entered allmulticast mode [ 432.933141][T11513] bridge_slave_0: entered promiscuous mode [ 432.951706][T11513] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.994115][T11513] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.020008][T11513] bridge_slave_1: entered allmulticast mode [ 433.027550][T11513] bridge_slave_1: entered promiscuous mode [ 433.043104][ T4618] Bluetooth: hci3: command tx timeout [ 433.115841][ T5286] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 433.175432][T11513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.227788][T11513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.356054][ T5286] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 433.386742][ T5286] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 433.453478][ T5286] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 433.479974][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 433.505144][ T5286] usb 3-1: SerialNumber: syz [ 433.537446][T11631] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 433.605628][T11513] team0: Port device team_slave_0 added [ 433.613102][T11265] veth0_macvtap: entered promiscuous mode [ 433.649777][T11513] team0: Port device team_slave_1 added [ 433.694450][T11265] veth1_macvtap: entered promiscuous mode [ 433.839873][T11631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.888640][T11631] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.948435][T11513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.963889][T11513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.116239][ T5313] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 434.205891][ T5286] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 434.330764][T11513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 434.408592][ T5313] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 434.513906][ T5286] usb 3-1: USB disconnect, device number 8 [ 434.536568][ T5313] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 434.546842][T11513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 434.553803][T11513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.641853][ T5313] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 434.662216][ T5313] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.684079][ T5313] usb 2-1: Product: syz [ 434.706066][T11513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 434.719385][ T5313] usb 2-1: Manufacturer: syz [ 434.724039][ T5313] usb 2-1: SerialNumber: syz [ 434.813753][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.825241][ T5313] usb 2-1: config 0 descriptor?? [ 434.839319][T11655] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 434.840936][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.851157][T11655] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 434.862513][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.878848][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.889834][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.914251][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.941416][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.952731][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.962726][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.975647][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.988177][T11265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 435.066765][T11668] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1809'. [ 435.079699][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.109269][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.132525][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.137510][T11655] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 435.163774][T11655] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 435.171085][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.185223][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.204009][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.229821][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.229851][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.229872][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.229890][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.231838][T11265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 435.329128][T11513] hsr_slave_0: entered promiscuous mode [ 435.343326][T11513] hsr_slave_1: entered promiscuous mode [ 435.354680][T11513] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 435.354792][T11513] Cannot create hsr debugfs directory [ 435.439142][T11265] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.439197][T11265] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.439225][T11265] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.439274][T11265] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.624726][ T5313] Error reading MAC address [ 435.849222][ T5282] usb 2-1: USB disconnect, device number 9 [ 435.973249][ T2512] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.991894][ T2512] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 436.074400][ T5286] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 436.213699][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 436.233224][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 436.290988][ T5286] usb 3-1: Using ep0 maxpacket: 16 [ 436.308222][ T5286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.333806][ T5286] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.343646][ T5286] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 436.627363][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.638704][ T5286] usb 3-1: config 0 descriptor?? [ 437.536522][ T5286] hid (null): invalid report_size 27652 [ 437.571835][ T5286] hid (null): unknown global tag 0xbd [ 437.646058][T11710] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1819'. [ 437.753752][ T5286] usb 3-1: string descriptor 0 read error: -71 [ 437.814636][ T5286] usb 3-1: Max retries (5) exceeded reading string descriptor 200 [ 437.850539][ T5286] letsketch 0003:6161:4D15.0006: probe with driver letsketch failed with error -32 [ 437.863485][T11513] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 437.936737][ T5286] usb 3-1: USB disconnect, device number 9 [ 437.963029][T11513] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 438.051520][T11513] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 438.099608][T11513] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 438.273486][ T5313] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 438.432108][T11513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 438.502176][ T5313] usb 1-1: Using ep0 maxpacket: 16 [ 438.509662][ T5313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 438.553069][ T5313] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 438.557488][T11513] 8021q: adding VLAN 0 to HW filter on device team0 [ 438.562905][ T5286] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 438.590976][ T5313] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.630829][ T5313] usb 1-1: Product: syz [ 438.646761][ T941] bridge0: port 1(bridge_slave_0) entered blocking state [ 438.654001][ T941] bridge0: port 1(bridge_slave_0) entered forwarding state [ 438.668688][ T5313] usb 1-1: Manufacturer: