last executing test programs: 4.177751297s ago: executing program 1 (id=889): socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newlink={0x20, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x200, 0x18000}}, 0x20}}, 0x48000) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x7, &(0x7f00000000c0)="fdff", 0x2) socket$rxrpc(0x21, 0x2, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001c40)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@struct={0x3, 0x1, 0x0, 0xf, 0x0, 0x7, [{0x3, 0x1, 0x5}]}]}, {0x0, [0x4f, 0x0]}}, &(0x7f00000006c0)=""/262, 0x34, 0x106, 0x9}, 0x28) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x7, 0x4, 0x3e0, 0x110, 0x0, 0x110, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @mac=@remote, @loopback, @local, 0x1, 0x1}}}, {{@arp={@multicast2, @private=0xa010100, 0xff, 0xffffff00, 0xc, 0x4, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, {[0xff, 0xff, 0xff, 0xff, 0x0, 0xbe9240b8a223bba0]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x2, 0x6, 0x23b0, 0x9dd7, 0x80, 0x9, 'veth1_vlan\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x0, 0x12}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "716ebd2e1aa0cc683e62f312359594df00da56317f76121697127951fdba"}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430) 3.990073974s ago: executing program 1 (id=891): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0xd) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x3f, 0x40, 0x42}, 0x48) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) sendmsg$nl_route(r4, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r3}, 0x38) 3.608620067s ago: executing program 4 (id=896): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa0d81) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000002c0)={0xffffffff, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000600)={0x0, 0x7a120, 0x3171f316, {0x20003, 0x103}, 0xfffffffc, 0x9}) 3.444043229s ago: executing program 4 (id=899): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000002c0)={0xc, r1}) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000ff3f00000000000001"]) 3.294426429s ago: executing program 2 (id=901): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x7, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x10000000}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180500002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='netlink_extack\x00', r3}, 0x10) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x1c, 0x68, 0x1, 0x70bd25, 0xfffffffe, {}, [@NHA_GROUP={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40040d0) 3.293717308s ago: executing program 4 (id=902): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cubic', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x19) 3.153069973s ago: executing program 4 (id=903): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c020000190001000000000010000000ac1414bb000000000000000000000000ac1414bb00"/48, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000800000000000000000000000000000000000000000000000000000030000000084010500ac1414aa000000000000000000000000000000003200000000000000ffffffff0000000000000000000000000000000002000000000000000000000000000000ac1414aa000000000000000000000000000000002b00000000000000fe80000000000000000000000000000000000000000000000008000000000000000000007f000001000000000000000000000000000000003200000000000000e00000010000000000000000000000000000800003000000000000000000000000000000ff01000000000000000000000000000100000000330000000000000000000000000000043500000200010000000000bf0a"], 0x23c}}, 0x0) 3.112085169s ago: executing program 3 (id=904): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050001000010"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2000002, 0xe, 0x50, &(0x7f00000004c0)="df034affffffffffff0000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x34) 3.056454742s ago: executing program 4 (id=905): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4048801) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb10000000010200090502", @ANYRES32], 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="059900f3ffffff11"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x8000) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[]) 2.87700137s ago: executing program 3 (id=906): r0 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x40000) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0xc0844123, &(0x7f0000000000)=0x6) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() ptrace$ARCH_GET_FS(0x1e, r2, 0x0, 0x1003) sched_getaffinity(r2, 0x8, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r5 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x55c9, 0xc000, 0xe, 0x224}) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2.264833794s ago: executing program 1 (id=909): syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_cache\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, r0) ptrace$peeksig(0x4209, r0, &(0x7f0000000080), 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f00000001c0)=0x7) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80) ioctl$BTRFS_IOC_ADD_DEV(r3, 0x5000940a, &(0x7f0000000880)={{r2}, "d6b7be4f87f431dc321fb8d7a742192d1584ae495d8bf63ec5be72556ed3033605e8b7c191ffddee63cf58dee4a0fa8bee3f76e6b5f876b3c2a939ab8d77469d611ff5ef4270aca203072645b2138d76a9cd41939f625fde1338b36b13d98181b85e632144b448503298efe29d3928f4df02025587fa2cb9bd2955f506660cd2f66e5139b7cb2f7deacd7f62e0f9c2d0490ccff4d4f775e0702397370be279cc86d82b2ea70abfe5093e72c0d867655746a0ee1b8aa2d009a363690f2087b237cf3ef059df05f03234024fbbdec4975d2a5b1bab6278be3714b571f25fbf4d34ce74cf921266d88b406523cd9ea70504947d6979f15c2217a386ef7392548bb97473864e646ad395339541663d46b74d3d55d0d762fa1723baa5699b0b0e4ef33436c128efb329542042f050d3bffa796ab26a057d2bf01f367aa61808f5bdcc5d12c9afb1e81814b5ba063ecfb345821bc3ffc1e0e3c9876621bea6c6c8386068e4b80e44cd2c5aac6314b173be37f49737abc24255ffb8f59664c8cf64c62ba7c324d1c5e04ef0234cbb1a529c4d3a21b1a181b1ae94f314f7d652b996c355d5c4cec9622a335b20c723132762e351d97310f90c1a4828d729dcaf2622aef0dedc2fb9a917a564d8411fba4a844589918e4ddbc9cb1ae569b1c9814994dbcc5531f622878d13714f348815148d4a36494280c810e8c15f1286797099bd884dd5b562c0ec9f8d4d2c4da903b219c3b35adc6361ec76075ed2647ebc03a9d3610b6fef4b2c440048519c0e9ad7599b8bdb29593e603fb7ae5829bde1b3dcf17c8465cd41086e0045642584131f17795ef2f3181f23efd6a22015927be772ef1c3ada1286b511c0fca71ff965e9e0f54ee4172e15993a0cf2181eb9828476f43ddc4ef83dc11f4362884d754969c9efb46a1daadac93b9410995cf848929939ae5917a0e3f25d5198fa3b3c8865470c6c2317576d2bc1084694d33237eda8e49cb03c9455ae546b7bc0c60c79e84e178ef3e132b6b3d5d1638d2d36262057573cf8e3c804a6f94904b3e914a97a0c6525d82425cb1afc6e8494e66b93f88e5ad10e757128d3cfcdcb9d844652d7fe14cfedc3d0ed63bda830b0955dc98a645093f14b354266dca83b6021205c809a06fdbc261a52c3eb7b14fec28f6e5a258d6affaabc6ba538cbf7147cf75c89b9e185faeedfbe9e2b86a4cb54991667abd0eed178417d8af6840937617cd0c19ebf2d710ab27580cc357ba110bb047437d32984a53f1dc9c38f2c34096f8d417fef5eef46537668b23f7add2f667d3e26954dc634cd5bc3e25049cba09bc7fbd71b557158d880c6bce4b7bab9e203509da77551db259b3a581cb4aaa885a5f5249c7bd45cffd6aaae0d6012258fdbddae7abe5218b2f89702c6f4b0484889c26e9179ed996579b33bec5efc8a3bce3f3d623aeaa7ed88f54d578e4bb8fa92f5dbe033451f6e7d421bf8a5f47a336d7486eff3ac1c7d790508218071d04fa84ed0eee2223e26ff0e81c212ec2aa269f05c675c2fb348a1dfd75cca4887d8a4fba55bd6ac8073cc536798dd7d8eed90191206b63a5daecb5d2c78b2f275574b302a5e2aca35d92df39155576eb51e7f7995ffcb9c6156dfb980158617afab935d10c3ae53dee49f5c8071e755f2ea226a33fb74c4bc885ce568f7a3a061428694b8848840df54f04b9984705f5e1b823aebf3553084de8e9287b88bd7b31fcbe346ec8c8c7ff0bfd6464b35d3642b091ce96279cacd99c1f6ee1096ae876ff8a5cd62e5dcfcf27c342b136051a891da22fb1dea918e7c57d604d4e7993912a0154caa85524114194afd94ec627defe83ada77906fd9741dd2ae97b96c01f31cbc8c15e3d4ded3314fd66caeaea8f770ffa60ce6c5ea43cdf8588675fb01d31d7555823f81547e639d4e5bf1b1b31ad03255776a4b1ea8469b21323662c3e1c58f2ee1f47a0b4a1189065c29474f3fe2b080be4f750077400a9cccb6798e129e1a8092bcf1b6b319cb35951449a61e05b8ea7ac3590f498ad8287786644c4e73db4cb9f662a37b27876b0dc3f73978aa3164a65600825cdee7cfa3bbd2db2edd20fa186560e2f95f5bc702599c92b79303b7707032cb9cba8265737f3e42f16d880c4851c01e4301733569eec51505ad1f3b1b2919a958b55e8474df00ec708db23e518e43690e4313bbbc8ea17c3c633ebdc2fb6078dc4f7266b23e94e823e50dd7554cec6faf1fcbdf0fa9defbddd1ca364a67fb86d76a3415cb1cf7f631b9de911ffa7f2a64f609e5b682ff37cf135ad7906ce76fdc74b1f5dda6aaab4610ac1388bc89ba9beb6293c627b09530564c7e218d11f7854f1aaa86cefa97f78db29e62e08e9cff86c1ccafb9e01cf702fb81ddc1703a5893f02700dd9b214b19aa13c02743ccdc9df17005f41552dd6786e203f353116fd853001eff384e85a8d58f8f708cdaaf50703c261171f05aa87220c5b5c7b6c2b3e0714d1a09472515a4c766c34f176bf93bf44dc87228655ca084810c0d497a296a6bd9094f089b9965a4c35c086e99a34fe3f4d43e1c6eaa78a593811321f8a0cbcc479341c04820aa2a494e7a5137b395bd9c85a2c0f140ce6f5120198530a60ddb76bd304df4829e2d1b2764ee030b9547751cc589d054b5fb7cb088fc823bfaddcc50bb12d7e460045ce3aefb89277145e140249a9380ea24a3f895fed76e99f94c3228a4b1ece26162f56ce428d42687593477f107f733bf8427cbd169f7de4741abbbb3396d587ec15e16ef9df6e24c19b191b6f17d6f217d0c45eb1377bf24a767b8f6176c9667d77dff9e23f8deb029664f7731362893df0470041bbaed3cf29fa0838f742905ddb66c7ad08de8758597c1274cdeff1f8abfd399a14321b27bb215c09c41a9597be3b088700295772ed043c8b2ccfe0cfac4de654d8172f29ec6af6dfa8fa4900bf3640d815368cd25e426f9544cd71a9b7c1a170cba18093ddac8942d7a4c17c0113e5c87a4db77ca3bd235fb13beba5635d0bca361900a27760935168292068abf1a973f96f7b66b6eccf87515a22200bd5b8a4afc8e24847628477fa05740709067451ea24da8a22b2e05757c232dc95d7c434e5deaf2a3502aa9aae68953ba04522fc772dc95ca41e28ac79344e9eaa8cdf3634febbff2c45cd7c69d90f7dd07c6e1d7750b864b57fde94c63ebb7f4e87584ee3ea2657f23fd4605e3d48b746da0708add879cf6d2bb97868af506c74df0c40dc1b5e85321b80c41f7f1c047cd8caf3793b327a79004f2282223ac4dcef51f61c402b377671fc971875c8d7c869f8eb5bdbd990310b70a156db06a45d2aa26c062c4b6e82f2b4c0ef9133eddea93851147ae66d2af032df1cdfecd24ce5bb985f110b48119436ecf60b781165fa46a5ff24484de669378df8e2826889ee113380a623e4aad2e14182040ec717b0e923ee0b92aa926361a874e0fa960891698eb2c7ec366d379228813a93f542d4b7f4fe4a4600f69d9fbfd60e105044200d46bc24fa9e58553ba6f2798a1cd98a3571ad594cd00165ef058b1c234ef73069d4f716e58b974fbafd52ec54dad61cd9e5814c5fb99f614053e39a359b33f3f0a676924c948b186f505df08b764dd3c8ebaef0dcf99e5d7aa89b0186fcc8cb99f27f6b75a8f60861b5ebe8afa2a4c6d181740752c1ac6df50ff9a1b3c92ed8aba48a2fab039a394467e3e728d21b14c7ab4a9d74a4da956782a0d189dfdb18334c933f92918e7709f6e9a2779b1d457ccbb1b693f85c4e2f63ace6db246f4c4f1ecd2e5e34b8dd38d08841f3419ecab6366a0d8882271a68361f03adb688c931b4d57e9f70472bb6394d466d0ba9ee59d3cc7a348ff3909743646ce007425eaefe1dfeeccd7189eef7e90666cc51eda3f6a6279bb17b27ec9d0114a995e2823ee53a8f91843285ede90b0f132c557b8243f9d1a1183e87a702bf95c8faa29a41cfb4306694cc49fbfebc78d5d5d056f067d44feef0a2b3b4d8949c9f35f32d0a0dda6afff93f6bd9e481aa7f676936e9015337d03b28c49d27f49757ee39fd05b57baa5f44f170de534d3258faa335d1597d03ff083f53b1ad0744539db11765a3b69922b6b06b5976f1cce5f6b8a60bbc87c5ba1b91cda98c292467448a6f4b890becee1a6a48d537e975cea39e58379afa96ce8f40397e8fab8ee6506c3126cc52b57c1b74ebdb47d742e18c5fb12a462fbbdbba7079fac3192a28a9e16586b8f4d7c246243a7d8d5edc8e45f18904ae22664cc326a917d7ea7b6ee0aa632124acda1c36846c697e910fdbc146dbb62ce0dd2a33f7a42e62ca05952bbdbefa450bd6180e4fc0b0384d538b0bdf6a9f400a0a415d225c09d1fcdcc91a05edadac9cceee3755de5ab7521ea968c038aeb757273af16f1e7154f0a4f97697d30be02848b3777ae3c1f01449622e0b13e296f1db63fea641d4b1ed72dd8cee93ec57fbc9988a109ea40fad92ba91717a0304a48382c1042b03f48888b9bec242a88b27fd7ea01403839564c8d71c0b5bf0cf905eae9a786f58ded99d3efd8c49fcc1ca95aa58c884916276d460f17533ec6169d75a46a0ec7e8c295112cc94930dbd85c25d5a317a60e46580c535ff5e21387f98c01e9443ae2a642a00ed9240a7c1dc70ab05906f899029ddbd0dab60a98b22356c3350eca288723eb6649a78808b9b804d615fbded7ba927014f1a1792c6bf30661b9ed71414952d5acd6a7e68bd4ee6d7b2e71153e2d863a92b07a9e453d42880695f327b6bdc0ba49beb0f1dd936e8bb6d874d078c5413c14ef22a1705b1c950f1ff21f67185dd3414c85cd3a6c768602048a240812ac348bdd3ef0bb0a7daba3b3dd57738ac3cd8bdce8b87ed6fa48cb22cde1f85aef7e022e5bb53fbb2f828a774a12b782cbcb7110911016c79ffa3a00b46b296113287d2235da379c5c99dd9bc8a31a8b6ca721218dae7930a8c8e1aa1fa6360491f57cb72a04f85833fddff27daf69a08dcd54fa53ad73d255da33a67798b879032cd9f45c9db92689b0feb3f1eef352f102e294ed23cfc40ae40d12f2c3479cb63bb1625b4bea047673acdeb4a80f695c1d0e2a490d0979e81868a461c6462f123735c566f1c8b138baa0e6bfef94e6e3754439e28ce812de06f04c5c8a10c6bb7ccfb67912c0ea6611cb301b5bfc181f94f8f0dfc6f12ebd9c7a0c2af5a33d500d9038f679cdda118c5928c42744d6df3dd4e9b819b988f96120019889cc957559598e66d32df049a95ebd0ae33002a987e7805e19b7c34666fa38b36913fc19eeab224fba80347ddee49f1e008a008eebf76761fb59f435e43be686099df4b716bf39c2bef9c268d4d9245a5eeebf902ce1a1e1b2b678301dfe1f2ab606b52efe8e0aba60a778bc3e82b99b0485514df2049e9428ba62802f3d86fd07166098011a35d2b4396c3aaf4e1cd9da85ddaee204fb92372347294c16c385c2ef6876b07c040c5d940205e901acde436d88cf211059d0e30e90bbe914a6de59f131c1b350fb437b3f0c68a23bfe17841134b221c6763f82cb78ef3c26c60ef2158f893385996a0b32e5341e56687d6b3ff612fde4381e814dbc478cbaca3e0354ca1071ee4e87fd56fc10fff714284e468d50be180a8044679c7c0082d38d82a8723fbe760a21cf74d3595686ed571b8270d05b3b30ef8927f7ba80e36fc32712363519c935581c06d6a0d897193ef99361c142f3a7f14095f30a34f7a70553b8de3d935a3c57216de6fbba944931"}) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 1.674309122s ago: executing program 0 (id=911): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0, 