last executing test programs: 4.805464929s ago: executing program 0 (id=1): r0 = openat$kvm(0x0, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000010000/0x3000)=nil, r3, 0x2, 0x12, r2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000012000/0x400000)=nil) 4.416471464s ago: executing program 0 (id=5): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x28, 0x2c, 0x1, 0x0, 0x0, "", [@nested={0x18, 0x0, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}, 0x28}], 0x1}, 0x0) 4.341555961s ago: executing program 2 (id=3): mkdir(&(0x7f0000000000)='./file0\x00', 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) lsetxattr$security_evm(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000300), 0x0, 0x0, 0x0) 4.243984794s ago: executing program 0 (id=6): r0 = socket$nl_generic(0x10, 0x3, 0x10) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, r0, 0x0) r1 = socket(0x14, 0x2, 0x4) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x42050004, 0x0, 0x0) 4.114912329s ago: executing program 2 (id=7): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x4, "71d0bb0c"}, @local=@item_4={0x3, 0x2, 0x5, "3268f6cf"}, @global=@item_4={0x3, 0x1, 0x5, "5b9a69ee"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f00000000c0)={0x1, 0x2, 0x0, 0x0, 0x0, 0x200}) 3.642952359s ago: executing program 3 (id=4): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) fcntl$getflags(r0, 0x408) 3.551930649s ago: executing program 0 (id=8): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000040c0), 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f00000000c0)={0x40000000000000c1}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)=ANY=[]) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x7b, 0x0, 0x0) 3.445946801s ago: executing program 3 (id=9): syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040b0b00c9"], 0xe) 3.284063829s ago: executing program 3 (id=10): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x4fc3, 0x80, 0x0, 0x4, 0x8, 0x0, 0x8}, 0xc) bind$bt_l2cap(r0, 0x0, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmmsg(r0, &(0x7f000000a500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f000000aa00)=ANY=[@ANYBLOB="a800000000000000280100000000000000608fc01f65968c8071bb2e9b6582a8bd09c29970074087c8c1e7060cd27732a3f89933bb6dfdd70be82a01ed523f329eb5a927f990d929608ec9ab79a164e5d9caf4c0dd769c1f78343ea97e4dcbc7df76c7bad951e533d9161317324cf8d8c092d39bd203105faee6f4a6fcc8010e1f9b1d7b343a637f00d1e6ef82d5ddab16a460c9e45a773c168c2c20b342913e0987e5000000000040000000000000000901000001000000ed36e72c602d2a562e962f01f4695c053f19e98a11d579accff15a23507e1e949e515e24606b64c928a214719e8b4a001010"], 0x10f8}}], 0x1, 0x800) 3.192773558s ago: executing program 3 (id=11): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) 3.110083274s ago: executing program 0 (id=12): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000004380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) setpgid(r0, 0x0) setpgid(0x0, r0) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) 3.079686265s ago: executing program 3 (id=13): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000200)={0x60, 0x445615043b9e00a3}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000180)={0x40, 0x18, 0x1, "ff"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000700)={0x44, &(0x7f00000003c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.178078983s ago: executing program 0 (id=14): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) chdir(&(0x7f0000000080)='./file1\x00') r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001) 1.541581757s ago: executing program 1 (id=19): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x4fc3, 0x80, 0x0, 0x4, 0x8, 0x0, 0x8}, 0xc) bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f000000a500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f000000aa00)=ANY=[@ANYBLOB="a800000000000000280100000000000000608fc01f65968c8071bb2e9b6582a8bd09c29970074087c8c1e7060cd27732a3f89933bb6dfdd70be82a01ed523f329eb5a927f990d929608ec9ab79a164e5d9caf4c0dd769c1f78343ea97e4dcbc7df76c7bad951e533d9161317324cf8d8c092d39bd203105faee6f4a6fcc8010e1f9b1d7b343a637f00d1e6ef82d5ddab16a460c9e45a773c168c2c20b342913e0987e5000000000040000000000000000901000001000000ed36e72c602d2a562e962f01f4695c053f19e98a11d579accff15a23507e1e949e515e24606b64c928a214719e8b4a001010"], 0x10f8}}], 0x1, 0x800) 1.478036951s ago: executing program 1 (id=20): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58) 1.379875229s ago: executing program 1 (id=21): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000080007"], 0x64}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000880)={0x0}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) 1.364615748s ago: executing