syz [ 438.673372][ T5313] usb 1-1: SerialNumber: syz [ 438.709401][ T5313] usb 1-1: config 0 descriptor?? [ 438.723383][ T5313] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 438.726138][ T941] bridge0: port 2(bridge_slave_1) entered blocking state [ 438.739999][ T941] bridge0: port 2(bridge_slave_1) entered forwarding state [ 438.750684][ T5313] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 439.113413][ T5286] usb 2-1: Using ep0 maxpacket: 32 [ 439.121991][ T5286] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 439.132907][ T5286] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 439.144119][ T5286] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 439.160834][ T5286] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 439.170746][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.181783][ T5286] usb 2-1: Product: syz [ 439.189051][ T5286] usb 2-1: Manufacturer: syz [ 439.211499][ T5286] usb 2-1: SerialNumber: syz [ 439.432624][ T5313] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 439.650086][ T5286] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 439.846894][ T5286] cdc_ncm 2-1:1.0: bind() failure [ 439.892462][ T5286] usb 2-1: USB disconnect, device number 10 [ 440.296549][T11770] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1831'. [ 440.306847][T11770] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1831'. [ 440.333867][T11513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 440.476670][ T5313] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 440.504863][ T5313] em28xx 1-1:0.0: board has no eeprom [ 440.619081][ T5313] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 440.636987][ T5313] em28xx 1-1:0.0: dvb set to bulk mode. [ 440.657738][ T5281] em28xx 1-1:0.0: Binding DVB extension [ 440.702078][ T5313] usb 1-1: USB disconnect, device number 16 [ 440.709166][ T5313] em28xx 1-1:0.0: Disconnecting em28xx [ 440.861870][ T5281] em28xx 1-1:0.0: Registering input extension [ 440.873773][ T5313] em28xx 1-1:0.0: Closing input extension [ 440.931960][ T5313] em28xx 1-1:0.0: Freeing device [ 441.270345][T11513] veth0_vlan: entered promiscuous mode [ 441.351290][T11803] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1841'. [ 441.376231][T11803] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1841'. [ 441.417105][T11513] veth1_vlan: entered promiscuous mode [ 441.461758][T11805] loop2: detected capacity change from 0 to 128 [ 441.517653][T11805] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 442.228455][T11513] veth0_macvtap: entered promiscuous mode [ 442.299929][T11513] veth1_macvtap: entered promiscuous mode [ 442.493618][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.570622][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.600294][ T4618] Bluetooth: hci6: unexpected Set CIG Parameters response data [ 442.606150][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.639159][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.681692][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.720038][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.790847][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.825787][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.855754][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.866249][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.899129][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.909628][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.169120][T11513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 443.206670][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.228037][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.253165][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.263878][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.274412][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.284981][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.295031][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.305640][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.316550][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.341981][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.365569][T11513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.376463][T11513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.410262][T11513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 443.480042][T11836] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1852'. [ 443.517507][T11836] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1852'. [ 443.555232][T11513] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.604147][T11513] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.632744][T11513] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.655875][T11513] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.701279][T11844] macvlan0: entered allmulticast mode [ 443.706813][T11844] veth1_vlan: entered allmulticast mode [ 444.041026][ T2528] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.063481][ T2528] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 444.206123][ T2528] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.227252][ T2528] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.748781][T11880] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1865'. [ 445.757937][T11880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1865'. [ 446.579136][T11908] macvlan0: entered allmulticast mode [ 446.591558][T11908] veth1_vlan: entered allmulticast mode [ 446.983941][ T5281] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 447.008587][ T4618] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 447.019215][ T4618] Bluetooth: hci6: Injecting HCI hardware error event [ 447.029287][ T4618] Bluetooth: hci6: hardware error 0x00 [ 447.142345][ C1] eth0: bad gso: type: 1, size: 1408 [ 447.243831][ T5281] usb 5-1: Using ep0 maxpacket: 16 [ 447.267347][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 447.279444][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.289755][ T5281] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 447.301365][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.313627][ T5281] usb 5-1: config 0 descriptor?? [ 447.551660][T11910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.567363][T11910] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.901757][ T5281] usbhid 5-1:0.0: can't add hid device: -71 [ 447.916427][ T5281] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 447.929550][ T5281] usb 5-1: USB disconnect, device number 12 [ 447.991964][T11926] loop2: detected capacity change from 0 to 512 [ 448.060528][T11926] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 448.120881][T11926] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 448.178709][T11926] EXT4-fs error (device loop2): ext4_add_entry:2435: inode #2: comm syz.2.1882: Directory hole found for htree leaf block 0 [ 448.325186][ T9631] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 448.879979][ C1] eth0: bad gso: type: 1, size: 1408 [ 449.248572][ T4618] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 449.540081][T11963] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1894'. [ 450.210173][ T5281] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 450.838029][ T5281] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 450.894474][ T5281] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 450.948022][ T5281] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 450.978912][ T5281] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.001068][ T5281] usb 4-1: config 0 descriptor?? [ 451.001988][ T8] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 451.119549][ C1] eth0: bad gso: type: 1, size: 1408 [ 451.268750][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 451.274069][ T5280] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 451.297887][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 451.319565][ T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 451.339075][ T8] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 451.362231][ T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 451.371494][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.379515][ T8] usb 3-1: Product: syz [ 451.385418][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 451.421736][ T8] usb 3-1: Manufacturer: syz [ 451.428778][ T8] usb 3-1: SerialNumber: syz [ 451.458598][T11997] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1906'. [ 451.471527][ T8] cdc_ncm 3-1:1.0: skipping garbage [ 451.479852][ T8] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 451.479958][ T5280] usb 1-1: Using ep0 maxpacket: 16 [ 451.486669][ T8] cdc_ncm 3-1:1.0: bind() failure [ 451.510914][ T5280] usb 1-1: config 253 has an invalid interface number: 157 but max is 3 [ 451.530009][ T5280] usb 1-1: config 253 contains an unexpected descriptor of type 0x2, skipping [ 451.541714][ T5280] usb 1-1: config 253 has an invalid interface number: 213 but max is 3 [ 451.544464][ T941] usb 4-1: USB disconnect, device number 8 [ 451.561866][ T5280] usb 1-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config [ 451.591562][ T5280] usb 1-1: config 253 has 2 interfaces, different from the descriptor's value: 4 [ 451.606448][ T5280] usb 1-1: config 253 has no interface number 0 [ 451.621741][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 451.628230][ T5280] usb 1-1: config 253 has no interface number 1 [ 451.640161][ T5280] usb 1-1: config 253 interface 157 altsetting 4 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 451.644233][ T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 451.670695][ T5280] usb 1-1: config 253 interface 157 altsetting 4 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 451.684668][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 451.705928][ T5280] usb 1-1: config 253 interface 157 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 451.722769][ T8] usb 3-1: USB disconnect, device number 10 [ 451.727875][ T5280] usb 1-1: config 253 interface 213 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 451.742083][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.742116][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 451.742168][ T9] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 451.742195][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.746695][ T9] usb 2-1: config 0 descriptor?? [ 451.814954][ T5280] usb 1-1: config 253 interface 157 has no altsetting 0 [ 451.822417][ T5280] usb 1-1: config 253 interface 213 has no altsetting 0 [ 451.842938][ T5280] usb 1-1: New USB device found, idVendor=0b05, idProduct=1791, bcdDevice= 4.57 [ 451.858727][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.889401][ T5280] usb 1-1: Product: syz [ 451.922731][ T5280] usb 1-1: Manufacturer: syz [ 451.932318][ T5280] usb 1-1: SerialNumber: syz [ 452.037566][T12004] macvlan0: entered allmulticast mode [ 452.044036][T12004] veth1_vlan: entered allmulticast mode [ 452.257224][ T5280] r8712u: register rtl8712_netdev_ops to netdev_ops [ 452.285951][ T5280] usb 1-1: r8712u: USB_SPEED_HIGH with 4 endpoints [ 452.299879][ T9] kye 0003:0458:5011.0007: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 452.326931][ T9] kye 0003:0458:5011.0007: unbalanced collection at end of report description [ 452.339009][ T5280] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 452.359692][ T9] kye 0003:0458:5011.0007: parse failed [ 452.378061][ T9] kye 0003:0458:5011.0007: probe with driver kye failed with error -22 [ 452.382786][ T5280] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 452.409776][ T5280] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 452.460373][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 452.466950][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 452.477892][ T5280] usb 1-1: Found UVC 0.00 device syz (0b05:1791) [ 452.486761][ T5280] usb 1-1: No valid video chain found. [ 452.499303][ T5280] r8712u: register rtl8712_netdev_ops to netdev_ops [ 452.506095][ T5280] usb 1-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 452.521789][ T5280] usb 1-1: r8712u: Boot from EFUSE: Autoload Failed [ 452.529820][ T9] usb 2-1: USB disconnect, device number 11 [ 452.530575][ T5280] usb 1-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 452.554138][ T5280] usb 1-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 452.556529][T12008] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns [ 452.635235][ T5280] usb 1-1: USB disconnect, device number 17 [ 452.760375][T12009] kvm: pic: non byte write [ 453.256864][T12019] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1914'. [ 453.275423][T12016] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.1914'. [ 453.425272][ C1] eth0: bad gso: type: 1, size: 1408 [ 454.798919][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.992590][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.228312][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.475573][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.552085][T12052] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1927'. [ 455.589416][T12050] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1927'. [ 455.772840][ T5238] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 455.787802][ T5238] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 455.802976][ T5238] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 455.814636][ T5238] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 455.823654][ T5238] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 455.832090][ T5238] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 456.150117][ T52] bridge_slave_1: left allmulticast mode [ 456.155864][ T52] bridge_slave_1: left promiscuous mode [ 456.208684][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.240548][ T52] bridge_slave_0: left allmulticast mode [ 456.247981][ T52] bridge_slave_0: left promiscuous mode [ 456.253801][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.387804][ T5281] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 456.607337][ T5281] usb 3-1: Using ep0 maxpacket: 32 [ 456.623342][ T5281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 456.658965][ T5281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 456.690849][ T5281] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 456.700564][ T5281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.717522][ T5281] usb 3-1: config 0 descriptor?? [ 456.723507][T12062] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 