0x1}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@local}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) 1.625166604s ago: executing program 2 (id=912): r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045519, &(0x7f0000000000)) 1.374530323s ago: executing program 2 (id=913): syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)}) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000004"], 0x48) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newtfilter={0x24, 0x2c, 0x10, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0x6}, {0x0, 0xfff2}, {0xc, 0xfff3}}}, 0x24}}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0xfffffffffffffe71) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x2133, &(0x7f0000000040)={0x0, 0x973, 0x1c080, 0x0, 0x44a}) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.191841728s ago: executing program 0 (id=914): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x4) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.066709874s ago: executing program 3 (id=915): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000480)=@attr_other={0x0, 0x7fff, 0x1, 0x0}) 893.183597ms ago: executing program 0 (id=916): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x44, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x3}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) 767.151252ms ago: executing program 0 (id=917): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r0, &(0x7f0000000240)=[{{&(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000080)="a923a1d1a50500040000746400009e1504511402000000895bcd3b0000000050d07cba0e", 0x24}], 0x1}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000780)="5825be06000000a8dd1a8c7ca2746314d1787b35", 0x14}], 0x1}}], 0x2, 0x4004040) 700.280859ms ago: executing program 3 (id=918): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffff", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x70}}, 0x0) sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c286dd", 0xe, 0x830, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @local}, 0x14) 697.014908ms ago: executing program 2 (id=919): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x1ff001}, {{0x0, 0x0, 0x0}, 0xaea2}, {{0x0, 0x0, 0x0}, 0xf01}, {{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/174, 0xae}, {&(0x7f0000000400)=""/243, 0xf3}, {&(0x7f0000002e00)=""/4101, 0x1005}, {&(0x7f0000000500)=""/90, 0x5a}, {&(0x7f0000000000)=""/104, 0x68}, {&(0x7f0000000340)=""/184, 0xb8}], 0x6}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0) 655.289019ms ago: executing program 1 (id=920): r0 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x40046109, &(0x7f0000000040)={0xd1, 0x0, 0x0, 0x6}) 474.913466ms ago: executing program 0 (id=921): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x400000, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r3}]}, 0x20}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x192}}, 0x20}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000020000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x18) open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={r7, 0x5}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={r7, 0x401, 0xffff}, 0x8) shutdown(0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 473.517527ms ago: executing program 2 (id=922): socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newlink={0x20, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x200, 0x18000}}, 0x20}}, 0x48000) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x7, &(0x7f00000000c0)="fdff", 0x2) socket$rxrpc(0x21, 0x2, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001c40)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@struct={0x3, 0x1, 0x0, 0xf, 0x0, 0x7, [{0x3, 0x1, 0x5}]}]}, {0x0, [0x0, 0x30]}}, &(0x7f00000006c0)=""/262, 0x34, 0x106, 0x9}, 0x28) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x7, 0x4, 0x3e0, 0x110, 0x0, 0x110, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @mac=@remote, @loopback, @local, 0x1, 0x1}}}, {{@arp={@multicast2, @private=0xa010100, 0xff, 0xffffff00, 0xc, 0x4, {@mac=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, {[0xff, 0xff, 0xff, 0xff, 0x0, 0xbe9240b8a223bba0]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0x2, 0x6, 0x23b0, 0x9dd7, 0x80, 0x9, 'veth1_vlan\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x0, 0x12}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "716ebd2e1aa0cc683e62f312359594df00da56317f76121697127951fdba"}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430) 409.217619ms ago: executing program 3 (id=923): open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x56, 0x0, 0x0) open(0x0, 0x0, 0x100) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000400)=ANY=[@ANYBLOB="0a000000000000000100004002000000030000000500000001f0ffff06000000040000000000000000000000000000000d00000000000000030000000200000003000000000000000100010000000000000000000000000001000000000000000300000006000000bf5a63242c"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 408.9182ms ago: executing program 1 (id=924): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x1c, r1, 0x6419aa27cadae9f1, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x840}, 0x8000) 293.734429ms ago: executing program 0 (id=925): r0 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x40000) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0xc0844123, &(0x7f0000000000)=0x6) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() ptrace$ARCH_GET_FS(0x1e, r2, 0x0, 0x1003) sched_getaffinity(r2, 0x8, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff4000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r5 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x55c9, 0xc000, 0xe, 0x224}) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) 197.363375ms ago: executing program 2 (id=926): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 190.413382ms ago: executing program 1 (id=927): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(0x0, r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb88}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x4, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) close(r4) r8 = socket$unix(0x1, 0x1, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x9}, {0x2, 0xb}, {0x7, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_MEMORY={0x8, 0xa, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 117.102089ms ago: executing program 4 (id=928): syz_open_dev$sg(0x0, 0x0, 0x20002) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000) sendmmsg$inet6(r0, &(0x7f00000080c0)=[{{&(0x7f0000000480)={0xa, 0x4e1e, 0x8, @private2={0xfc, 0x2, '\x00', 0x2}, 0x6}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000001880)="02", 0x1}], 0x1}}], 0x1, 0x931766f6319eed40) 0s ago: executing program 3 (id=929): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x2000, 0x0) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x21) r2 = open(&(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc8180, 0x68) preadv(r2, 0x0, 0x0, 0xd, 0x80007) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.133' (ED25519) to the list of known hosts. [ 84.235924][ T5816] cgroup: Unknown subsys name 'net' [ 84.336061][ T5816] cgroup: Unknown subsys name 'cpuset' [ 84.345224][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.108121][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.378249][ T5149] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.387243][ T5149] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.397043][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.413879][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.425212][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.433018][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.440868][ T5839] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.450400][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.459415][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.487824][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.503089][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.503181][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.511172][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.526147][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.532729][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.535621][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.548461][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.549014][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.563962][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.565416][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.571457][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.579870][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.597814][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.622022][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.635032][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.160627][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 91.388921][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 91.486809][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 91.562648][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.570465][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.578746][ T5844] bridge_slave_0: entered allmulticast mode [ 91.586548][ T5844] bridge_slave_0: entered promiscuous mode [ 91.595432][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 91.608036][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.615571][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.622849][ T5844] bridge_slave_1: entered allmulticast mode [ 91.630148][ T5844] bridge_slave_1: entered promiscuous mode [ 91.801644][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.830744][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 91.851540][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.867364][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.874762][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.882115][ T5845] bridge_slave_0: entered allmulticast mode [ 91.889392][ T5845] bridge_slave_0: entered promiscuous mode [ 91.963884][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.971137][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.978861][ T5845] bridge_slave_1: entered allmulticast mode [ 91.986524][ T5845] bridge_slave_1: entered promiscuous mode [ 92.018260][ T5844] team0: Port device team_slave_0 added [ 92.025268][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.032577][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.040157][ T5847] bridge_slave_0: entered allmulticast mode [ 92.049587][ T5847] bridge_slave_0: entered promiscuous mode [ 92.104601][ T5844] team0: Port device team_slave_1 added [ 92.110815][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.118231][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.125691][ T5847] bridge_slave_1: entered allmulticast mode [ 92.134683][ T5847] bridge_slave_1: entered promiscuous mode [ 92.162790][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.169976][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.177381][ T5846] bridge_slave_0: entered allmulticast mode [ 92.185422][ T5846] bridge_slave_0: entered promiscuous mode [ 92.194591][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.201724][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.209186][ T5846] bridge_slave_1: entered allmulticast mode [ 92.216724][ T5846] bridge_slave_1: entered promiscuous mode [ 92.252547][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.310235][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.353171][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.360255][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.387067][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.402668][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.415250][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.440596][ T5845] team0: Port device team_slave_0 added [ 92.461552][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.472600][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.480031][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.506496][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.532724][ T5149] Bluetooth: hci1: command tx timeout [ 92.533346][ T5845] team0: Port device team_slave_1 added [ 92.558722][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.611961][ T5149] Bluetooth: hci2: command tx timeout [ 92.611976][ T5843] Bluetooth: hci4: command tx timeout [ 92.624845][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.632266][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.639558][ T5848] bridge_slave_0: entered allmulticast mode [ 92.647179][ T5848] bridge_slave_0: entered promiscuous mode [ 92.656527][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.663791][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.671084][ T5848] bridge_slave_1: entered allmulticast mode [ 92.679026][ T5848] bridge_slave_1: entered promiscuous mode [ 92.687341][ T5847] team0: Port device team_slave_0 added [ 92.692555][ T5149] Bluetooth: hci3: command tx timeout [ 92.693419][ T5843] Bluetooth: hci0: command tx timeout [ 92.703573][ T5847] team0: Port device team_slave_1 added [ 92.774076][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.781256][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.807411][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.820371][ T5846] team0: Port device team_slave_0 added [ 92.873913][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.881007][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.907802][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.920865][ T5846] team0: Port device team_slave_1 added [ 92.933332][ T5844] hsr_slave_0: entered promiscuous mode [ 92.940069][ T5844] hsr_slave_1: entered promiscuous mode [ 92.949984][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.960627][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.967837][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.993925][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.007196][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.014428][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.040608][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.096699][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.124582][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.131563][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.157626][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.170750][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.177847][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.203868][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.285563][ T5848] team0: Port device team_slave_0 added [ 93.342282][ T5848] team0: Port device team_slave_1 added [ 93.354071][ T5845] hsr_slave_0: entered promiscuous mode [ 93.360653][ T5845] hsr_slave_1: entered promiscuous mode [ 93.367290][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 93.373203][ T5845] Cannot create hsr debugfs directory [ 93.397703][ T5847] hsr_slave_0: entered promiscuous mode [ 93.404379][ T5847] hsr_slave_1: entered promiscuous mode [ 93.410713][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 93.417464][ T5847] Cannot create hsr debugfs directory [ 93.503475][ T5846] hsr_slave_0: entered promiscuous mode [ 93.509945][ T5846] hsr_slave_1: entered promiscuous mode [ 93.517083][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 93.523384][ T5846] Cannot create hsr debugfs directory [ 93.530886][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.537919][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.564113][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.624701][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.631684][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.658154][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.889108][ T5848] hsr_slave_0: entered promiscuous mode [ 93.896168][ T5848] hsr_slave_1: entered promiscuous mode [ 93.902909][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 93.908670][ T5848] Cannot create hsr debugfs directory [ 94.230471][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.267033][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.296738][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.308031][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.365662][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.383313][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.416356][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.427371][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.497353][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.508026][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.534696][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.545941][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.612665][ T5843] Bluetooth: hci1: command tx timeout [ 94.657391][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.676135][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.689145][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.693100][ T5843] Bluetooth: hci2: command tx timeout [ 94.698379][ T5149] Bluetooth: hci4: command tx timeout [ 94.731165][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.772073][ T5149] Bluetooth: hci3: command tx timeout [ 94.782096][ T5149] Bluetooth: hci0: command tx timeout [ 94.799434][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.864445][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.885154][ T5848] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.897747][ T5848] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.909747][ T5848] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.943453][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.956233][ T5848] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.969465][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.011631][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.018965][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.030211][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.037410][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.047616][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.054894][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.078821][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.086027][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.167072][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.215113][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.236963][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.244134][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.278562][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.285755][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.359080][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.417300][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.444704][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.459181][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.492503][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.499683][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.543753][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.557554][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.564792][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.579436][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.619705][ T2958] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.626889][ T2958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.638160][ T2958] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.645349][ T2958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.696822][ T5844] veth0_vlan: entered promiscuous mode [ 95.728994][ T5844] veth1_vlan: entered promiscuous mode [ 95.754168][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.860907][ T5847] veth0_vlan: entered promiscuous mode [ 95.881253][ T5844] veth0_macvtap: entered promiscuous mode [ 95.908603][ T5844] veth1_macvtap: entered promiscuous mode [ 95.941508][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.950970][ T5847] veth1_vlan: entered promiscuous mode [ 95.966125][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.975667][ T5846] veth0_vlan: entered promiscuous mode [ 96.003316][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.013113][ T5846] veth1_vlan: entered promiscuous mode [ 96.050633][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.074463][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.085277][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.112508][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.121427][ T5845] veth0_vlan: entered promiscuous mode [ 96.137053][ T5845] veth1_vlan: entered promiscuous mode [ 96.155881][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.186751][ T5847] veth0_macvtap: entered promiscuous mode [ 96.197830][ T5847] veth1_macvtap: entered promiscuous mode [ 96.277002][ T5846] veth0_macvtap: entered promiscuous mode [ 96.291074][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.306666][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.336454][ T5845] veth0_macvtap: entered promiscuous mode [ 96.348161][ T5845] veth1_macvtap: entered promiscuous mode [ 96.373889][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.385922][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.403043][ T5846] veth1_macvtap: entered promiscuous mode [ 96.436309][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.447275][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.482459][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.491532][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.514112][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.523444][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.538467][ T2958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.546644][ T2958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.563910][ T5848] veth0_vlan: entered promiscuous mode [ 96.576008][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.595866][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.630339][ T50] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.640406][ T50] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.657629][ T50] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.692299][ T5149] Bluetooth: hci1: command tx timeout [ 96.707603][ T50] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.718472][ T5848] veth1_vlan: entered promiscuous mode [ 96.728745][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.763597][ T50] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.773644][ T5149] Bluetooth: hci4: command tx timeout [ 96.776028][ T50] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.779111][ T5149] Bluetooth: hci2: command tx timeout [ 96.795483][ T50] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.804871][ T50] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.847376][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.863094][ T5149] Bluetooth: hci0: command tx timeout [ 96.863187][ T5843] Bluetooth: hci3: command tx timeout [ 96.885476][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.008529][ T2958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.028658][ T2958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.057007][ T5848] veth0_macvtap: entered promiscuous mode [ 97.077454][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.102609][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.131082][ T5848] veth1_macvtap: entered promiscuous mode [ 97.143849][ T5925] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6'. [ 97.190384][ T856] cfg80211: failed to load regulatory.db [ 97.233659][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.241547][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.265267][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.288832][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.422789][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.446327][ T2958] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.478744][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.492510][ T2958] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.517937][ T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.544613][ T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.593687][ T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.638585][ T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.748120][ T5936] netlink: 'syz.1.2': attribute type 9 has an invalid length. [ 97.765738][ T5937] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10'. [ 97.858329][ T5939] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.039716][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.060917][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.252093][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.260067][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.773218][ T5843] Bluetooth: hci1: command tx timeout [ 98.852343][ T5843] Bluetooth: hci2: command tx timeout [ 98.863509][ T5843] Bluetooth: hci4: command tx timeout [ 98.934607][ T5843] Bluetooth: hci3: command tx timeout [ 98.936578][ T5149] Bluetooth: hci0: command tx timeout [ 99.042996][ T5974] netlink: 52 bytes leftover after parsing attributes in process `syz.0.22'. [ 99.071147][ T5974] batman_adv: batadv0: Adding interface: dummy0 [ 99.078573][ T5974] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.116010][ T5974] batman_adv: batadv0: Interface activated: dummy0 [ 99.548830][ T5978] syzkaller0: entered promiscuous mode [ 99.559978][ T5978] syzkaller0: entered allmulticast mode [ 99.937381][ T5996] netlink: 24 bytes leftover after parsing attributes in process `syz.3.32'. [ 100.358465][ T6008] netlink: 'syz.4.36': attribute type 12 has an invalid length. [ 100.389713][ T6008] netlink: 'syz.4.36': attribute type 29 has an invalid length. [ 100.412032][ T6008] netlink: 148 bytes leftover after parsing attributes in process `syz.4.36'. [ 100.426425][ T6008] netlink: 'syz.4.36': attribute type 2 has an invalid length. [ 100.445556][ T6008] netlink: 23 bytes leftover after parsing attributes in process `syz.4.36'. [ 100.631722][ T6019] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 100.845941][ T6025] netlink: 12 bytes leftover after parsing attributes in process `syz.4.42'. [ 100.855832][ T6010] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.856369][ T6010] batadv_slave_0: entered promiscuous mode [ 101.234083][ T6032] tipc: Started in network mode [ 101.239187][ T6032] tipc: Node identity 42186c20865d, cluster identity 4711 [ 101.277435][ T6032] tipc: Enabled bearer , priority 0 [ 101.318464][ T6032] syzkaller0: entered promiscuous mode [ 101.331957][ T6032] syzkaller0: entered allmulticast mode [ 101.350672][ T6036] tipc: Started in network mode [ 101.364986][ T6039] fuse: Bad value for 'fd' [ 101.369805][ T6036] tipc: Node identity , cluster identity 4711 [ 101.383711][ T6036] tipc: Failed to obtain node identity [ 101.399709][ T6036] tipc: Enabling of bearer rejected, failed to enable media [ 101.419692][ T6032] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 101.601145][ T6037] syzkaller0: entered promiscuous mode [ 101.628555][ T6037] syzkaller0: entered allmulticast mode [ 101.676903][ T6032] tipc: Resetting bearer [ 101.795664][ T6031] tipc: Resetting bearer [ 101.844145][ T6031] tipc: Disabling bearer [ 102.041381][ T6056] netlink: 16 bytes leftover after parsing attributes in process `syz.2.55'. [ 102.245805][ T6060] netlink: 12 bytes leftover after parsing attributes in process `syz.1.57'. [ 103.319817][ T6072] netlink: 'syz.4.62': attribute type 12 has an invalid length. [ 103.360618][ T6072] netlink: 'syz.4.62': attribute type 29 has an invalid length. [ 103.387964][ T6072] netlink: 148 bytes leftover after parsing attributes in process `syz.4.62'. [ 103.426118][ T6072] netlink: 'syz.4.62': attribute type 2 has an invalid length. [ 103.461247][ T6072] netlink: 23 bytes leftover after parsing attributes in process `syz.4.62'. [ 103.562580][ T6076] tipc: Started in network mode [ 103.580383][ T6076] tipc: Node identity 6600cabdf941, cluster identity 4711 [ 103.600826][ T6076] tipc: Enabled bearer , priority 0 [ 103.632494][ T6081] syzkaller0: entered promiscuous mode [ 103.639221][ T6084] netlink: 12 bytes leftover after parsing attributes in process `syz.1.68'. [ 103.667320][ T6081] syzkaller0: entered allmulticast mode [ 103.731672][ T6091] netlink: 16 bytes leftover after parsing attributes in process `syz.0.70'. [ 103.781217][ T6076] tipc: Resetting bearer [ 103.846865][ T6075] tipc: Resetting bearer [ 103.857293][ T6095] netlink: 12 bytes leftover after parsing attributes in process `syz.4.71'. [ 103.935086][ T6075] tipc: Disabling bearer [ 103.966938][ T6099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.73'. [ 104.004076][ T6099] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 104.006917][ T6098] syz.0.74 uses obsolete (PF_INET,SOCK_PACKET) [ 104.012083][ T6099] IPv6: NLM_F_CREATE should be set when creating new route [ 104.267114][ T6110] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 104.674933][ T6120] netlink: 52 bytes leftover after parsing attributes in process `syz.1.84'. [ 104.717473][ T6120] netlink: 52 bytes leftover after parsing attributes in process `syz.1.84'. [ 104.743482][ T6120] netlink: 52 bytes leftover after parsing attributes in process `syz.1.84'. [ 105.625155][ T6159] openvswitch: netlink: Message has 1 unknown bytes. [ 105.643826][ T6159] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.825123][ T6161] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.833484][ T6161] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.030698][ T6161] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.049281][ T6161] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.288922][ T1096] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.306525][ T1096] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.333633][ T1096] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.365267][ T1096] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.470605][ T6187] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.939546][ T6205] tipc: Enabled bearer , priority 0 [ 106.972525][ T6205] syzkaller0: entered promiscuous mode [ 107.007739][ T6205] syzkaller0: entered allmulticast mode [ 107.085644][ T6205] tipc: Resetting bearer [ 107.132071][ T6204] tipc: Resetting bearer [ 107.230125][ T6204] tipc: Disabling bearer [ 107.400409][ T6229] __nla_validate_parse: 5 callbacks suppressed [ 107.400431][ T6229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.130'. [ 107.580722][ T6235] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.590208][ T6235] batadv_slave_0: entered promiscuous mode [ 107.635240][ T6241] tipc: Started in network mode [ 107.652432][ T6241] tipc: Node identity 1a81010e272a, cluster identity 4711 [ 107.659915][ T6241] tipc: Enabled bearer , priority 0 [ 107.668386][ T6241] syzkaller0: entered promiscuous mode [ 107.677536][ T6241] syzkaller0: entered allmulticast mode [ 107.688565][ T6241] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 107.713608][ T6241] tipc: Resetting bearer [ 107.730012][ T6240] tipc: Resetting bearer [ 107.759610][ T6240] tipc: Disabling bearer [ 108.019937][ T6256] netlink: 104 bytes leftover after parsing attributes in process `syz.1.142'. [ 108.670608][ T6282] C: renamed from team_slave_0 (while UP) [ 108.704021][ T6282] netlink: 'syz.3.156': attribute type 3 has an invalid length. [ 108.745186][ T6282] netlink: 152 bytes leftover after parsing attributes in process `syz.3.156'. [ 108.758532][ T6282] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 108.923574][ T6290] netlink: 104 bytes leftover after parsing attributes in process `syz.4.161'. [ 108.994987][ T6294] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.163'. [ 109.061445][ T6294] workqueue: name exceeds WQ_NAME_LEN. Truncating to: &!=@Vgc!\㻚 ΁ [ 109.148179][ T6292] syzkaller0: entered promiscuous mode [ 109.163001][ T6292] syzkaller0: entered allmulticast mode [ 109.473692][ T6314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.171'. [ 110.722612][ T6326] netlink: 104 bytes leftover after parsing attributes in process `syz.4.176'. [ 110.853167][ T6335] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 113.886381][ T6431] netlink: 104 bytes leftover after parsing attributes in process `syz.2.223'. [ 114.606559][ T6458] netlink: 104 bytes leftover after parsing attributes in process `syz.0.236'. [ 114.883760][ T6468] tipc: Started in network mode [ 114.888719][ T6468] tipc: Node identity 4e888a016254, cluster identity 4711 [ 114.905979][ T6468] tipc: Enabled bearer , priority 0 [ 114.927126][ T6468] syzkaller0: entered promiscuous mode [ 114.946167][ T6468] syzkaller0: entered allmulticast mode [ 114.956234][ T6468] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 114.977821][ T6468] tipc: Resetting bearer [ 114.984564][ T6475] netlink: 60 bytes leftover after parsing attributes in process `syz.2.241'. [ 114.998758][ T6466] tipc: Resetting bearer [ 115.017175][ T6466] tipc: Disabling bearer [ 115.038767][ T6469] netlink: 60 bytes leftover after parsing attributes in process `syz.2.241'. [ 115.051314][ T6471] netlink: 60 bytes leftover after parsing attributes in process `syz.2.241'. [ 116.146772][ T6524] Zero length message leads to an empty skb [ 116.434152][ T6540] netlink: 14 bytes leftover after parsing attributes in process `syz.1.274'. [ 116.674582][ T6540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.703751][ T6540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.715733][ T6540] bond0 (unregistering): Released all slaves [ 116.817006][ T6555] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.825875][ T6555] batadv_slave_0: entered promiscuous mode [ 117.071344][ T6567] netlink: 32 bytes leftover after parsing attributes in process `syz.4.285'. [ 117.083953][ T6564] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 118.057915][ T6607] netlink: 12 bytes leftover after parsing attributes in process `syz.1.304'. [ 118.112618][ T6611] netlink: 12 bytes leftover after parsing attributes in process `syz.3.307'. [ 118.627044][ T6632] netlink: 24 bytes leftover after parsing attributes in process `syz.1.316'. [ 118.887076][ T6645] netlink: 'syz.1.318': attribute type 6 has an invalid length. [ 119.230068][ T6659] netlink: 24 bytes leftover after parsing attributes in process `syz.2.328'. [ 119.302177][ T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 119.462148][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 119.488470][ T43] usb 4-1: config 0 has an invalid interface number: 120 but max is 0 [ 119.521863][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 119.551838][ T43] usb 4-1: config 0 has no interface number 0 [ 119.577339][ T43] usb 4-1: config 0 interface 120 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 119.617472][ T43] usb 4-1: config 0 interface 120 has no altsetting 0 [ 119.636198][ T43] usb 4-1: New USB device found, idVendor=0421, idProduct=0475, bcdDevice=41.76 [ 119.681852][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.690282][ T43] usb 4-1: Product: syz [ 119.730730][ T43] usb 4-1: Manufacturer: syz [ 119.745033][ T43] usb 4-1: SerialNumber: syz [ 119.789353][ T43] usb 4-1: config 0 descriptor?? [ 119.840101][ T43] rndis_host 4-1:0.120: skipping garbage [ 119.869280][ T6681] netlink: 68 bytes leftover after parsing attributes in process `syz.2.338'. [ 119.894755][ T43] usb 4-1: bad CDC descriptors [ 119.909974][ T43] cdc_acm 4-1:0.120: Zero length descriptor references [ 119.937448][ T43] cdc_acm 4-1:0.120: probe with driver cdc_acm failed with error -22 [ 120.039776][ T43] usb 4-1: USB disconnect, device number 2 [ 120.106559][ T6689] netlink: 44 bytes leftover after parsing attributes in process `syz.2.340'. [ 120.426351][ T6701] netlink: 12 bytes leftover after parsing attributes in process `syz.2.345'. [ 120.509160][ T6703] netlink: 72 bytes leftover after parsing attributes in process `syz.0.346'. [ 120.712194][ T6710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.349'. [ 120.721479][ T6710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.349'. [ 120.738805][ T6711] netlink: 124 bytes leftover after parsing attributes in process `syz.4.351'. [ 121.049265][ T6722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.357'. [ 121.058871][ T6727] netlink: 44 bytes leftover after parsing attributes in process `syz.3.356'. [ 121.375287][ T6738] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 121.667645][ T6748] process 'syz.3.364' launched './file0' with NULL argv: empty string added [ 122.492921][ T5149] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 122.742748][ T5831] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 122.924400][ T5831] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 122.944660][ T5831] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 122.975871][ T5831] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 122.998706][ T5831] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.009172][ T5831] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.036959][ T5831] usb 4-1: config 0 descriptor?? [ 123.055844][ T5831] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 123.093104][ T856] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 123.195544][ T6803] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 123.262897][ T5831] usb 4-1: USB disconnect, device number 3 [ 123.292015][ T856] usb 3-1: Using ep0 maxpacket: 8 [ 123.305600][ T856] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 123.318957][ T856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.340832][ T856] usb 3-1: Product: syz [ 123.345228][ T856] usb 3-1: Manufacturer: syz [ 123.379654][ T856] usb 3-1: SerialNumber: syz [ 123.607450][ T856] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 123.878318][ C0] usblp0: nonzero write bulk status received: -71 [ 123.894415][ T5893] usb 3-1: USB disconnect, device number 2 [ 123.919731][ T5893] usblp0: removed [ 124.209853][ T6827] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.217699][ T6827] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.425983][ T6827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.504402][ T6827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.542029][ T5906] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 124.587614][ T6844] __nla_validate_parse: 7 callbacks suppressed [ 124.587637][ T6844] netlink: 48 bytes leftover after parsing attributes in process `syz.1.407'. [ 124.716488][ T5906] usb 5-1: Using ep0 maxpacket: 32 [ 124.756086][ T5906] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 124.774020][ T6850] netlink: 12 bytes leftover after parsing attributes in process `syz.0.409'. [ 124.783547][ T5906] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 124.804783][ T5906] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 124.825516][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 124.852504][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 124.872540][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 124.896243][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 124.916772][ T5906] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 124.930930][ T5906] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 124.948770][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.955462][ T6858] netlink: 60 bytes leftover after parsing attributes in process `syz.2.413'. [ 124.964352][ T5906] usb 5-1: config 0 descriptor?? [ 125.049365][ T13] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.090966][ T6860] netlink: 44 bytes leftover after parsing attributes in process `syz.2.414'. [ 125.121413][ T13] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.152188][ T13] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.179276][ T5906] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 125.205680][ T13] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.239009][ T5906] usb 5-1: USB disconnect, device number 2 [ 125.269354][ T5906] usblp0: removed [ 125.299952][ T6867] netlink: 72 bytes leftover after parsing attributes in process `syz.2.417'. [ 125.320575][ T6867] netlink: 72 bytes leftover