program 1 (id=22): r0 = openat$kvm(0x0, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000010000/0x3000)=nil, r3, 0x2, 0x12, r2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000012000/0x400000)=nil) 1.245770012s ago: executing program 1 (id=23): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 999.694262ms ago: executing program 2 (id=24): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x80015b1b, 0x0) 998.664653ms ago: executing program 1 (id=32): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x4, "71d0bb0c"}, @local=@item_4={0x3, 0x2, 0x5, "3268f6cf"}, @global=@item_4={0x3, 0x1, 0x5, "5b9a69ee"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f00000000c0)={0x1, 0x2, 0x0, 0x0, 0x0, 0x200}) 0s ago: executing program 3 (id=25): mkdir(&(0x7f0000000000)='./file0\x00', 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) lsetxattr$security_evm(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000300), 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts. [ 85.679361][ T5847] cgroup: Unknown subsys name 'net' [ 85.798994][ T5847] cgroup: Unknown subsys name 'cpuset' [ 85.808371][ T5847] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.670245][ T5847] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.694198][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.705331][ T5863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.715428][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.724369][ T5863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.735492][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.860657][ T5863] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.869044][ T5863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.891450][ T5863] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.901033][ T5863] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.922908][ T5869] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.932098][ T5869] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.940332][ T5869] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.948651][ T5869] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.958942][ T5869] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.967662][ T5869] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.976430][ T5869] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.984802][ T5869] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.993733][ T5869] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.002702][ T5869] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.015525][ T5869] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.317044][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 91.575708][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.582938][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.590822][ T5860] bridge_slave_0: entered allmulticast mode [ 91.598466][ T5860] bridge_slave_0: entered promiscuous mode [ 91.610346][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.617804][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.625091][ T5860] bridge_slave_1: entered allmulticast mode [ 91.632493][ T5860] bridge_slave_1: entered promiscuous mode [ 91.741710][ T5864] chnl_net:caif_netlink_parms(): no params data found [ 91.772782][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.782837][ T5867] chnl_net:caif_netlink_parms(): no params data found [ 91.817162][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.913964][ T5860] team0: Port device team_slave_0 added [ 91.959287][ T5860] team0: Port device team_slave_1 added [ 91.968039][ T9] cfg80211: failed to load regulatory.db [ 91.999672][ T5870] chnl_net:caif_netlink_parms(): no params data found [ 92.079286][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.086562][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.113075][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.144155][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.151570][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.159109][ T5864] bridge_slave_0: entered allmulticast mode [ 92.167027][ T5864] bridge_slave_0: entered promiscuous mode [ 92.175335][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.182399][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.208688][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.239339][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.246677][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.253857][ T5864] bridge_slave_1: entered allmulticast mode [ 92.261423][ T5864] bridge_slave_1: entered promiscuous mode [ 92.313701][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.321066][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.329233][ T5867] bridge_slave_0: entered allmulticast mode [ 92.336899][ T5867] bridge_slave_0: entered promiscuous mode [ 92.351932][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.359204][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.366958][ T5867] bridge_slave_1: entered allmulticast mode [ 92.374238][ T5867] bridge_slave_1: entered promiscuous mode [ 92.397186][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.466603][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.481396][ T5860] hsr_slave_0: entered promiscuous mode [ 92.488909][ T5860] hsr_slave_1: entered promiscuous mode [ 92.551195][ T5870] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.558755][ T5870] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.566469][ T5870] bridge_slave_0: entered allmulticast mode [ 92.574355][ T5870] bridge_slave_0: entered promiscuous mode [ 92.584443][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.609113][ T5864] team0: Port device team_slave_0 added [ 92.615691][ T5870] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.622870][ T5870] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.630760][ T5870] bridge_slave_1: entered allmulticast mode [ 92.638059][ T5870] bridge_slave_1: entered promiscuous mode [ 92.662543][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.673749][ T5864] team0: Port device team_slave_1 added [ 92.743116][ T5870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.765724][ T5180] Bluetooth: hci0: command tx timeout [ 92.795587][ T5870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.807292][ T5867] team0: Port device team_slave_0 added [ 92.813933][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.821279][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.847603][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.860931][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.868018][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.894293][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.925674][ T5867] team0: Port device team_slave_1 added [ 92.993902][ T5870] team0: Port device team_slave_0 added [ 93.002657][ T5870] team0: Port device team_slave_1 added [ 93.009548][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.017397][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.043849][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.057392][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.064502][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.090689][ T5869] Bluetooth: hci1: command tx timeout [ 93.090699][ T52] Bluetooth: hci3: command tx timeout [ 93.091158][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.096957][ T5180] Bluetooth: hci2: command tx timeout [ 93.213398][ T5864] hsr_slave_0: entered promiscuous mode [ 93.220507][ T5864] hsr_slave_1: entered promiscuous mode [ 93.227728][ T5864] debugfs: 'hsr0' already exists in 'hsr' [ 93.233593][ T5864] Cannot create hsr debugfs directory [ 93.240133][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.247437][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.273634][ T5870] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.320444][ T5870] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.327845][ T5870] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.354411][ T5870] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.427841][ T5867] hsr_slave_0: entered promiscuous mode [ 93.434290][ T5867] hsr_slave_1: entered promiscuous mode [ 93.441077][ T5867] debugfs: 'hsr0' already exists in 'hsr' [ 93.447118][ T5867] Cannot create hsr debugfs directory [ 93.598016][ T5870] hsr_slave_0: entered promiscuous mode [ 93.604506][ T5870] hsr_slave_1: entered promiscuous mode [ 93.611647][ T5870] debugfs: 'hsr0' already exists in 'hsr' [ 93.618415][ T5870] Cannot create hsr debugfs directory [ 93.702703][ T5860] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.737463][ T5860] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.781629][ T5860] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.812199][ T5860] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.990349][ T5864] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.001835][ T5864] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.025279][ T5864] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.058123][ T5864] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.121037][ T5867] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.149116][ T5867] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.161533][ T5867] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.176926][ T5867] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.296344][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.303542][ T5870] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.317805][ T5870] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.330035][ T5870] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.364371][ T5870] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.381422][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.436657][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.444060][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.459085][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.466292][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.539079][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.608752][ T5864] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.657514][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.664802][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.687329][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.709498][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.716735][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.770726][ T5867] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.817950][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.825192][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.845671][ T5180] Bluetooth: hci0: command tx timeout [ 94.875874][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.883072][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.904750][ T5870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.993993][ T5870] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.047183][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.054362][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.082180][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.096050][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.103231][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.165914][ T5180] Bluetooth: hci2: command tx timeout [ 95.171395][ T5180] Bluetooth: hci3: command tx timeout [ 95.180442][ T5869] Bluetooth: hci1: command tx timeout [ 95.313255][ T5870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.359220][ T5860] veth0_vlan: entered promiscuous mode [ 95.382022][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.401748][ T5860] veth1_vlan: entered promiscuous mode [ 95.522738][ T5860] veth0_macvtap: entered promiscuous mode [ 95.539916][ T5860] veth1_macvtap: entered promiscuous mode [ 95.574186][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.617056][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.632388][ T5864] veth0_vlan: entered promiscuous mode [ 95.660474][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.707771][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.737945][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.747820][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.757274][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.773270][ T5864] veth1_vlan: entered promiscuous mode [ 95.798995][ T5867] veth0_vlan: entered promiscuous mode [ 95.841170][ T5867] veth1_vlan: entered promiscuous mode [ 95.853443][ T5870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.909310][ T5864] veth0_macvtap: entered promiscuous mode [ 95.934821][ T5864] veth1_macvtap: entered promiscuous mode [ 95.953222][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.964416][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.032231][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.040044][ T1312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.052589][ T1312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.073047][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.089444][ T5867] veth0_macvtap: entered promiscuous mode [ 96.098850][ T5870] veth0_vlan: entered promiscuous mode [ 96.113767][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.128090][ T5867] veth1_macvtap: entered promiscuous mode [ 96.145867][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.166579][ T5870] veth1_vlan: entered promiscuous mode [ 96.174405][ T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.184041][ T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.224075][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.226873][ T5860] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.252458][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.326357][ T60] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.345739][ T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.354515][ T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.378565][ T5947] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 96.407650][ T60] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.420014][ T1312] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.442043][ T1312] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.510261][ T5870] veth0_macvtap: entered promiscuous mode [ 96.522191][ T5870] veth1_macvtap: entered promiscuous mode [ 96.547468][ T1312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.557835][ T1312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.614004][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.635914][ T5870] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.701511][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.759920][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.786670][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.810139][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.840321][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.868250][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.925592][ T5180] Bluetooth: hci0: command tx timeout [ 97.049399][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.065852][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.160282][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.183956][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.246627][ T5180] Bluetooth: hci2: command tx timeout [ 97.255279][ T5180] Bluetooth: hci3: command tx timeout [ 97.260739][ T5180] Bluetooth: hci1: command tx timeout [ 97.310136][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.320466][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.366682][ T908] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 97.555134][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.562724][ T908] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 97.586858][ T908] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 97.611320][ T908] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 97.640750][ T908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.694069][ T908] usb 3-1: config 0 descriptor?? [ 97.725171][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 97.738074][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 97.775755][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 97.785835][ T908] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 97.824364][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 97.862740][ T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 97.882390][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 97.906998][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.177529][ T10] usb 2-1: GET_CAPABILITIES returned 0 [ 98.183443][ T10] usbtmc 2-1:16.0: can't read capabilities [ 98.335289][ T5909] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 98.391967][ T981] usb 2-1: USB disconnect, device number 2 [ 98.485084][ T5909] usb 4-1: Using ep0 maxpacket: 16 [ 98.491927][ T5909] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 98.503827][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 98.519527][ T5909] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 98.532931][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.541162][ T5909] usb 4-1: Product: syz [ 98.545902][ T5909] usb 4-1: Manufacturer: syz [ 98.550555][ T5909] usb 4-1: SerialNumber: syz [ 98.558462][ T5909] usb 4-1: config 0 descriptor?? [ 98.569425][ T5909] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 98.579709][ T5909] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 99.005452][ T5180] Bluetooth: hci0: command tx timeout [ 99.173250][ T5909] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 99.196564][ T5909] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 99.325392][ T5869] Bluetooth: hci3: command tx timeout [ 99.326071][ T52] Bluetooth: hci2: command tx timeout [ 99.331172][ T5180] Bluetooth: hci1: command tx timeout [ 99.411076][ T5909] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 99.418590][ T5909] em28xx 4-1:0.0: No AC97 audio processor [ 99.703627][ T5996] Zero length message leads to an empty skb [ 100.092033][ T5868] usb 3-1: USB disconnect, device number 2 [ 100.395117][ T981] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 100.455177][ T5868] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 100.548002][ T981] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 100.558864][ T981] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 100.572210][ T981] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 100.581374][ T981] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.592157][ T981] usb 2-1: config 0 descriptor?? [ 100.602558][ T981] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 100.612782][ T5868] usb 3-1: Using ep0 maxpacket: 8 [ 100.623579][ T5868] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 100.635023][ T5868] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 100.645486][ T5868] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 