last executing test programs: 1m13.653567132s ago: executing program 2 (id=182): r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000640)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1m13.204373166s ago: executing program 2 (id=188): r0 = socket$alg(0x26, 0x5, 0x0) unshare(0x28000600) bind$alg(r0, 0x0, 0x1900) 1m12.938375306s ago: executing program 2 (id=191): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rename(&(0x7f0000000140)='./file1\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 1m12.581388676s ago: executing program 2 (id=198): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$nfs(&(0x7f00000001c0)='..\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x85000, 0x0) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) 1m12.384125123s ago: executing program 2 (id=199): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) poll(&(0x7f0000000080)=[{r0, 0x1020}], 0x1, 0x20000082) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @ptr}}) 1m11.046611083s ago: executing program 2 (id=210): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x2c, 0x12, 0x1, 0x0, 0x5, "", [@nested={0x1c, 0x0, 0x0, 0x0, [@typed={0xc, 0x135, 0x0, 0x0, @u64}, @typed={0xc, 0x36, 0x0, 0x0, @u64=0x7}]}]}, 0x2c}], 0x1}, 0x0) 1m10.359205265s ago: executing program 32 (id=210): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000000)={0x2c, 0x12, 0x1, 0x0, 0x5, "", [@nested={0x1c, 0x0, 0x0, 0x0, [@typed={0xc, 0x135, 0x0, 0x0, @u64}, @typed={0xc, 0x36, 0x0, 0x0, @u64=0x7}]}]}, 0x2c}], 0x1}, 0x0) 4.128064624s ago: executing program 4 (id=887): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x9, 0x7, 0x6571, 0x4}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f00000001c0), &(0x7f00000005c0)}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x15, &(0x7f0000000100)={{r0}, &(0x7f0000000680), &(0x7f0000000640)='%pS \x00'}, 0x20) 3.8517833s ago: executing program 4 (id=892): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2eb2b00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c"], 0x122}, 0x1, 0x0, 0x0, 0x40000}, 0x20008800) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021bc0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000900003808c000080080003400000000280000b807c000180090001006c617374000000006c000280080001400000000508000140000000090c0002"], 0x140}}, 0x0) 3.579279173s ago: executing program 4 (id=896): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000400)=ANY=[@ANYBLOB="1b1b"]) 2.986583978s ago: executing program 3 (id=904): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x14, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x10, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x8}}], {0x14}}, 0xa0}}, 0x0) 2.406038724s ago: executing program 3 (id=908): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffe97, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd11=\x11\x86\xd96\x18\xccG8\xc8\xdd\x15\xcc\xd2\xf1d'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r0, &(0x7f0000000180)='syz1\x00', 0x1ff) 2.284879034s ago: executing program 3 (id=909): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x2}) r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000040)=0x1, 0x4) 2.125013129s ago: executing program 3 (id=910): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = dup(r0) sendmsg$nl_route_sched_retired(r1, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000ac0)=@deltclass={0x434, 0x29, 0x200, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0x9}, {0xe, 0xd}, {0xd, 0x4}}, [@c_cbq={{0x8}, {0x408, 0x2, [@TCA_CBQ_RTAB={0x404, 0x6, [0x1, 0x3ea, 0x3, 0xfffffeff, 0x6, 0xffff, 0x7, 0xfffffffa, 0x6fb9d4c8, 0x1, 0x4, 0x5, 0x9, 0x6, 0x5b3cbc25, 0x2, 0x81, 0x0, 0x9, 0xfffffffd, 0x3, 0xff, 0x1, 0x7fff, 0x8, 0x3, 0x0, 0x401, 0x3ff, 0x9, 0x3ff, 0x1, 0x5, 0x3, 0x27, 0x5, 0x80, 0x4, 0x3ff, 0x7, 0x8, 0x1d5, 0x9, 0x2, 0xff, 0x1, 0xcc2d, 0x4, 0x0, 0x40, 0x6, 0x5, 0x4, 0xd968, 0x7, 0x3, 0x7f, 0x0, 0x7, 0x9, 0x7, 0x3, 0x1, 0x0, 0x7ff, 0x1, 0x2, 0x8, 0x5, 0xeeb, 0x2f07, 0xb, 0xffffffff, 0x2, 0x7, 0x69, 0x5, 0x5, 0x1ff, 0x9, 0x5, 0x242e, 0x200, 0x4, 0x7, 0x6, 0xcbd, 0x833, 0x4, 0xfffffffc, 0x6, 0x7ff, 0x4, 0x2, 0x1, 0x1, 0x1, 0xffffff11, 0x1ff, 0x8001, 0x5, 0x40, 0x2, 0x55f8, 0x1, 0x7, 0x3ff, 