after parsing attributes in process `syz.2.417'. [ 125.438985][ T6874] netlink: 48 bytes leftover after parsing attributes in process `syz.0.420'. [ 125.452329][ T5893] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 125.612202][ T5893] usb 2-1: Using ep0 maxpacket: 8 [ 125.629921][ T5893] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 125.646157][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.667123][ T5893] usb 2-1: Product: syz [ 125.676988][ T5893] usb 2-1: Manufacturer: syz [ 125.685908][ T5893] usb 2-1: SerialNumber: syz [ 125.702713][ T5906] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 125.719534][ T5893] usb 2-1: config 0 descriptor?? [ 125.735128][ T6884] netlink: 60 bytes leftover after parsing attributes in process `syz.2.424'. [ 125.862087][ T5906] usb 5-1: Using ep0 maxpacket: 32 [ 125.867079][ T6886] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.875051][ T6886] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.878706][ T5906] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 125.898034][ T5906] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 125.919939][ T5906] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 125.937841][ T6886] batman_adv: batadv0: Interface deactivated: dummy0 [ 125.947495][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 125.952092][ T5893] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 125.960544][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 125.980157][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 125.990730][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 126.001319][ T5906] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 126.014621][ T5906] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 126.023959][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.044749][ T5906] usb 5-1: config 0 descriptor?? [ 126.166209][ T6886] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.180036][ T5893] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 126.208660][ T5893] usb 2-1: USB disconnect, device number 2 [ 126.261905][ T5906] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 126.300898][ T5906] usb 5-1: USB disconnect, device number 3 [ 126.327527][ T5906] usblp0: removed [ 126.435201][ T6899] batadv_slave_0: entered promiscuous mode [ 126.441490][ T13] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.455216][ T13] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.465299][ T13] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.474423][ T13] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.533234][ T5149] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 126.542549][ T5149] Bluetooth: hci0: Injecting HCI hardware error event [ 126.550773][ T5843] Bluetooth: hci0: hardware error 0x00 [ 126.953379][ T6913] netlink: 104 bytes leftover after parsing attributes in process `syz.2.434'. [ 127.161853][ T30] audit: type=1326 audit(1760386061.096:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6921 comm="syz.4.439" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2074d8eec9 code=0x0 [ 127.331657][ T6933] netlink: 8 bytes leftover after parsing attributes in process `syz.0.443'. [ 127.499615][ T6939] binder_alloc: 6938: binder_alloc_buf, no vma [ 127.864457][ T6953] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 128.615581][ T5843] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 129.416581][ T6966] netlink: 'syz.2.457': attribute type 27 has an invalid length. [ 129.441942][ T6966] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 129.522444][ T6996] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 129.536666][ T6996] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 129.575713][ T6996] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 129.586539][ T6996] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 129.609122][ T6996] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 129.621677][ T6996] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 129.638235][ T6996] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 129.650625][ T6996] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 129.683103][ T6996] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 129.693303][ T6996] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 129.705550][ T6996] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 129.716784][ T6996] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 129.825289][ T7010] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 129.984460][ T5843] Bluetooth: hci1: unexpected event for opcode 0x200d [ 130.005132][ T7018] __nla_validate_parse: 5 callbacks suppressed [ 130.005151][ T7018] netlink: 4 bytes leftover after parsing attributes in process `syz.4.479'. [ 130.020780][ T7018] bridge_slave_1: left allmulticast mode [ 130.027148][ T7018] bridge_slave_1: left promiscuous mode [ 130.035436][ T7018] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.087437][ T7018] bridge_slave_0: left allmulticast mode [ 130.094748][ T7018] bridge_slave_0: left promiscuous mode [ 130.120475][ T7018] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.219702][ T7025] syzkaller0: entered promiscuous mode [ 130.225515][ T7025] syzkaller0: entered allmulticast mode [ 130.229691][ T7028] netlink: 'syz.2.480': attribute type 6 has an invalid length. [ 130.609357][ T7041] netlink: 8 bytes leftover after parsing attributes in process `syz.4.486'. [ 130.843934][ T7051] netlink: 8 bytes leftover after parsing attributes in process `syz.1.492'. [ 130.914297][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.4.493'. [ 131.636213][ T7080] netlink: 4 bytes leftover after parsing attributes in process `syz.0.507'. [ 131.653098][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 131.653110][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 131.656831][ T7080] bridge_slave_1: left allmulticast mode [ 131.692332][ T7080] bridge_slave_1: left promiscuous mode [ 131.716352][ T7080] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.737242][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 131.750769][ T7080] bridge_slave_0: left allmulticast mode [ 131.786938][ T7080] bridge_slave_0: left promiscuous mode [ 131.794786][ T7080] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.033256][ T7095] netlink: 52 bytes leftover after parsing attributes in process `syz.1.512'. [ 132.046725][ T7095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.512'. [ 132.069974][ T7095] netlink: 52 bytes leftover after parsing attributes in process `syz.1.512'. [ 132.082738][ T7095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.512'. [ 132.091573][ T7095] netlink: 52 bytes leftover after parsing attributes in process `syz.1.512'. [ 132.962931][ T5906] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 133.121871][ T5906] usb 4-1: Using ep0 maxpacket: 8 [ 133.134974][ T5906] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 133.144407][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.161980][ T5906] usb 4-1: Product: syz [ 133.166255][ T5906] usb 4-1: Manufacturer: syz [ 133.170891][ T5906] usb 4-1: SerialNumber: syz [ 133.184616][ T5906] usb 4-1: config 0 descriptor?? [ 133.197098][ T5906] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 133.280590][ T7149] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 133.437217][ T7154] syzkaller0: entered promiscuous mode [ 133.443242][ T7154] syzkaller0: entered allmulticast mode [ 133.732052][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 133.732059][ T5149] Bluetooth: hci3: command 0x0c1a tx timeout [ 133.812894][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 133.957314][ T5843] Bluetooth: hci1: unexpected event for opcode 0x2042 [ 134.051963][ T5843] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 134.061226][ T5843] Bluetooth: hci1: Injecting HCI hardware error event [ 134.069378][ T5149] Bluetooth: hci1: hardware error 0x00 [ 135.814388][ T52] Bluetooth: hci3: command 0x0c1a tx timeout [ 135.820971][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 135.827976][ T5906] gspca_sonixj: reg_w1 err -71 [ 135.844016][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 135.865758][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 135.892139][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 135.912256][ T5906] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 135.938681][ T5906] usb 4-1: USB disconnect, device number 4 [ 135.967039][ T7208] __nla_validate_parse: 12 callbacks suppressed [ 135.967060][ T7208] netlink: 52 bytes leftover after parsing attributes in process `syz.4.563'. [ 135.985186][ T7208] netlink: 4 bytes leftover after parsing attributes in process `syz.4.563'. [ 135.995006][ T7208] netlink: 52 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.007218][ T7208] netlink: 4 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.016429][ T7208] netlink: 52 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.088459][ T7208] netlink: 52 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.098179][ T7208] netlink: 4 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.113207][ T7208] netlink: 52 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.122727][ T7208] netlink: 4 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.131708][ T7208] netlink: 52 bytes leftover after parsing attributes in process `syz.4.563'. [ 136.141442][ T5149] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 136.612617][ T7223] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 137.013117][ T6030] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 137.171959][ T6030] usb 1-1: Using ep0 maxpacket: 32 [ 137.180135][ T6030] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 137.203216][ T6030] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 137.228577][ T6030] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 137.248093][ T6030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 137.274049][ T6030] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 137.291824][ T6030] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 137.324849][ T6030] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 137.351488][ T6030] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.371060][ T6030] usb 1-1: config 0 descriptor?? [ 137.583859][ T6030] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 137.617073][ T6030] usb 1-1: USB disconnect, device number 2 [ 137.654712][ T6030] usblp0: removed [ 138.155887][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.166304][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.938063][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 138.962208][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 139.003868][ T7277] syzkaller0: entered promiscuous mode [ 139.021630][ T7277] syzkaller0: entered allmulticast mode [ 139.350167][ T7287] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 139.359170][ T7287] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 140.064241][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 141.241917][ T5907] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 141.402737][ T5907] usb 4-1: Using ep0 maxpacket: 16 [ 141.423588][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.434942][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.444846][ T5907] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 141.457866][ T5907] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 141.467390][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.489482][ T5907] usb 4-1: config 0 descriptor?? [ 141.931591][ T5907] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0001/input/input5 [ 141.958413][ T5907] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 142.210624][ T5906] usb 4-1: USB disconnect, device number 5 [ 142.531546][ T7310] fido_id[7310]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 143.243994][ T7336] __nla_validate_parse: 7 callbacks suppressed [ 143.244013][ T7336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.611'. [ 143.856820][ T7344] tipc: Enabled bearer , priority 0 [ 143.904978][ T7344] tipc: Resetting bearer [ 143.927881][ T7346] kvm: pic: single mode not supported [ 143.928027][ T7346] kvm: pic: level sensitive irq not supported [ 143.963070][ T7343] tipc: Disabling bearer [ 144.141997][ T856] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 144.312874][ T856] usb 1-1: Using ep0 maxpacket: 16 [ 144.323559][ T856] usb 1-1: config index 0 descriptor too short (expected 98, got 36) [ 144.332381][ T856] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.351862][ T856] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.379858][ T856] usb 1-1: New USB device found, idVendor=046d, idProduct=c51b, bcdDevice= 0.00 [ 144.391185][ T856] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.410311][ T856] usb 1-1: config 0 descriptor?? [ 144.611860][ T5906] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 144.772073][ T5906] usb 5-1: Using ep0 maxpacket: 16 [ 144.783502][ T5906] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 144.801889][ T5906] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.832297][ T5906] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 144.839449][ T856] logitech-djreceiver 0003:046D:C51B.0002: unknown main item tag 0x0 [ 144.855512][ T5906] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 144.871176][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.877674][ T856] logitech-djreceiver 0003:046D:C51B.0002: unknown