100.655506][ T5868] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 100.668885][ T5868] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 100.678198][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.901525][ T5868] usb 3-1: GET_CAPABILITIES returned 0 [ 100.908239][ T5868] usbtmc 3-1:16.0: can't read capabilities [ 101.084369][ T5908] usb 4-1: USB disconnect, device number 2 [ 101.117101][ T5908] em28xx 4-1:0.0: Disconnecting em28xx [ 101.139279][ T5908] ================================================================== [ 101.147418][ T5908] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0 [ 101.155813][ T5908] Read of size 4 at addr ffff888079b3c4f0 by task kworker/1:3/5908 [ 101.163823][ T5908] [ 101.166199][ T5908] CPU: 1 UID: 0 PID: 5908 Comm: kworker/1:3 Not tainted syzkaller #0 PREEMPT(full) [ 101.166225][ T5908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 101.166239][ T5908] Workqueue: usb_hub_wq hub_event [ 101.166273][ T5908] Call Trace: [ 101.166281][ T5908] [ 101.166290][ T5908] dump_stack_lvl+0x189/0x250 [ 101.166324][ T5908] ? rcu_is_watching+0x15/0xb0 [ 101.166348][ T5908] ? __kasan_check_byte+0x12/0x40 [ 101.166371][ T5908] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.166400][ T5908] ? rcu_is_watching+0x15/0xb0 [ 101.166424][ T5908] ? lock_release+0x4b/0x3e0 [ 101.166445][ T5908] ? __virt_addr_valid+0x1c8/0x5c0 [ 101.166473][ T5908] ? __virt_addr_valid+0x4a5/0x5c0 [ 101.166503][ T5908] print_report+0xca/0x240 [ 101.166522][ T5908] ? media_devnode_unregister+0xe2/0xf0 [ 101.166547][ T5908] kasan_report+0x118/0x150 [ 101.166569][ T5908] ? media_devnode_unregister+0xe2/0xf0 [ 101.166598][ T5908] media_devnode_unregister+0xe2/0xf0 [ 101.166622][ T5908] media_device_unregister+0x37c/0x400 [ 101.166646][ T5908] ? em28xx_audio_fini+0x59/0x1b0 [ 101.166670][ T5908] em28xx_release_resources+0xac/0x240 [ 101.166700][ T5908] em28xx_usb_disconnect+0x19f/0x2f0 [ 101.166729][ T5908] usb_unbind_interface+0x26e/0x910 [ 101.166756][ T5908] ? __pfx_usb_unbind_interface+0x10/0x10 [ 101.166789][ T5908] device_release_driver_internal+0x4d6/0x800 [ 101.166818][ T5908] bus_remove_device+0x34d/0x410 [ 101.166853][ T5908] device_del+0x511/0x8e0 [ 101.166879][ T5908] ? __pfx_device_del+0x10/0x10 [ 101.166900][ T5908] ? kobject_put+0x446/0x480 [ 101.166936][ T5908] usb_disable_device+0x3e9/0x8a0 [ 101.166961][ T5908] usb_disconnect+0x330/0x950 [ 101.166995][ T5908] hub_event+0x1cf5/0x4a20 [ 101.167015][ T5908] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 101.167055][ T5908] ? do_raw_spin_lock+0x121/0x290 [ 101.167085][ T5908] ? register_lock_class+0x51/0x320 [ 101.167114][ T5908] ? __pfx_hub_event+0x10/0x10 [ 101.167134][ T5908] ? process_scheduled_works+0x9ef/0x17b0 [ 101.167161][ T5908] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.167187][ T5908] ? process_scheduled_works+0x9ef/0x17b0 [ 101.167209][ T5908] ? process_scheduled_works+0x9ef/0x17b0 [ 101.167234][ T5908] process_scheduled_works+0xae1/0x17b0 [ 101.167273][ T5908] ? __pfx_process_scheduled_works+0x10/0x10 [ 101.167305][ T5908] worker_thread+0x8a0/0xda0 [ 101.167330][ T5908] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 101.167371][ T5908] ? __kthread_parkme+0x7b/0x200 [ 101.167400][ T5908] kthread+0x711/0x8a0 [ 101.167429][ T5908] ? __pfx_worker_thread+0x10/0x10 [ 101.167450][ T5908] ? __pfx_kthread+0x10/0x10 [ 101.167478][ T5908] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.167502][ T5908] ? lockdep_hardirqs_on+0x9c/0x150 [ 101.167527][ T5908] ? __pfx_kthread+0x10/0x10 [ 101.167554][ T5908] ret_from_fork+0x47c/0x820 [ 101.167577][ T5908] ? __pfx_ret_from_fork+0x10/0x10 [ 101.167602][ T5908] ? __switch_to_asm+0x39/0x70 [ 101.167622][ T5908] ? __switch_to_asm+0x33/0x70 [ 101.167641][ T5908] ? __pfx_kthread+0x10/0x10 [ 101.167668][ T5908] ret_from_fork_asm+0x1a/0x30 [ 101.167695][ T5908] [ 101.167702][ T5908] [ 101.190490][ T5868] usb 3-1: USB disconnect, device number 3 [ 101.192189][ T5908] Allocated by task 5909: [ 101.476879][ T5908] kasan_save_track+0x3e/0x80 [ 101.481570][ T5908] __kasan_kmalloc+0x93/0xb0 [ 101.486164][ T5908] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 101.491547][ T5908] __media_device_register+0x58/0x280 [ 101.496928][ T5908] em28xx_usb_probe+0x1764/0x2a20 [ 101.501969][ T5908] usb_probe_interface+0x665/0xc30 [ 101.507097][ T5908] really_probe+0x26a/0x9e0 [ 101.511616][ T5908] __driver_probe_device+0x18c/0x2f0 [ 101.516913][ T5908] driver_probe_device+0x4f/0x430 [ 101.521944][ T5908] __device_attach_driver+0x2ce/0x530 [ 101.527324][ T5908] bus_for_each_drv+0x251/0x2e0 [ 101.532186][ T5908] __device_attach+0x2b8/0x400 [ 101.536954][ T5908] bus_probe_device+0x185/0x260 [ 