456.735515][T12069] loop3: detected capacity change from 0 to 8192 [ 456.748297][ T5281] hub 3-1:0.0: USB hub found [ 456.813370][T12069] loop3: p1 < > p2 p3 p4 < p5 > [ 456.837041][T12069] loop3: p3 size 16744448 extends beyond EOD, truncated [ 456.896167][ T5282] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 457.008352][ T5281] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 457.054657][ T5281] usbhid 3-1:0.0: can't add hid device: -71 [ 457.064771][ T5281] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 457.128175][ T5281] usb 3-1: USB disconnect, device number 11 [ 457.147243][ T5282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.169513][ T5282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.197110][T12078] loop3: detected capacity change from 0 to 512 [ 457.224405][ T5282] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 457.241373][ T5282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.262856][T12078] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 457.285192][T12078] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.1937: invalid indirect mapped block 2683928664 (level 1) [ 457.285622][ T5282] usb 5-1: config 0 descriptor?? [ 457.324293][T12078] EXT4-fs (loop3): Remounting filesystem read-only [ 457.340529][T12078] EXT4-fs (loop3): 1 truncate cleaned up [ 457.349016][T12078] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 457.369443][ T5320] udevd[5320]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 457.378576][ T5242] udevd[5242]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 457.399865][ T5319] udevd[5319]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory [ 457.409429][ T8287] udevd[8287]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 457.484338][T11265] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 457.504985][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 457.538849][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 457.553439][ T52] bond0 (unregistering): Released all slaves [ 457.824745][ T5282] hid (null): bogus close delimiter [ 457.993328][T12093] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1939'. [ 458.020942][T12094] macvlan0: entered allmulticast mode [ 458.026761][T12094] veth1_vlan: entered allmulticast mode [ 458.039335][T12087] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1939'. [ 458.062581][ T5282] usb 5-1: language id specifier not provided by device, defaulting to English [ 458.089959][ T5238] Bluetooth: hci5: command tx timeout [ 458.475355][T12104] fuse: Bad value for 'fd' [ 458.513914][ T5282] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0008/input/input15 [ 458.635101][ T5282] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0008/input/input16 [ 458.708778][ T52] hsr_slave_0: left promiscuous mode [ 458.736545][ T52] hsr_slave_1: left promiscuous mode [ 458.752748][ T5282] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0008/input/input17 [ 458.779907][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.812687][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.834849][ T5282] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0008/input/input18 [ 458.878716][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 458.888366][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 458.904285][ T5282] uclogic 0003:256C:006D.0008: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 458.944997][ T5282] usb 5-1: USB disconnect, device number 13 [ 459.233367][ T52] veth1_macvtap: left promiscuous mode [ 459.283905][ T52] veth0_macvtap: left promiscuous mode [ 459.310105][ T52] veth1_vlan: left promiscuous mode [ 459.500267][ T52] veth0_vlan: left promiscuous mode [ 460.289806][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 460.353677][ T5238] Bluetooth: hci5: command tx timeout [ 460.384756][T12133] loop1: detected capacity change from 0 to 1024 [ 460.419162][T12133] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 460.540354][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 460.584933][ T9] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 460.637329][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.680723][ T9] usb 4-1: config 0 descriptor?? [ 461.089244][ T52] team0 (unregistering): Port device team_slave_1 removed [ 461.153907][ T9572] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 461.182033][ T52] team0 (unregistering): Port device team_slave_0 removed [ 461.768216][T12130] vlan2: entered promiscuous mode [ 461.811550][T12140] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1951'. [ 461.832240][T12138] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1951'. [ 461.853506][T12059] chnl_net:caif_netlink_parms(): no params data found [ 462.128895][T12151] fuse: Bad value for 'fd' [ 462.164962][T12059] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.172148][T12059] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.248489][T12059] bridge_slave_0: entered allmulticast mode [ 462.261609][T12059] bridge_slave_0: entered promiscuous mode [ 462.319833][T12059] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.358393][T12059] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.379561][T12059] bridge_slave_1: entered allmulticast mode [ 462.401457][T12059] bridge_slave_1: entered promiscuous mode [ 462.407389][ T29] audit: type=1326 audit(1722052102.816:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 462.465962][ T29] audit: type=1326 audit(1722052102.816:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 462.494733][ T29] audit: type=1326 audit(1722052102.816:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 462.524765][ T5282] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 462.546848][ T5313] usb 4-1: USB disconnect, device number 9 [ 462.599154][ T5238] Bluetooth: hci5: command tx timeout [ 462.629710][ T29] audit: type=1326 audit(1722052102.816:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 462.652173][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.708203][T12059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.748942][ T29] audit: type=1326 audit(1722052102.826:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 462.773189][ T5282] usb 2-1: Using ep0 maxpacket: 32 [ 462.795334][T12059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.815078][ T5282] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 462.832405][ T5282] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 462.866362][ T5282] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 462.883044][ T29] audit: type=1326 audit(1722052102.826:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 462.929545][ T29] audit: type=1326 audit(1722052102.826:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 462.961223][ T5282] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 462.971041][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.003699][ T29] audit: type=1326 audit(1722052102.835:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 463.029725][ T5282] usb 2-1: Product: syz [ 463.033949][ T5282] usb 2-1: Manufacturer: syz [ 463.049903][ T5282] usb 2-1: SerialNumber: syz [ 463.070316][T12059] team0: Port device team_slave_0 added [ 463.088032][ T29] audit: type=1326 audit(1722052102.863:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 463.122053][ T5282] cdc_ncm 2-1:1.0: skipping garbage [ 463.132292][T12059] team0: Port device team_slave_1 added [ 463.144162][ T5282] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 463.167012][ T5282] cdc_ncm 2-1:1.0: bind() failure [ 463.205267][ T29] audit: type=1326 audit(1722052102.863:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12160 comm="syz.2.