main item tag 0x0 [ 144.895257][ T5906] usb 5-1: Product: syz [ 144.903957][ T5906] usb 5-1: Manufacturer: syz [ 144.914772][ T5906] usb 5-1: SerialNumber: syz [ 144.919547][ T856] logitech-djreceiver 0003:046D:C51B.0002: unknown main item tag 0x0 [ 144.938355][ T856] logitech-djreceiver 0003:046D:C51B.0002: unknown main item tag 0x0 [ 144.975175][ T856] logitech-djreceiver 0003:046D:C51B.0002: unknown main item tag 0x0 [ 145.040638][ T5907] usb 1-1: USB disconnect, device number 3 [ 145.357604][ T5906] usb 5-1: 0:2 : does not exist [ 145.981181][ T5906] usb 5-1: 1:0: failed to get current value for ch 0 (-22) [ 146.087295][ T5906] usb 5-1: USB disconnect, device number 4 [ 146.175424][ T5885] udevd[5885]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 146.814744][ T7410] netlink: 666 bytes leftover after parsing attributes in process `syz.4.640'. [ 147.411662][ T7421] netlink: 108 bytes leftover after parsing attributes in process `syz.1.644'. [ 147.462391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 147.583996][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 147.730961][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 147.984734][ T7437] netlink: 24 bytes leftover after parsing attributes in process `syz.0.652'. [ 148.044729][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 148.055361][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 148.241901][ T5906] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 148.317268][ T7440] netlink: 8 bytes leftover after parsing attributes in process `syz.0.653'. [ 148.386760][ T7440] netlink: 200 bytes leftover after parsing attributes in process `syz.0.653'. [ 148.403927][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.421649][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.442327][ T5906] usb 5-1: New USB device found, idVendor=09da, idProduct=0006, bcdDevice= 0.00 [ 148.461730][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.683216][ T5906] usb 5-1: config 0 descriptor?? [ 148.949374][ T7442] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 149.103861][ T5906] a4tech 0003:09DA:0006.0003: unknown main item tag 0x0 [ 149.111360][ T5906] a4tech 0003:09DA:0006.0003: unexpected long global item [ 149.130755][ T5906] a4tech 0003:09DA:0006.0003: parse failed [ 149.152030][ T5906] a4tech 0003:09DA:0006.0003: probe with driver a4tech failed with error -22 [ 149.305898][ T856] usb 5-1: USB disconnect, device number 5 [ 149.862368][ T7471] netlink: 'syz.2.665': attribute type 12 has an invalid length. [ 149.881853][ T7471] netlink: 'syz.2.665': attribute type 29 has an invalid length. [ 149.905740][ T7471] netlink: 148 bytes leftover after parsing attributes in process `syz.2.665'. [ 150.461903][ T856] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 150.603232][ T5906] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 150.622275][ T856] usb 5-1: Using ep0 maxpacket: 32 [ 150.646692][ T856] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 150.671066][ T856] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 150.690208][ T856] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 150.714588][ T856] usb 5-1: config 1 has no interface number 0 [ 150.736446][ T856] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 150.755053][ T7516] netlink: 'syz.3.673': attribute type 1 has an invalid length. [ 150.773618][ T856] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 150.773859][ T5906] usb 3-1: Using ep0 maxpacket: 8 [ 150.823684][ T5906] usb 3-1: config 0 has an invalid interface number: 134 but max is 0 [ 150.824620][ T856] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 150.841863][ T5906] usb 3-1: config 0 has no interface number 0 [ 150.848146][ T5906] usb 3-1: config 0 interface 134 has no altsetting 0 [ 150.855666][ T5906] usb 3-1: New USB device found, idVendor=054c, idProduct=0095, bcdDevice=7f.a6 [ 150.866120][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.872236][ T856] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.887270][ T5906] usb 3-1: config 0 descriptor?? [ 150.925763][ T856] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 150.966685][ T7518] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 151.112429][ T5906] usb 3-1: string descriptor 0 read error: -71 [ 151.137167][ T5906] usb 3-1: active config #0 != 1 ?? [ 151.138879][ T856] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 151.151612][ T7516] veth3: entered promiscuous mode [ 151.178447][ T7516] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 151.200697][ T5906] usb 3-1: USB disconnect, device number 3 [ 151.554275][ T7536] binder: BINDER_SET_CONTEXT_MGR already set [ 151.557130][ T856] usb 5-1: USB disconnect, device number 6 [ 151.560656][ T7536] binder: 7535:7536 ioctl 4018620d 200000000040 returned -16 [ 151.570163][ T856] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 152.006221][ T7547] netlink: 'syz.2.682': attribute type 6 has an invalid length. [ 152.411897][ T5921] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 152.522285][ T856] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 152.572115][ T5921] usb 2-1: Using ep0 maxpacket: 32 [ 152.585410][ T5921] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 152.596834][ T5921] usb 2-1: config 0 has no interface number 0 [ 152.603922][ T5921] usb 2-1: config 0 interface 184 has no altsetting 0 [ 152.614409][ T5921] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 152.623848][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.632053][ T5921] usb 2-1: Product: syz [ 152.636502][ T5921] usb 2-1: Manufacturer: syz [ 152.641236][ T5921] usb 2-1: SerialNumber: syz [ 152.650383][ T5921] usb 2-1: config 0 descriptor?? [ 152.658733][ T5921] smsc75xx v1.0.0 [ 152.664205][ T5921] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 152.675137][ T5921] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22 [ 152.693085][ T856] usb 4-1: not running at top speed; connect to a high speed hub [ 152.709288][ T856] usb 4-1: config 1 has an invalid interface number: 111 but max is 0 [ 152.720024][ T856] usb 4-1: config 1 has no interface number 0 [ 152.733368][ T856] usb 4-1: config 1 interface 111 has no altsetting 0 [ 152.751044][ T856] usb 4-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=42.a5 [ 152.765968][ T856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.792322][ T856] usb 4-1: Product: syz [ 152.798066][ T856] usb 4-1: Manufacturer: syz [ 152.809589][ T856] usb 4-1: SerialNumber: syz [ 152.853150][ T7567] netlink: 96 bytes leftover after parsing attributes in process `syz.2.691'. [ 153.058271][ T856] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state. [ 153.083322][ T856] usb 4-1: setting power ON [ 153.097462][ T856] dvb-usb: bulk message failed: -22 (2/0) [ 153.140437][ T5907] usb 2-1: USB disconnect, device number 3 [ 153.263560][ T856] dvb-usb: bulk message failed: -22 (1/0) [ 153.348387][ T7576] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 153.354840][ T7576] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 153.362095][ T7576] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 153.379777][ T856] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 153.398033][ T856] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19) [ 153.417882][ T856] dvb_usb_cxusb 4-1:1.111: probe with driver dvb_usb_cxusb failed with error -22 [ 153.432781][ T856] usb 4-1: USB disconnect, device number 6 [ 154.276759][ T7603] netlink: 12 bytes leftover after parsing attributes in process `syz.4.705'. [ 154.663850][ T7618] tipc: Enabled bearer , priority 0 [ 154.672584][ T7618] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 154.690866][ T7618] tipc: Resetting bearer [ 154.715621][ T7616] tipc: Disabling bearer [ 155.201859][ T43] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 155.334094][ T5149] Bluetooth: hci2: command 0x0c1a tx timeout [ 155.361902][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 155.383357][ T43] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 155.410449][ T43] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 155.422542][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 155.429820][ T5149] Bluetooth: hci4: command 0x0405 tx timeout [ 155.437859][ T43] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 155.449437][ T7639] netlink: 16 bytes leftover after parsing attributes in process `syz.0.718'. [ 155.500472][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 155.557264][ T43] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 155.621632][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 155.652551][ T43] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 155.671864][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.692873][ T43] usb 3-1: config 0 descriptor?? [ 155.913039][ T43] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 155.969423][ T43] usb 3-1: USB disconnect, device number 4 [ 156.004886][ T43] usblp0: removed [ 156.432288][ T43] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 156.688662][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 156.702859][ T43] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 156.711275][ T43] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 156.736256][ T43] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 156.751837][ T7664] libceph: resolve ' [ 156.751837][ T7664] -&fYǝa2i [ 156.751837][ T7664] .?&*&' (ret=-3): failed [ 156.772364][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 156.805131][ T43] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 156.841972][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 156.912674][ T43] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 156.934354][ T7669] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 156.949931][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.973212][ T43] usb 3-1: config 0 descriptor?? [ 157.212941][ T43] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 157.234045][ T5906] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 157.272683][ T43] usb 3-1: USB disconnect, device number 5 [ 157.318412][ T43] usblp0: removed [ 157.426279][ T5906] usb 5-1: Using ep0 maxpacket: 8 [ 157.446249][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 157.461575][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 157.473177][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 157.486638][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 157.506080][ T5906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 157.517646][ T5906] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 157.638752][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.660703][ T5906] usb 5-1: config 0 descriptor?? [ 157.677699][ T7674] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 157.860897][ T7688] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 158.306704][ T5149] Bluetooth: hci5: Opcode 0x0c03 failed: -71 [ 158.372264][ T5921] usb 5-1: USB disconnect, device number 7 [ 158.655236][ T7701] tipc: Started in network mode [ 158.660389][ T7701] tipc: Node identity 26887d650a58, cluster identity 4711 [ 158.680268][ T7701] tipc: Enabled bearer , priority 0 [ 158.821161][ T7703] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 158.873866][ T7701] tipc: Resetting bearer [ 158.922552][ T7700] tipc: Disabling bearer [ 159.382380][ T5906] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 159.585923][ T5906] usb 2-1: Using ep0 maxpacket: 8 [ 159.613306][ T5906] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 159.642943][ T5906] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 159.680398][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 159.705366][ T7721] netlink: 28 bytes leftover after parsing attributes in process `syz.0.749'. [ 159.714509][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 159.744915][ T5906] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 159.749846][ T7721] netlink: 12 bytes leftover after parsing attributes in process `syz.0.749'. [ 159.758097][ T5907] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 159.798800][ T5906] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 159.808696][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 159.860129][ T5906] usb 2-1: Product: syz [ 159.874761][ T5906] usb 2-1: Manufacturer: syz [ 159.893003][ T5906] usb 2-1: SerialNumber: syz [ 159.931906][ T5907] usb 5-1: Using ep0 maxpacket: 16 [ 159.938549][ T5906] usb 2-1: config 0 descriptor?? [ 159.955031][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 159.984524][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 160.029269][ T5907] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 160.060019][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.091871][ T5907] usb 5-1: Product: syz [ 160.101966][ T5907] usb 5-1: Manufacturer: syz [ 160.116874][ T5907] usb 5-1: SerialNumber: syz [ 160.153262][ T5907] usb 5-1: config 0 descriptor?? [ 160.164721][ T5906] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 160.192175][ T5906] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 160.208479][ T5907] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 160.232013][ T5907] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 160.365297][ T5906] radio-si470x 2-1:0.0: software version 0, hardware version 0 [ 160.374466][ T5906] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 160.401838][ T5906] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 160.537293][ T7737] netlink: 