101.541839][ T5908] device_add+0x7b6/0xb50 [ 101.546208][ T5908] usb_set_configuration+0x1a87/0x20e0 [ 101.551682][ T5908] usb_generic_driver_probe+0x8d/0x150 [ 101.557149][ T5908] usb_probe_device+0x1c1/0x390 [ 101.562012][ T5908] really_probe+0x26a/0x9e0 [ 101.566532][ T5908] __driver_probe_device+0x18c/0x2f0 [ 101.571834][ T5908] driver_probe_device+0x4f/0x430 [ 101.576870][ T5908] __device_attach_driver+0x2ce/0x530 [ 101.582253][ T5908] bus_for_each_drv+0x251/0x2e0 [ 101.587123][ T5908] __device_attach+0x2b8/0x400 [ 101.591895][ T5908] bus_probe_device+0x185/0x260 [ 101.596791][ T5908] device_add+0x7b6/0xb50 [ 101.601147][ T5908] usb_new_device+0xa39/0x16f0 [ 101.605923][ T5908] hub_event+0x2958/0x4a20 [ 101.610341][ T5908] process_scheduled_works+0xae1/0x17b0 [ 101.615899][ T5908] worker_thread+0x8a0/0xda0 [ 101.620499][ T5908] kthread+0x711/0x8a0 [ 101.624574][ T5908] ret_from_fork+0x47c/0x820 [ 101.629170][ T5908] ret_from_fork_asm+0x1a/0x30 [ 101.633943][ T5908] [ 101.636271][ T5908] Freed by task 5908: [ 101.640257][ T5908] kasan_save_track+0x3e/0x80 [ 101.644956][ T5908] __kasan_save_free_info+0x46/0x50 [ 101.650188][ T5908] __kasan_slab_free+0x5b/0x80 [ 101.654975][ T5908] kfree+0x199/0x6d0 [ 101.658894][ T5908] media_devnode_release+0x61/0xa0 [ 101.664132][ T5908] device_release+0x9c/0x1c0 [ 101.668740][ T5908] kobject_put+0x228/0x480 [ 101.673172][ T5908] media_devnode_unregister+0x6d/0xf0 [ 101.678549][ T5908] media_device_unregister+0x37c/0x400 [ 101.684013][ T5908] em28xx_release_resources+0xac/0x240 [ 101.689481][ T5908] em28xx_usb_disconnect+0x19f/0x2f0 [ 101.694779][ T5908] usb_unbind_interface+0x26e/0x910 [ 101.700068][ T5908] device_release_driver_internal+0x4d6/0x800 [ 101.706163][ T5908] bus_remove_device+0x34d/0x410 [ 101.711115][ T5908] device_del+0x511/0x8e0 [ 101.715443][ T5908] usb_disable_device+0x3e9/0x8a0 [ 101.720468][ T5908] usb_disconnect+0x330/0x950 [ 101.725243][ T5908] hub_event+0x1cf5/0x4a20 [ 101.729675][ T5908] process_scheduled_works+0xae1/0x17b0 [ 101.735252][ T5908] worker_thread+0x8a0/0xda0 [ 101.739943][ T5908] kthread+0x711/0x8a0 [ 101.744023][ T5908] ret_from_fork+0x47c/0x820 [ 101.748714][ T5908] ret_from_fork_asm+0x1a/0x30 [ 101.753501][ T5908] [ 101.755829][ T5908] The buggy address belongs to the object at ffff888079b3c000 [ 101.755829][ T5908] which belongs to the cache kmalloc-2k of size 2048 [ 101.769887][ T5908] The buggy address is located 1264 bytes inside of [ 101.769887][ T5908] freed 2048-byte region [ffff888079b3c000, ffff888079b3c800) [ 101.783874][ T5908] [ 101.786205][ T5908] The buggy address belongs to the physical page: [ 101.792635][ T5908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79b38 [ 101.801491][ T5908] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 101.809995][ T5908] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 101.817553][ T5908] page_type: f5(slab) [ 101.821543][ T5908] raw: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000 [ 101.830137][ T5908] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 101.838733][ T5908] head: 00fff00000000040 ffff88801a842000 dead000000000122 0000000000000000 [ 101.847435][ T5908] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 101.856120][ T5908] head: 00fff00000000003 ffffea0001e6ce01 00000000ffffffff 00000000ffffffff [ 101.864820][ T5908] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 101.873490][ T5908] page dumped because: kasan: bad access detected [ 101.879915][ T5908] page_owner tracks the page as allocated [ 101.885665][ T5908] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5219, tgid 5219 (klogd), ts 99342445323, free_ts 99306828958 [ 101.906524][ T5908] post_alloc_hook+0x240/0x2a0 [ 101.911403][ T5908] get_page_from_freelist+0x21e4/0x22c0 [ 101.916976][ T5908] __alloc_frozen_pages_noprof+0x181/0x370 [ 101.922795][ T5908] alloc_pages_mpol+0x232/0x4a0 [ 101.927653][ T5908] allocate_slab+0x8a/0x330 [ 101.932168][ T5908] ___slab_alloc+0xbd1/0x13f0 [ 101.936868][ T5908] __slab_alloc+0x55/0xa0 [ 101.941203][ T5908] __kmalloc_cache_noprof+0x411/0x6f0 [ 101.946584][ T5908] syslog_print+0xd2/0x590 [ 101.951025][ T5908] do_syslog+0x544/0x760 [ 101.955291][ T5908] __x64_sys_syslog+0x7c/0x90 [ 101.960019][ T5908] do_syscall_64+0xfa/0xfa0 [ 101.964545][ T5908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.970448][ T5908] page last free pid 5908 tgid 5908 stack trace: [ 101.976785][ T5908] __free_frozen_pages+0xbc4/0xd30 [ 101.981912][ T5908] __put_partials+0x146/0x170 [ 101.986597][ T5908] put_cpu_partial+0x17c/0x250 [ 101.991370][ T5908] __slab_free+0x2b9/0x390 [ 101.995797][ T5908] qlist_free_all+0x97/0x140 [ 102.000387][ T5908] kasan_quarantine_reduce+0x148/0x160 [ 102.005849][ T5908] __kasan_slab_alloc+0x22/0x80 [ 102.010707][ T5908] kmem_cache_alloc_node_noprof+0x433/0x710 [ 102.016604][ T5908] __alloc_skb+0x112/0x2d0 [ 102.021172][ T5908] mld_newpack+0x13c/0xc40 [ 102.025621][ T5908] add_grhead+0x5a/0x2a0 [ 102.029979][ T5908] add_grec+0x1452/0x1740 [ 102.034317][ T5908] mld_send_initial_cr+0x288/0x550 [ 102.039467][ T5908] mld_dad_work+0x46/0x490 [ 102.043896][ T5908] process_scheduled_works+0xae1/0x17b0 [ 102.049481][ T5908] worker_thread+0x8a0/0xda0 [ 102.054107][ T5908] [ 102.056440][ T5908] Memory state around the buggy address: [ 102.062078][ T5908] ffff888079b3c380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.070160][ T5908] ffff888079b3c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.078230][ T5908] >ffff888079b3c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.086291][ T5908] ^ [ 102.094011][ T5908] ffff888079b3c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.102073][ T5908] ffff888079b3c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 102.110134][ T5908] ================================================================== SYZFAIL: failed to send rpc fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe) [ 102.369049][ T5908] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 102.376419][ T5908] CPU: 1 UID: 0 PID: 5908 Comm: kworker/1:3 Not tainted syzkaller #0 PREEMPT(full) [ 102.385826][ T5908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.395917][ T5908] Workqueue: usb_hub_wq hub_event [ 102.400988][ T5908] Call Trace: [ 102.404288][ T5908] [ 102.407247][ T5908] dump_stack_lvl+0x99/0x250 [ 102.411892][ T5908] ? __asan_memcpy+0x40/0x70 [ 102.416522][ T5908] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.421769][ T5908] ? __pfx__printk+0x10/0x10 [ 102.426403][ T5908] vpanic+0x237/0x6d0 [ 102.430421][ T5908] ? __pfx_vpanic+0x10/0x10 [ 102.434953][ T5908] ? preempt_schedule+0xae/0xc0 [ 102.439922][ T5908] ? __pfx_preempt_schedule+0x10/0x10 [ 102.445337][ T5908] panic+0xb9/0xc0 [ 102.449096][ T5908] ? __pfx_panic+0x10/0x10 [ 102.453552][ T5908] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 102.459528][ T5908] ? media_devnode_unregister+0xe2/0xf0 [ 102.465111][ T5908] check_panic_on_warn+0x89/0xb0 [ 102.470110][ T5908] ? media_devnode_unregister+0xe2/0xf0 [ 102.475702][ T5908] end_report+0x78/0x160 [ 102.479981][ T5908] kasan_report+0x129/0x150 [ 102.484528][ T5908] ? media_devnode_unregister+0xe2/0xf0 [ 102.490123][ T5908] media_devnode_unregister+0xe2/0xf0 [ 102.495548][ T5908] media_device_unregister+0x37c/0x400 [ 102.501073][ T5908] ? em28xx_audio_fini+0x59/0x1b0 [ 102.506158][ T5908] em28xx_release_resources+0xac/0x240 [ 102.511670][ T5908] em28xx_usb_disconnect+0x19f/0x2f0 [ 102.516995][ T5908] usb_unbind_interface+0x26e/0x910 [ 102.522233][ T5908] ? __pfx_usb_unbind_interface+0x10/0x10 [ 102.527996][ T5908] device_release_driver_internal+0x4d6/0x800 [ 102.534108][ T5908] bus_remove_device+0x34d/0x410 [ 102.539091][ T5908] device_del+0x511/0x8e0 [ 102.543454][ T5908] ? __pfx_device_del+0x10/0x10 [ 102.548334][ T5908] ? kobject_put+0x446/0x480 [ 102.552968][ T5908] usb_disable_device+0x3e9/0x8a0 [ 102.558004][ T5908] usb_disconnect+0x330/0x950 [ 102.562717][ T5908] hub_event+0x1cf5/0x4a20 [ 102.567176][ T5908] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 102.572588][ T5908] ? do_raw_spin_lock+0x121/0x290 [ 102.577642][ T5908] ? register_lock_class+0x51/0x320 [ 102.582856][ T5908] ? __pfx_hub_event+0x10/0x10 [ 102.587632][ T5908] ? process_scheduled_works+0x9ef/0x17b0 [ 102.593365][ T5908] ? _raw_spin_unlock_irq+0x23/0x50 [ 102.598573][ T5908] ? process_scheduled_works+0x9ef/0x17b0 [ 102.604296][ T5908] ? process_scheduled_works+0x9ef/0x17b0 [ 102.610045][ T5908] process_scheduled_works+0xae1/0x17b0 [ 102.615641][ T5908] ? __pfx_process_scheduled_works+0x10/0x10 [ 102.621640][ T5908] worker_thread+0x8a0/0xda0 [ 102.626248][ T5908] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 102.632597][ T5908] ? __kthread_parkme+0x7b/0x200 [ 102.637566][ T5908] kthread+0x711/0x8a0 [ 102.641656][ T5908] ? __pfx_worker_thread+0x10/0x10 [ 102.646796][ T5908] ? __pfx_kthread+0x10/0x10 [ 102.651412][ T5908] ? _raw_spin_unlock_irq+0x23/0x50 [ 102.656621][ T5908] ? lockdep_hardirqs_on+0x9c/0x150 [ 102.661848][ T5908] ? __pfx_kthread+0x10/0x10 [ 102.666481][ T5908] ret_from_fork+0x47c/0x820 [ 102.671091][ T5908] ? __pfx_ret_from_fork+0x10/0x10 [ 102.676218][ T5908] ? __switch_to_asm+0x39/0x70 [ 102.680991][ T5908] ? __switch_to_asm+0x33/0x70 [ 102.685774][ T5908] ? __pfx_kthread+0x10/0x10 [ 102.690386][ T5908] ret_from_fork_asm+0x1a/0x30 [ 102.695174][ T5908] [ 102.698584][ T5908] Kernel Offset: disabled [ 102.702916][ T5908] Rebooting in 86400 seconds..