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feecf977299 code=0x7ffc0000 [ 463.288103][T12059] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 463.296100][T12059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.357240][ T5282] usb 2-1: USB disconnect, device number 12 [ 463.365905][T12059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 463.412213][T12059] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 463.434245][T12059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 463.494790][T12059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 463.660948][T12059] hsr_slave_0: entered promiscuous mode [ 463.676545][T12059] hsr_slave_1: entered promiscuous mode [ 464.850198][ T5238] Bluetooth: hci5: command tx timeout [ 465.527395][T12243] loop1: detected capacity change from 0 to 1024 [ 465.576816][T12243] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 465.618605][ T5313] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 465.820525][T12059] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 465.846145][ T5313] usb 5-1: Using ep0 maxpacket: 8 [ 465.870162][T12059] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 465.875174][ T5313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.925024][T12059] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 465.928792][ T5313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 465.952163][T12059] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 465.970021][ T5313] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 466.033151][ T5313] usb 5-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 466.061933][ T5313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.103067][ T5313] usb 5-1: config 0 descriptor?? [ 466.301883][ T9572] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 466.381003][T12059] 8021q: adding VLAN 0 to HW filter on device bond0 [ 466.438291][T12059] 8021q: adding VLAN 0 to HW filter on device team0 [ 466.503447][ T941] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.510660][ T941] bridge0: port 1(bridge_slave_0) entered forwarding state [ 466.550604][ T5283] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 466.573624][ T941] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.577015][ T5313] usbhid 5-1:0.0: can't add hid device: -71 [ 466.580869][ T941] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.623066][ T5313] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 466.643774][ T5313] usb 5-1: USB disconnect, device number 14 [ 466.746364][ T5283] usb 4-1: Using ep0 maxpacket: 16 [ 466.756067][ T5283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.775773][ T5283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 466.813355][ T5283] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 466.857224][ T5283] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.890525][ T5283] usb 4-1: config 0 descriptor?? [ 467.378732][T12262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 467.411948][T12059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 467.439648][T12262] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 467.502816][ T5283] hid (null): unknown global tag 0xd [ 467.519832][ T5283] hid (null): report_id 40203 is invalid [ 467.558387][ T5283] hid (null): invalid report_size -1862471209 [ 467.564570][ T5283] hid (null): invalid report_size -1217885453 [ 467.630763][T12059] veth0_vlan: entered promiscuous mode [ 467.710078][ T5283] usb 4-1: string descriptor 0 read error: -71 [ 467.734388][T12059] veth1_vlan: entered promiscuous mode [ 467.772261][ T5283] usb 4-1: Max retries (5) exceeded reading string descriptor 200 [ 467.823038][ T5283] letsketch 0003:6161:4D15.0009: probe with driver letsketch failed with error -32 [ 467.834267][ C1] eth0: bad gso: type: 1, size: 1408 [ 467.888865][ T5283] usb 4-1: USB disconnect, device number 10 [ 467.902341][T12059] veth0_macvtap: entered promiscuous mode [ 467.977841][T12059] veth1_macvtap: entered promiscuous mode [ 468.038958][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.072780][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.117685][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.131312][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.142124][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.154997][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.184757][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.203276][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.222261][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.243214][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.261603][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.272926][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.292196][T12059] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.321425][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.348731][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.367789][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.380181][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.436490][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.466661][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.488211][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.521462][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.531971][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.557296][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.577559][T12305] loop3: detected capacity change from 0 to 2048 [ 468.582908][T12059] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.629282][T12059] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.672294][T12059] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 468.816922][T12059] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.842585][T12305] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1998: bad orphan inode 8192 [ 468.858393][T12059] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.869131][T12305] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 468.912165][T12059] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.929474][T12059] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.280172][T11878] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.291379][ T5282] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 469.378021][T11878] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.531573][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.545649][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.561121][ T5282] usb 2-1: Using ep0 maxpacket: 8 [ 469.569264][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 469.589361][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 469.646502][ T5282] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 469.669125][ T5282] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 469.678624][ T5282] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.694047][ T5282] usb 2-1: config 0 descriptor?? [ 470.001271][T12334] loop0: detected capacity change from 0 to 2048 [ 470.065076][T12341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 470.105049][T12334] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 470.147436][ T5283] IPVS: starting estimator thread 0... [ 470.190673][ T5282] usbhid 2-1:0.0: can't add hid device: -71 [ 470.211928][ T5282] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 470.259168][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 470.259187][ T29] audit: type=1804 audit(1722052110.053:83): pid=12334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1921" name="/newroot/0/file1/bus" dev="loop0" ino=18 res=1 errno=0 [ 470.290898][T12344] IPVS: using max 18 ests per chain, 43200 per kthread [ 470.308950][ T5282] usb 2-1: USB disconnect, device number 13 [ 470.361772][T12334] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 470.365747][ T29] audit: type=1804 audit(1722052110.108:84): pid=12334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1921" name="/newroot/0/file1/bus" dev="loop0" ino=18 res=1 errno=0 [ 470.481984][ T29] audit: type=1804 audit(1722052110.108:85): pid=12334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1921" name="/newroot/0/file1/bus" dev="loop0" ino=18 res=1 errno=0 [ 470.511664][T12334] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28 [ 470.581998][T12334] EXT4-fs (loop0): This should not happen!! Data will be lost [ 470.581998][T12334] [ 470.639736][T12334] EXT4-fs (loop0): Total free blocks count 0 [ 470.654267][T12334] EXT4-fs (loop0): Free/Dirty block details [ 470.661759][T12334] EXT4-fs (loop0): free_blocks=2415919104 [ 470.668257][T12334] EXT4-fs (loop0): dirty_blocks=48 [ 470.673610][T12334] EXT4-fs (loop0): Block reservation details [ 470.693671][T12334] EXT4-fs (loop0): i_reserved_data_blocks=3 [ 470.822649][T12334] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 32 with max blocks 1 with error 28 [ 472.009485][T12397] tipc: Started in network mode [ 472.014748][T12397] tipc: Node identity 000000000000003a0000000000000001, cluster identity 4711 [ 472.023735][T12397] tipc: Enabling of bearer rejected, failed to enable media [ 472.241082][T12404] process 'syz.3.1998' launched './file1' with NULL argv: empty string added [ 472.408813][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 472.699563][T12422] loop1: detected capacity change from 0 to 512 [ 472.787685][T12422] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 472.845953][T12422] ext4 filesystem being mounted at /180/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 472.891941][T12435] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2028'. [ 472.917473][T12433] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2028'. [ 473.092464][ T9572] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 473.955928][T12458] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2035'. [ 474.004662][T12454] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2035'. [ 474.349210][T12466] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2039'. [ 474.362849][T12465] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2039'. [ 474.578712][ T8] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 474.793522][T11265] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.818330][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 474.871397][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 474.904914][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 474.918949][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 474.965547][ T8] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 475.028864][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 475.069045][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.077416][ T8] usb 2-1: Product: syz [ 475.081904][ T8] usb 2-1: Manufacturer: syz [ 475.092843][ T8] usb 2-1: SerialNumber: syz [ 475.119992][ T8] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 475.134941][ T8] cdc_ncm 2-1:1.0: bind() failure [ 475.354672][ T5313] usb 2-1: USB disconnect, device number 14 [ 475.431381][T12494] netlink: 'syz.0.2052': attribute type 29 has an invalid length. [ 475.455514][T12494] netlink: 'syz.0.2052': attribute type 29 has an invalid length. [ 475.469240][T12494] netlink: 'syz.0.2052': attribute type 29 has an invalid length. [ 476.112166][T12519] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2061'. [ 476.151993][T12517] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.2061'. [ 476.269222][ T8] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 476.362142][T12526] ebt_among: dst integrity fail: 101 [ 476.420899][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 476.496164][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 476.503359][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 476.511433][T12530] netlink: 'syz.2.2065': attribute type 29 has an invalid length. [ 476.533343][ T8] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 476.542874][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.548734][T12530] netlink: 'syz.2.2065': attribute type 29 has an invalid length. [ 476.556251][ T8] usb 1-1: Product: syz [ 476.564454][ T8] usb 1-1: Manufacturer: syz [ 476.569256][ T8] usb 1-1: SerialNumber: syz [ 476.585572][T12530] netlink: 'syz.2.2065': attribute type 29 has an invalid length. [ 476.587182][ T8] usb 1-1: config 0 descriptor?? [ 476.613507][ T8] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 476.626142][ T8] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 477.274515][ T8] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 477.655661][ T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 477.763402][T12548] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2073'. [ 477.801250][T12547] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2073'. [ 477.885175][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 477.889077][T12543] loop1: detected capacity change from 0 to 32768 [ 477.940479][ T9] usb 5-1: config 0 has no interfaces? [ 477.963013][T12543] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 477.973280][T12543] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 477.980771][ T9] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 478.057833][T12543] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 478.059943][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.072920][ T5313] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 478.082436][ T5313] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 478.153597][ T9] usb 5-1: config 0 descriptor?? [ 478.181483][ T8] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 478.243287][ T8] em28xx 1-1:0.0: board has no eeprom [ 478.325665][ T5313] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 224ms [ 478.348971][ T5313] gfs2: fsid=syz:syz.0: jid=0: Done [ 478.358681][T12543] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 478.370964][ T8] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 478.407419][ T8] em28xx 1-1:0.0: dvb set to bulk mode. [ 478.458158][ T5282] em28xx 1-1:0.0: Binding DVB extension [ 478.564848][ T8] usb 1-1: USB disconnect, device number 18 [ 478.616605][ T8] em28xx 1-1:0.0: Disconnecting em28xx [ 478.751920][T12558] netlink: 'syz.2.2076': attribute type 29 has an invalid length. [ 478.785081][T12543] syz.1.2071 (12543): drop_caches: 2 [ 478.790108][ T5282] em28xx 1-1:0.0: Registering input extension [ 478.807747][T12558] netlink: 'syz.2.2076': attribute type 29 has an invalid length. [ 478.854949][ T8] em28xx 1-1:0.0: Closing input extension [ 478.894172][T12558] netlink: 'syz.2.2076': attribute type 29 has an invalid length. [ 479.034450][ T8] em28xx 1-1:0.0: Freeing device [ 479.314668][T12568] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2069'. [ 479.641730][ T8] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 479.675566][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 479.857216][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 479.866086][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.881599][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.889586][ T5313] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 479.891727][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 479.912169][ T8] usb 4-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 479.921381][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.941088][ T8] usb 4-1: config 0 descriptor?? [ 480.071473][ T5313] usb 2-1: device descriptor read/64, error -71 [ 480.332206][T12582] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2084'. [ 480.342496][T12581] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2084'. [ 480.377442][ T5313] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 480.392552][ T8] usbhid 4-1:0.0: can't add hid device: -71 [ 480.415984][ T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 480.434013][ T8] usb 4-1: USB disconnect, device number 11 [ 480.559046][ T5313] usb 2-1: device descriptor read/64, error -71 [ 480.623481][ T58] usb 5-1: USB disconnect, device number 15 [ 480.720487][ T5313] usb usb2-port1: attempt power cycle [ 480.881651][T12592] netlink: 'syz.0.2089': attribute type 29 has an invalid length. [ 480.904020][T12592] netlink: 'syz.0.2089': attribute type 29 has an invalid length. [ 480.914360][T12592] netlink: 'syz.0.2089': attribute type 29 has an invalid length. [ 480.985144][T12586] loop2: detected capacity change from 0 to 32768 [ 481.012330][T12586] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 481.020679][T12586] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 481.036706][T12586] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms [ 481.066193][ T5282] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 481.082252][ T5282] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 481.205039][ T5282] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 113ms [ 481.232332][ T5313] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 481.247482][ T5282] gfs2: fsid=syz:syz.0: jid=0: Done [ 481.257022][T12586] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 481.274167][ T58] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 481.305259][ T5313] usb 2-1: device descriptor read/8, error -71 [ 481.512341][ T58] usb 5-1: Using ep0 maxpacket: 16 [ 481.538914][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 481.607608][ T58] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 481.631935][ T5313] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 481.666899][ T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.698250][ T5313] usb 2-1: device descriptor read/8, error -71 [ 481.714655][ T58] usb 5-1: Product: syz [ 481.734123][ T58] usb 5-1: Manufacturer: syz [ 481.768959][ T58] usb 5-1: SerialNumber: syz [ 481.791538][ T58] usb 5-1: config 0 descriptor?? [ 481.813329][T12586] syz.2.2087 (12586): drop_caches: 2 [ 481.818672][ T58] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 481.818713][ T58] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 481.848893][ T5313] usb usb2-port1: unable to enumerate USB device [ 482.065129][T12609] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 482.159517][T12610] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2097'. [ 482.447814][ T5238] Bluetooth: hci4: command 0x0406 tx timeout [ 482.484147][T12619] vlan2: entered promiscuous mode [ 482.490789][T12619] vlan2: entered allmulticast mode [ 482.500618][ T58] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 482.714358][T12621] loop2: detected capacity change from 0 to 512 [ 482.748355][T12621] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 482.761160][T12621] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 482.773845][T12621] System zones: 1-12 [ 482.788595][T12621] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2862: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 482.804078][T12621] EXT4-fs (loop2): 1 truncate cleaned up [ 482.811317][T12621] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 482.990424][ T9631] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 483.243954][T12629] netlink: 'syz.2.2100': attribute type 29 has an invalid length. [ 483.280108][T12629] netlink: 'syz.2.2100': attribute type 29 has an invalid length. [ 483.306884][T12629] netlink: 'syz.2.2100': attribute type 29 has an invalid length. [ 483.408682][ T58] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 483.449831][ T58] em28xx 5-1:0.0: board has no eeprom [ 483.572723][ T58] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 483.607485][ T58] em28xx 5-1:0.0: dvb set to bulk mode. [ 483.613182][ T5281] em28xx 5-1:0.0: Binding DVB extension [ 483.668824][ T58] usb 5-1: USB disconnect, device number 16 [ 483.694219][ T58] em28xx 5-1:0.0: Disconnecting em28xx [ 483.789612][ T5281] em28xx 5-1:0.0: Registering input extension [ 483.815860][ T58] em28xx 5-1:0.0: Closing input extension [ 483.858521][ T58] em28xx 5-1:0.0: Freeing device [ 484.253121][T12656] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 484.466819][T12658] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2112'. [ 485.120898][T12674] netlink: 'syz.0.2115': attribute type 29 has an invalid length. [ 485.150766][T12674] netlink: 'syz.0.2115': attribute type 29 has an invalid length. [ 485.200440][T12674] netlink: 'syz.0.2115': attribute type 29 has an invalid length. [ 485.891783][ C1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 485.891834][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 485.891864][ C1] CPU: 1 UID: 0 PID: 12696 Comm: syz.2.2123 Not tainted 6.10.0-next-20240726-syzkaller #0 [ 485.891890][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 485.891905][ C1] RIP: 0010:bq_flush_to_queue+0x44/0x610 [ 485.891947][ C1] Code: df e8 30 8b d6 ff 49 8d 5e 50 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 a6 0f 3e 00 48 8b 2b 48 89 e8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 1d 05 00 00 44 8b 65 00 4d 8d 6e 58 4c [ 485.891969][ C1] RSP: 0018:ffffc90000a18a80 EFLAGS: 00010246 [ 485.891992][ C1] RAX: 0000000000000000 RBX: ffff8880628b0990 RCX: ffff888022e88000 [ 485.892010][ C1] RDX: 0000000080000101 RSI: 0000000000000010 RDI: ffff8880628b0940 [ 485.892028][ C1] RBP: 0000000000000000 R08: ffffffff8992342a R09: 1ffffffff202fc75 [ 485.892045][ C1] R10: dffffc0000000000 R11: fffffbfff202fc76 R12: 0000000000000001 [ 485.892063][ C1] R13: ffffc90003bbf820 R14: ffff8880628b0940 R15: dffffc0000000000 [ 485.892081][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 485.892110][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 485.892125][ C1] CR2: 0000000020438000 CR3: 0000000050b4a000 CR4: 00000000003506f0 [ 485.892144][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 485.892157][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 485.892171][ C1] Call Trace: [ 485.892179][ C1] [ 485.892188][ C1] ? __die_body+0x88/0xe0 [ 485.892224][ C1] ? die_addr+0x108/0x140 [ 485.892259][ C1] ? exc_general_protection+0x3dd/0x5d0 [ 485.892300][ C1] ? asm_exc_general_protection+0x26/0x30 [ 485.892328][ C1] ? xdp_do_check_flushed+0x10a/0x240 [ 485.892362][ C1] ? bq_flush_to_queue+0x44/0x610 [ 485.892397][ C1] ? __pfx_virtnet_poll_tx+0x10/0x10 [ 485.892432][ C1] __cpu_map_flush+0x5d/0xd0 [ 485.892462][ C1] xdp_do_check_flushed+0x136/0x240 [ 485.892495][ C1] __napi_poll+0xe4/0x490 [ 485.892526][ C1] net_rx_action+0x89b/0x1240 [ 485.892570][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 485.892603][ C1] ? sched_clock+0x4a/0x70 [ 485.892638][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 485.892676][ C1] handle_softirqs+0x2c4/0x970 [ 485.892708][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 485.892738][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 485.892768][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 485.892802][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 485.892829][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 485.892863][ C1] irq_exit_rcu+0x9/0x30 [ 485.892888][ C1] common_interrupt+0xaa/0xd0 [ 485.892912][ C1] [ 485.892919][ C1] [ 485.892927][ C1] asm_common_interrupt+0x26/0x40 [ 485.892951][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 485.892983][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 8e be 37 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 83 4f 9f f5 65 8b 05 04 46 40 74 85 c0 74 43 48 c7 04 24 0e 36 [ 485.893001][ C1] RSP: 0018:ffffc90003bbf260 EFLAGS: 00000206 [ 485.893021][ C1] RAX: 8ce8043b71cad300 RBX: 1ffff92000777e50 RCX: ffffffff817022aa [ 485.893039][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0ad540 RDI: 0000000000000001 [ 485.893054][ C1] RBP: ffffc90003bbf2f0 R08: ffffffff93737837 R09: 1ffffffff26e6f06 [ 485.893094][ C1] R10: dffffc0000000000 R11: fffffbfff26e6f07 R12: dffffc0000000000 [ 485.893111][ C1] R13: 1ffff92000777e4c R14: ffffc90003bbf280 R15: 0000000000000246 [ 485.893133][ C1] ? mark_lock+0x9a/0x360 [ 485.893169][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 485.893201][ C1] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 485.893232][ C1] ? __mod_memcg_lruvec_state+0x2af/0x3b0 [ 485.893268][ C1] debug_check_no_obj_freed+0x561/0x580 [ 485.893297][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 485.893330][ C1] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 485.893356][ C1] ? lruvec_stat_sub_folio+0x260/0x3c0 [ 485.893377][ C1] ? __pfx_lruvec_stat_sub_folio+0x10/0x10 [ 485.893402][ C1] ? ___pmd_free_tlb+0x7c/0x1a0 [ 485.893432][ C1] kmem_cache_free+0x10f/0x350 [ 485.893463][ C1] ___pmd_free_tlb+0x7c/0x1a0 [ 485.893495][ C1] free_pgd_range+0x9fe/0xdd0 [ 485.893537][ C1] ? __pfx_free_pgd_range+0x10/0x10 [ 485.893566][ C1] ? __pfx_up_write+0x10/0x10 [ 485.893589][ C1] ? unlink_anon_vmas+0x5db/0x5f0 [ 485.893617][ C1] ? unlink_file_vma_batch_add+0xde/0x1e0 [ 485.893650][ C1] free_pgtables+0x719/0x840 [ 485.893681][ C1] ? __pfx_free_pgtables+0x10/0x10 [ 485.893711][ C1] ? __pfx_down_write+0x10/0x10 [ 485.893734][ C1] ? __mas_set_range+0x133/0x3c0 [ 485.893765][ C1] exit_mmap+0x447/0xc80 [ 485.893793][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 485.893817][ C1] ? __asan_memset+0x23/0x50 [ 485.893862][ C1] ? uprobe_clear_state+0x277/0x290 [ 485.893888][ C1] ? mm_update_next_owner+0xa4/0x810 [ 485.893908][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 485.893936][ C1] __mmput+0x115/0x390 [ 485.893962][ C1] exit_mm+0x220/0x310 [ 485.893982][ C1] ? __pfx_exit_mm+0x10/0x10 [ 485.894000][ C1] ? taskstats_exit+0x326/0xa60 [ 485.894034][ C1] do_exit+0x9b2/0x27f0 [ 485.894058][ C1] ? __pfx_do_exit+0x10/0x10 [ 485.894081][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 485.894118][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 485.894145][ C1] ? cgroup_freezing+0x2a8/0x350 [ 485.894178][ C1] do_group_exit+0x207/0x2c0 [ 485.894197][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 485.894224][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 485.894255][ C1] get_signal+0x16a1/0x1740 [ 485.894287][ C1] ? __pfx_get_signal+0x10/0x10 [ 485.894318][ C1] arch_do_signal_or_restart+0x96/0x830 [ 485.894347][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 485.894374][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 485.894410][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 485.894442][ C1] syscall_exit_to_user_mode+0xc9/0x370 [ 485.894475][ C1] do_syscall_64+0x100/0x230 [ 485.894506][ C1] ? clear_bhb_loop+0x35/0x90 [ 485.894531][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.894555][ C1] RIP: 0033:0x7feecf977299 [ 485.894581][ C1] Code: Unable to access opcode bytes at 0x7feecf97726f. [ 485.894592][ C1] RSP: 002b:00007feed07a20f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 485.894615][ C1] RAX: fffffffffffffe00 RBX: 00007feecfb05f88 RCX: 00007feecf977299 [ 485.894631][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feecfb05f88 [ 485.894645][ C1] RBP: 00007feecfb05f80 R08: 00007feed07a26c0 R09: 00007feed07a26c0 [ 485.894660][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feecfb05f8c [ 485.894674][ C1] R13: 000000000000000b R14: 00007ffd75163bb0 R15: 00007ffd75163c98 [ 485.894697][ C1] [ 485.894705][ C1] Modules linked in: [ 485.894721][ C1] ---[ end trace 0000000000000000 ]--- [ 486.052814][T12703] vlan2: entered promiscuous mode [ 486.053336][ C1] RIP: 0010:bq_flush_to_queue+0x44/0x610 [ 486.061284][T12703] vlan2: entered allmulticast mode [ 486.061968][ C1] Code: df e8 30 8b d6 ff 49 8d 5e 50 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 a6 0f 3e 00 48 8b 2b 48 89 e8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 1d 05 00 00 44 8b 65 00 4d 8d 6e 58 4c [ 486.559022][T12708] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 486.561535][ C1] RSP: 0018:ffffc90000a18a80 EFLAGS: 00010246 [ 486.561566][ C1] RAX: 0000000000000000 RBX: ffff8880628b0990 RCX: ffff888022e88000 [ 486.629590][ C1] RDX: 0000000080000101 RSI: 0000000000000010 RDI: ffff8880628b0940 [ 486.637639][ C1] RBP: 0000000000000000 R08: ffffffff8992342a R09: 1ffffffff202fc75 [ 486.645652][ C1] R10: dffffc0000000000 R11: fffffbfff202fc76 R12: 0000000000000001 [ 486.653703][ C1] R13: ffffc90003bbf820 R14: ffff8880628b0940 R15: dffffc0000000000 [ 486.661742][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 486.670754][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 486.677365][ C1] CR2: 0000000020438000 CR3: 0000000050b4a000 CR4: 00000000003506f0 [ 486.685408][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 486.693449][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 486.701481][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 486.709026][ C1] Kernel Offset: disabled [ 486.713354][ C1] Rebooting in 86400 seconds..