'syz.3.750': attribute type 2 has an invalid length. [ 160.566104][ T5906] radio-si470x 2-1:0.0: submitting int urb failed (-90) [ 160.636401][ T7737] : entered promiscuous mode [ 160.909568][ T5907] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 160.922876][ T5907] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 161.535828][ T5907] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 161.709333][ T5906] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 161.725827][ T5906] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 161.772200][ T5906] usb 2-1: USB disconnect, device number 4 [ 161.840068][ T7749] trusted_key: syz.0.759 sent an empty control message without MSG_MORE. [ 162.185825][ T5907] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 162.192655][ T5907] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 162.217247][ T5907] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 162.245590][ T5907] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 162.266741][ T5907] usb 5-1: USB disconnect, device number 8 [ 162.583458][ T7757] kvm: kvm [7756]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 162.598047][ T7757] kvm: kvm [7756]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 162.644891][ T7757] kvm: kvm [7756]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800 [ 163.671956][ T7779] loop3: detected capacity change from 0 to 7 [ 163.707892][ T7779] Dev loop3: unable to read RDB block 7 [ 163.740060][ T7779] loop3: unable to read partition table [ 163.759929][ T7779] loop3: partition table beyond EOD, truncated [ 163.776554][ T7779] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 165.003950][ T7802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.773'. [ 165.122164][ T7807] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 165.251951][ T5921] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 165.401861][ T5921] usb 1-1: Using ep0 maxpacket: 16 [ 165.410381][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 165.421629][ T5921] usb 1-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 165.446377][ T5921] usb 1-1: config 0 interface 0 has no altsetting 0 [ 165.453642][ T5921] usb 1-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 165.464558][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.559394][ T5921] usb 1-1: config 0 descriptor?? [ 166.002781][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: unknown main item tag 0x0 [ 166.026309][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: unknown main item tag 0x0 [ 166.052331][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: unknown main item tag 0x0 [ 166.072301][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: unknown main item tag 0x0 [ 166.091887][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: unknown main item tag 0x0 [ 166.144815][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: hidraw0: USB HID v4.06 Device [HID 10c4:8acf] on usb-dummy_hcd.0-1/input0 [ 166.194952][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: U2F Zero LED initialised [ 166.231993][ T5921] hid-u2fzero 0003:10C4:8ACF.0004: U2F Zero RNG initialised [ 166.270210][ T5921] usb 1-1: USB disconnect, device number 4 [ 167.106037][ T7838] syzkaller0: entered promiscuous mode [ 167.111589][ T7838] syzkaller0: entered allmulticast mode [ 167.240070][ T7840] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 167.283079][ T7840] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 167.833483][ T5921] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 168.016590][ T5921] usb 2-1: Using ep0 maxpacket: 32 [ 168.044264][ T5921] usb 2-1: config 0 has an invalid interface number: 72 but max is 0 [ 168.061821][ T5921] usb 2-1: config 0 has no interface number 0 [ 168.071828][ T5921] usb 2-1: config 0 interface 72 has no altsetting 0 [ 168.092242][ T5921] usb 2-1: New USB device found, idVendor=6069, idProduct=0f39, bcdDevice=e8.f9 [ 168.111945][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.120012][ T5921] usb 2-1: Product: syz [ 168.141793][ T5921] usb 2-1: Manufacturer: syz [ 168.162953][ T5921] usb 2-1: SerialNumber: syz [ 168.202361][ T5921] usb 2-1: config 0 descriptor?? [ 168.240873][ T7859] 8021q: adding VLAN 0 to HW filter on device bond1 [ 168.424590][ T5921] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 168.433585][ T5921] usb 2-1: MIDIStreaming interface descriptor not found [ 168.488912][ T5921] usb 2-1: USB disconnect, device number 5 [ 168.627204][ T7878] binder_alloc: 7876: binder_alloc_buf, no vma [ 168.645252][ T7877] udevd[7877]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.72/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 169.126949][ T7885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.815'. [ 169.353280][ T7896] binder_alloc: 7895: binder_alloc_buf, no vma [ 170.507548][ T7922] binder_alloc: 7921: binder_alloc_buf, no vma [ 170.545564][ T7924] netlink: 16 bytes leftover after parsing attributes in process `syz.4.831'. [ 170.763830][ T7934] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 170.893928][ T7938] netlink: 388 bytes leftover after parsing attributes in process `syz.4.838'. [ 171.274657][ T7953] netlink: 8 bytes leftover after parsing attributes in process `syz.1.845'. [ 171.411349][ T7958] tipc: Enabling of bearer rejected, failed to enable media [ 171.778343][ T7955] netlink: 'syz.0.842': attribute type 10 has an invalid length. [ 171.900165][ T7955] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 172.493267][ T7968] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 173.091962][ T856] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 173.281343][ T856] usb 5-1: Using ep0 maxpacket: 32 [ 173.294870][ T856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.312281][ T856] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.341829][ T856] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 173.367458][ T856] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.397800][ T856] usb 5-1: config 0 descriptor?? [ 173.746608][ T7998] [U]  [ 173.749683][ T7998] [U] K{ [ 173.753661][ T7998] [U] T 1ŠFFˊ`GJǘGO/MC [ 173.763443][ T7998] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 173.781200][ T7998] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 173.794187][ T7998] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 174.076419][ T7998] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 174.133639][ T7998] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 174.148601][ T8004] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 174.180632][ T7998] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 174.226368][ T7998] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 174.493761][ T7998] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 174.583984][ T856] ft260 0003:0403:6030.0005: unknown main item tag 0x7 [ 174.612771][ T7998] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 174.670933][ T7998] [U] 22Ʃ۩X?0;3U [ 174.677147][ T7998] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 174.708669][ T7998] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 174.730352][ T7998] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 174.749942][ T856] ft260 0003:0403:6030.0005: failed to retrieve chip version [ 174.757735][ T856] ft260 0003:0403:6030.0005: probe with driver ft260 failed with error -5 [ 174.809693][ T7998] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 174.816482][ T7998] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 174.839322][ T7998] [U] EC [ 174.845837][ T7998] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 174.883598][ T7998] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 175.151971][ T5906] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 175.411878][ T5906] usb 2-1: Using ep0 maxpacket: 32 [ 175.450401][ T5906] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 175.459210][ T5906] usb 2-1: config 0 has no interface number 0 [ 175.466041][ T5906] usb 2-1: config 0 interface 184 has no altsetting 0 [ 175.494789][ T5906] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 175.504256][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.518917][ T5906] usb 2-1: Product: syz [ 175.531879][ T5906] usb 2-1: Manufacturer: syz [ 175.536680][ T5906] usb 2-1: SerialNumber: syz [ 175.554513][ T5906] usb 2-1: config 0 descriptor?? [ 175.582703][ T5906] smsc75xx v1.0.0 [ 175.586420][ T5906] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 175.607965][ T5906] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -22 [ 175.793282][ T5906] usb 2-1: USB disconnect, device number 6 [ 176.181914][ T43] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 176.185446][ T5893] usb 5-1: USB disconnect, device number 9 [ 176.353939][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 176.390806][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 176.424463][ T43] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 176.453884][ T43] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 176.487138][ T43] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 176.501823][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.515117][ T43] usb 4-1: Product: syz [ 176.525549][ T43] usb 4-1: Manufacturer: syz [ 176.530223][ T43] usb 4-1: SerialNumber: syz [ 176.641661][ T8022] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 177.423478][ T5893] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 177.435948][ T8022] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 177.452113][ T8022] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 177.636907][ T5893] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 177.960349][ T5893] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.980355][ T5893] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 177.999785][ T5893] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.023780][ T5893] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 178.072023][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 178.075610][ T8022] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 178.080082][ T5893] usb 5-1: Product: syz [ 178.088647][ T8022] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 178.141907][ T5893] usb 5-1: Manufacturer: syz [ 178.153586][ T5893] cdc_wdm 5-1:1.0: skipping garbage [ 178.191278][ T5893] cdc_wdm 5-1:1.0: skipping garbage [ 178.197175][ T5893] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 178.353836][ T43] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 178.357298][ T5893] usb 5-1: USB disconnect, device number 10 [ 178.360541][ T43] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 178.394453][ T43] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 178.572496][ T43] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 178.607400][ T43] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 178.720679][ T43] usb 4-1: USB disconnect, device number 7 [ 178.762486][ T43] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 178.968190][ T8054] binder_alloc: 8053: binder_alloc_buf, no vma [ 179.263308][ T8063] syzkaller0: entered promiscuous mode [ 179.301886][ T8063] syzkaller0: entered allmulticast mode [ 179.982773][ T8079] netlink: 36 bytes leftover after parsing attributes in process `syz.1.882'. [ 182.039627][ T8101] netlink: 28 bytes leftover after parsing attributes in process `syz.2.894'. [ 182.250291][ T8108] syzkaller0: entered promiscuous mode [ 182.264316][ T8108] syzkaller0: entered allmulticast mode [ 182.490201][ T8120] netlink: 388 bytes leftover after parsing attributes in process `syz.4.903'. [ 182.857336][ T8128] netlink: 28 bytes leftover after parsing attributes in process `syz.0.907'. [ 182.911902][ T5921] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 183.104810][ T5921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.117858][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 183.141500][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64 [ 183.164810][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 183.196438][ T5921] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 183.205997][ T5921] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 183.224993][ T5921] usb 5-1: Manufacturer: syz [ 183.252409][ T5921] usb 5-1: config 0 descriptor?? [ 183.509773][ T30] audit: type=1326 audit(1760386117.446:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8136 comm="syz.1.909" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6c2338eec9 code=0x0 [ 184.052090][ T8142] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 184.058921][ T8142] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 184.142364][ T8142] vhci_hcd vhci_hcd.0: Device attached [ 184.247382][ T5921] rc_core: IR keymap rc-hauppauge not found [ 184.272038][ T5921] Registered IR keymap rc-empty [ 184.285033][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.364235][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.371616][ T8143] vhci_hcd: connection closed [ 184.373834][ T7502] vhci_hcd: stop threads [ 184.431884][ T5893] usb 35-1: new high-speed USB device number 2 using vhci_hcd [ 184.445668][ T5921] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 184.463958][ T7502] vhci_hcd: release socket [ 184.490261][ T7502] vhci_hcd: disconnect device [ 184.540049][ T5921] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input7 [ 184.595126][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.662185][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.703733][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.760920][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.792416][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.864246][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.884474][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.902151][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 184.981809][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 185.018503][ T5921] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 185.031663][ T8165] netlink: 28 bytes leftover after parsing attributes in process `syz.3.918'. [ 185.084694][ T5921] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 185.115893][ T5921] mceusb 5-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active) [ 185.185138][ T5921] usb 5-1: USB disconnect, device number 11 [ 185.730693][ T8185] syzkaller0: entered promiscuous mode [ 185.738130][ T8185] syzkaller0: entered allmulticast mode [ 185.756608][ T8184] ================================================================== [ 185.764761][ T8184] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 185.773236][ T8184] Read of size 8 at addr ffff8880305634f8 by task syz.4.928/8184 [ 185.780979][ T8184] [ 185.783356][ T8184] CPU: 0 UID: 0 PID: 8184 Comm: syz.4.928 Not tainted syzkaller #0 PREEMPT(full) [ 185.783383][ T8184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 185.783409][ T8184] Call Trace: [ 185.783418][ T8184] [ 185.783427][ T8184] dump_stack_lvl+0x189/0x250 [ 185.783459][ T8184] ? __kasan_check_byte+0x12/0x40 [ 185.783488][ T8184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.783510][ T8184] ? lock_release+0x4b/0x3e0 [ 185.783542][ T8184] ? __virt_addr_valid+0x4a5/0x5c0 [ 185.783566][ T8184] print_report+0xca/0x240 [ 185.783592][ T8184] ? change_page_attr_set_clr+0x625/0xfc0 [ 185.783619][ T8184] kasan_report+0x118/0x150 [ 185.783646][ T8184] ? change_page_attr_set_clr+0x625/0xfc0 [ 185.783679][ T8184] change_page_attr_set_clr+0x625/0xfc0 [ 185.783711][ T8184] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 185.783740][ T8184] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 185.783764][ T8184] ? memtype_reserve+0x874/0xb30 [ 185.783790][ T8184] ? __pfx___ww_mutex_lock+0x10/0x10 [ 185.783814][ T8184] _set_pages_array+0x145/0x270 [ 185.783848][ T8184] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 185.783882][ T8184] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 185.783917][ T8184] ? ww_mutex_lock+0x3f/0x1c0 [ 185.783939][ T8184] drm_gem_shmem_mmap+0x193/0x460 [ 185.783960][ T8184] drm_gem_mmap_obj+0x18a/0x4e0 [ 185.783986][ T8184] drm_gem_mmap+0x384/0x640 [ 185.784012][ T8184] ? __pfx_drm_gem_mmap+0x10/0x10 [ 185.784037][ T8184] ? __mas_set_range+0x12f/0x3c0 [ 185.784070][ T8184] mmap_region+0x18b4/0x2110 [ 185.784119][ T8184] ? __pfx_mmap_region+0x10/0x10 [ 185.784149][ T8184] ? __schedule+0x17ae/0x4cc0 [ 185.784192][ T8184] ? __pfx_css_rstat_updated+0x10/0x10 [ 185.784247][ T8184] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 185.784287][ T8184] ? bpf_lsm_mmap_addr+0x9/0x20 [ 185.784317][ T8184] ? security_mmap_addr+0x71/0x270 [ 185.784350][ T8184] ? shmem_mapping+0xd/0x50 [ 185.784379][ T8184] ? memfd_check_seals_mmap+0xc5/0x200 [ 185.784411][ T8184] do_mmap+0xc45/0x10d0 [ 185.784437][ T8184] ? __pfx_do_mmap+0x10/0x10 [ 185.784454][ T8184] ? down_write_killable+0x178/0x230 [ 185.784481][ T8184] ? __pfx_down_write_killable+0x10/0x10 [ 185.784506][ T8184] ? common_file_perm+0x1b5/0x230 [ 185.784532][ T8184] vm_mmap_pgoff+0x2a6/0x4d0 [ 185.784568][ T8184] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 185.784600][ T8184] ? __fget_files+0x2a/0x420 [ 185.784627][ T8184] ? __fget_files+0x2a/0x420 [ 185.784653][ T8184] ? __fget_files+0x2a/0x420 [ 185.784681][ T8184] ksys_mmap_pgoff+0x51f/0x760 [ 185.784705][ T8184] do_syscall_64+0xfa/0xfa0 [ 185.784725][ T8184] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.784745][ T8184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.784766][ T8184] ? clear_bhb_loop+0x60/0xb0 [ 185.784790][ T8184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.784811][ T8184] RIP: 0033:0x7f2074d8eec9 [ 185.784843][ T8184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.784862][ T8184] RSP: 002b:00007f2075c58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 185.784893][ T8184] RAX: ffffffffffffffda RBX: 00007f2074fe5fa0 RCX: 00007f2074d8eec9 [ 185.784910][ T8184] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 185.784924][ T8184] RBP: 00007f2074e11f91 R08: 0000000000000005 R09: 0000000100000000 [ 185.784938][ T8184] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 185.784951][ T8184] R13: 00007f2074fe6038 R14: 00007f2074fe5fa0 R15: 00007f207510fa28 [ 185.784977][ T8184] [ 185.784985][ T8184] [ 185.864950][ T8185] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 185.867784][ T8184] Allocated by task 8184: [ 185.867798][ T8184] kasan_save_track+0x3e/0x80 [ 185.867826][ T8184] __kasan_kmalloc+0x93/0xb0 [ 186.155235][ T8184] __kvmalloc_node_noprof+0x5cd/0x910 [ 186.160688][ T8184] drm_gem_get_pages+0x166/0xa20 [ 186.165640][ T8184] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 186.171724][ T8184] drm_gem_shmem_mmap+0x193/0x460 [ 186.176760][ T8184] drm_gem_mmap_obj+0x18a/0x4e0 [ 186.181647][ T8184] drm_gem_mmap+0x384/0x640 [ 186.186164][ T8184] mmap_region+0x18b4/0x2110 [ 186.190769][ T8184] do_mmap+0xc45/0x10d0 [ 186.194929][ T8184] vm_mmap_pgoff+0x2a6/0x4d0 [ 186.199533][ T8184] ksys_mmap_pgoff+0x51f/0x760 [ 186.204303][ T8184] do_syscall_64+0xfa/0xfa0 [ 186.208816][ T8184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.214742][ T8184] [ 186.217078][ T8184] The buggy address belongs to the object at ffff888030563400 [ 186.217078][ T8184] which belongs to the cache kmalloc-256 of size 256 [ 186.231136][ T8184] The buggy address is located 0 bytes to the right of [ 186.231136][ T8184] allocated 248-byte region [ffff888030563400, ffff8880305634f8) [ 186.245635][ T8184] [ 186.247973][ T8184] The buggy address belongs to the physical page: [ 186.254402][ T8184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30562 [ 186.263173][ T8184] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 186.271677][ T8184] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 186.279669][ T8184] page_type: f5(slab) [ 186.283659][ T8184] raw: 00fff00000000040 ffff88813ffa6b40 ffffea0000c6dc80 dead000000000005 [ 186.292285][ T8184] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 186.300895][ T8184] head: 00fff00000000040 ffff88813ffa6b40 ffffea0000c6dc80 dead000000000005 [ 186.309585][ T8184] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 186.318270][ T8184] head: 00fff00000000001 ffffea0000c15881 00000000ffffffff 00000000ffffffff [ 186.326968][ T8184] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 186.335675][ T8184] page dumped because: kasan: bad access detected [ 186.342188][ T8184] page_owner tracks the page as allocated [ 186.347987][ T8184] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5848, tgid 5848 (syz-executor), ts 95516069904, free_ts 95305302072 [ 186.369365][ T8184] post_alloc_hook+0x240/0x2a0 [ 186.374152][ T8184] get_page_from_freelist+0x2365/0x2440 [ 186.379738][ T8184] __alloc_frozen_pages_noprof+0x181/0x370 [ 186.385562][ T8184] alloc_pages_mpol+0x232/0x4a0 [ 186.390439][ T8184] allocate_slab+0x96/0x3a0 [ 186.394965][ T8184] ___slab_alloc+0xe94/0x18a0 [ 186.399664][ T8184] __slab_alloc+0x65/0x100 [ 186.404104][ T8184] __kmalloc_noprof+0x471/0x7f0 [ 186.409138][ T8184] fib_create_info+0x172d/0x3210 [ 186.414094][ T8184] fib_table_insert+0xc6/0x1b50 [ 186.418954][ T8184] fib_magic+0x2c4/0x390 [ 186.423211][ T8184] fib_add_ifaddr+0x144/0x5f0 [ 186.427899][ T8184] fib_inetaddr_event+0x12e/0x190 [ 186.432935][ T8184] notifier_call_chain+0x1b6/0x3e0 [ 186.438146][ T8184] blocking_notifier_call_chain+0x6a/0x90 [ 186.443899][ T8184] __inet_insert_ifa+0xa13/0xbf0 [ 186.448936][ T8184] page last free pid 5846 tgid 5846 stack trace: [ 186.455265][ T8184] __free_frozen_pages+0xbc4/0xd30 [ 186.460394][ T8184] __put_partials+0x146/0x170 [ 186.465088][ T8184] put_cpu_partial+0x1f2/0x2e0 [ 186.469866][ T8184] __slab_free+0x2b9/0x390 [ 186.474297][ T8184] qlist_free_all+0x97/0x140 [ 186.478895][ T8184] kasan_quarantine_reduce+0x148/0x160 [ 186.484369][ T8184] __kasan_slab_alloc+0x22/0x80 [ 186.489226][ T8184] __kmalloc_noprof+0x3c3/0x7f0 [ 186.494092][ T8184] tomoyo_realpath_from_path+0xe3/0x5d0 [ 186.499646][ T8184] tomoyo_path_number_perm+0x1e8/0x5a0 [ 186.505138][ T8184] security_file_ioctl+0xcb/0x2d0 [ 186.510176][ T8184] __se_sys_ioctl+0x47/0x170 [ 186.514773][ T8184] do_syscall_64+0xfa/0xfa0 [ 186.519292][ T8184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.525216][ T8184] [ 186.527546][ T8184] Memory state around the buggy address: [ 186.533266][ T8184] ffff888030563380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 186.541338][ T8184] ffff888030563400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 186.549412][ T8184] >ffff888030563480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 186.557476][ T8184] ^ [ 186.565473][ T8184] ffff888030563500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 186.573535][ T8184] ffff888030563580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 186.581597][ T8184] ================================================================== [ 186.794866][ T8184] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 186.802128][ T8184] CPU: 1 UID: 0 PID: 8184 Comm: syz.4.928 Not tainted syzkaller #0 PREEMPT(full) [ 186.811356][ T8184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 186.821437][ T8184] Call Trace: [ 186.824749][ T8184] [ 186.827709][ T8184] dump_stack_lvl+0x99/0x250 [ 186.832334][ T8184] ? __asan_memcpy+0x40/0x70 [ 186.836967][ T8184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.842297][ T8184] ? __pfx__printk+0x10/0x10 [ 186.846922][ T8184] vpanic+0x237/0x6d0 [ 186.850947][ T8184] ? __pfx_vpanic+0x10/0x10 [ 186.855489][ T8184] ? preempt_schedule+0xae/0xc0 [ 186.860387][ T8184] ? __pfx_preempt_schedule+0x10/0x10 [ 186.865889][ T8184] panic+0xb9/0xc0 [ 186.869642][ T8184] ? __pfx_panic+0x10/0x10 [ 186.874079][ T8184] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 186.880025][ T8184] ? change_page_attr_set_clr+0x625/0xfc0 [ 186.885766][ T8184] check_panic_on_warn+0x89/0xb0 [ 186.890724][ T8184] ? change_page_attr_set_clr+0x625/0xfc0 [ 186.896459][ T8184] end_report+0x78/0x160 [ 186.900717][ T8184] kasan_report+0x129/0x150 [ 186.905245][ T8184] ? change_page_attr_set_clr+0x625/0xfc0 [ 186.910981][ T8184] change_page_attr_set_clr+0x625/0xfc0 [ 186.916551][ T8184] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 186.922652][ T8184] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 186.928821][ T8184] ? memtype_reserve+0x874/0xb30 [ 186.933801][ T8184] ? __pfx___ww_mutex_lock+0x10/0x10 [ 186.939102][ T8184] _set_pages_array+0x145/0x270 [ 186.943971][ T8184] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 186.950076][ T8184] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 186.956685][ T8184] ? ww_mutex_lock+0x3f/0x1c0 [ 186.961378][ T8184] drm_gem_shmem_mmap+0x193/0x460 [ 186.966412][ T8184] drm_gem_mmap_obj+0x18a/0x4e0 [ 186.971280][ T8184] drm_gem_mmap+0x384/0x640 [ 186.975801][ T8184] ? __pfx_drm_gem_mmap+0x10/0x10 [ 186.980844][ T8184] ? __mas_set_range+0x12f/0x3c0 [ 186.985805][ T8184] mmap_region+0x18b4/0x2110 [ 186.990421][ T8184] ? __pfx_mmap_region+0x10/0x10 [ 186.995376][ T8184] ? __schedule+0x17ae/0x4cc0 [ 187.000077][ T8184] ? __pfx_css_rstat_updated+0x10/0x10 [ 187.005575][ T8184] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 187.012186][ T8184] ? bpf_lsm_mmap_addr+0x9/0x20 [ 187.017050][ T8184] ? security_mmap_addr+0x71/0x270 [ 187.022183][ T8184] ? shmem_mapping+0xd/0x50 [ 187.026705][ T8184] ? memfd_check_seals_mmap+0xc5/0x200 [ 187.032186][ T8184] do_mmap+0xc45/0x10d0 [ 187.036394][ T8184] ? __pfx_do_mmap+0x10/0x10 [ 187.040989][ T8184] ? down_write_killable+0x178/0x230 [ 187.046293][ T8184] ? __pfx_down_write_killable+0x10/0x10 [ 187.051954][ T8184] ? common_file_perm+0x1b5/0x230 [ 187.057022][ T8184] vm_mmap_pgoff+0x2a6/0x4d0 [ 187.061639][ T8184] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 187.066769][ T8184] ? __fget_files+0x2a/0x420 [ 187.071378][ T8184] ? __fget_files+0x2a/0x420 [ 187.075984][ T8184] ? __fget_files+0x2a/0x420 [ 187.080601][ T8184] ksys_mmap_pgoff+0x51f/0x760 [ 187.085379][ T8184] do_syscall_64+0xfa/0xfa0 [ 187.089894][ T8184] ? lockdep_hardirqs_on+0x9c/0x150 [ 187.095102][ T8184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.101179][ T8184] ? clear_bhb_loop+0x60/0xb0 [ 187.105874][ T8184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.111777][ T8184] RIP: 0033:0x7f2074d8eec9 [ 187.116204][ T8184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.135823][ T8184] RSP: 002b:00007f2075c58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 187.144251][ T8184] RAX: ffffffffffffffda RBX: 00007f2074fe5fa0 RCX: 00007f2074d8eec9 [ 187.152244][ T8184] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 187.160253][ T8184] RBP: 00007f2074e11f91 R08: 0000000000000005 R09: 0000000100000000 [ 187.168234][ T8184] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 187.176276][ T8184] R13: 00007f2074fe6038 R14: 00007f2074fe5fa0 R15: 00007f207510fa28 [ 187.184295][ T8184] [ 187.187671][ T8184] Kernel Offset: disabled [ 187.191997][ T8184] Rebooting in 86400 seconds..