0x3, 0x8000, 0x8, 0x6, 0x2, 0x1000, 0x9, 0x8, 0x0, 0xfffffff7, 0x4, 0x1b085605, 0x7, 0x3, 0x1, 0x80, 0x0, 0x4, 0xfdd4, 0x5, 0x5, 0x9, 0x7, 0x5722, 0x9, 0x944, 0xd, 0x7768, 0x3, 0x8, 0xffff, 0x100, 0x3, 0x6, 0x1, 0xbc4, 0x1, 0x4, 0xffffffff, 0xfffffd56, 0x8, 0x9, 0x1b, 0x6, 0x80000000, 0x8, 0x1, 0x0, 0xa, 0xfd, 0x0, 0x8, 0x3ff, 0x7, 0x9, 0x1, 0x0, 0x80d0, 0x4, 0x9855, 0x5, 0x1, 0x2, 0xe05, 0x2, 0x1, 0x6, 0x1, 0x3, 0x4, 0xca, 0xd4, 0x400, 0xffffff81, 0xb1a2, 0x1, 0x6, 0x2, 0x4, 0x1, 0x3aa7, 0x8, 0x1, 0x1, 0xf, 0x6, 0x5, 0x10, 0xf000, 0x67, 0xfffffff9, 0x5, 0x1, 0xe, 0x8, 0x3f, 0x8, 0x69c5, 0x74ec, 0x2, 0x5, 0xa1, 0x189, 0x80, 0x3, 0x9, 0x0, 0x8, 0x8, 0x7fff, 0x0, 0xffffffff, 0x4, 0x1, 0xc, 0x4, 0x4, 0x0, 0xc365, 0x5, 0xfffffffd, 0x1, 0x8, 0x7, 0x1674, 0xf, 0x6, 0x1, 0x6, 0x6c, 0x3, 0x7fff, 0x2, 0x0, 0x6, 0x7fff, 0xcf, 0x1, 0x9, 0xdfd1, 0x3, 0x1, 0x21f4, 0x8, 0xbb55, 0xb, 0x401, 0x0, 0x3e]}]}}]}, 0x434}}, 0x10) 1.933393431s ago: executing program 3 (id=911): timer_create(0x3, &(0x7f0000000480)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f00000004c0)) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 1.743564317s ago: executing program 4 (id=913): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000002c0)={0x0, 0x0, 0x1, 'M'}, 0x9) 1.743378762s ago: executing program 1 (id=914): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000000002, 0x0) io_setup(0x222, &(0x7f0000000180)=0x0) io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x1, 0x0, r0, &(0x7f0000000000)='%', 0x1}]) 1.583048786s ago: executing program 4 (id=916): r0 = fsopen(&(0x7f00000005c0)='9p\x00', 0x1) unshare(0x8000480) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000600)='#\x00', &(0x7f0000000640)='./file0\x00', 0xffffffffffffff9c) 1.489295787s ago: executing program 0 (id=917): r0 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@l={0x92, 0x0, 0xe0}) read(r0, &(0x7f00000011c0)=""/211, 0xd3) 1.442745593s ago: executing program 1 (id=918): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe) ioctl$TIOCSTI(r0, 0x541b, &(0x7f0000000040)) 1.416038602s ago: executing program 5 (id=919): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8810}, 0x40040d0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000044000701fcffffff00000000017c00000c0002"], 0x20}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) 1.335147967s ago: executing program 4 (id=920): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406d0426c6100000000001090224000100000000090400000103000000092100000001220b00090581030004"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x2, "dbc79ef4"}, @local=@item_4={0x3, 0x2, 0xa, '\a\x00'}, @global=@item_012={0x0, 0x1, 0x6}]}}, 0x0}, 0x0) 1.137166712s ago: executing program 5 (id=921): socketpair$unix(0x1, 0x2, 0x0, 0x0) setreuid(0xee01, 0xffffffffffffffff) setfsuid(0x0) 1.136392122s ago: executing program 1 (id=922): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0xd1}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_TYPE={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x4009000}, 0x0) 1.118660643s ago: executing program 0 (id=923): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) brk(0x689d80000000) 997.941562ms ago: executing program 3 (id=924): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) 960.37891ms ago: executing program 5 (id=925): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000001440)=[{&(0x7f0000000180)="27071c00160014000200", 0xa}, {0x0}], 0x2}, 0x24000008) 848.446485ms ago: executing program 0 (id=926): r0 = socket$kcm(0x10, 0x2, 0x4) capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)) sendmsg$inet(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 785.110026ms ago: executing program 0 (id=927): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r0, 0x0, 0x0, 0x20004041, 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1, &(0x7f0000000200), 0x4) 765.415997ms ago: executing program 1 (id=928): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) 714.592043ms ago: executing program 5 (id=929): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz2\x00'}, @NFTA_DYNSET_OP={0x8}]}}}]}]}], {0x14}}, 0x80}}, 0x0) 569.635055ms ago: executing program 0 (id=930): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r0, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20) 522.048224ms ago: executing program 1 (id=931): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f00000023c0)={@multicast1, @local}, 0x8) connect$inet(r0, &(0x7f0000002440)={0x2, 0x4e21, @multicast1}, 0x10) 398.32604ms ago: executing program 5 (id=932): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x0, 0x25dfdbfc, {0xa, 0x80, 0x4908d13283d17e5f, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3001a}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e23, 0x4e27}}, @FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x4c}}, 0x40000) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) 241.757439ms ago: executing program 0 (id=933): pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x1a) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5760, 0x14) 225.713064ms ago: executing program 1 (id=934): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x17, {0x0, 0x401, @l2={'ib', 0x3a, 'wg1\x00'}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x24008044}, 0x0) 0s ago: executing program 5 (id=935): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000640)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1}, 0xc) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.220' (ED25519) to the list of known hosts. [ 80.671870][ T5826] cgroup: Unknown subsys name 'net' [ 80.943925][ T5826] cgroup: Unknown subsys name 'cpuset' [ 81.000231][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.827898][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.423943][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.426218][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.428362][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.434043][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.434935][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.472406][ T5158] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.473310][ T5158] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.475112][ T5158] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.476510][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.477135][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.478228][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.478935][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.480467][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.493840][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.526901][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.659154][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.669521][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.670745][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.672898][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.673728][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.736850][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.747158][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.757020][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.758658][ T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.774628][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.473352][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 86.565838][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 86.578522][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 86.894411][ T31] cfg80211: failed to load regulatory.db [ 86.935818][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 87.366149][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.367700][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.368068][ T5844] bridge_slave_0: entered allmulticast mode [ 87.371118][ T5844] bridge_slave_0: entered promiscuous mode [ 87.460593][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 87.531660][ T5839] Bluetooth: hci1: command tx timeout [ 87.555451][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.555546][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.555681][ T5844] bridge_slave_1: entered allmulticast mode [ 87.557211][ T5844] bridge_slave_1: entered promiscuous mode [ 87.609503][ T59] Bluetooth: hci2: command tx timeout [ 87.609879][ T5839] Bluetooth: hci0: command tx timeout [ 87.689667][ T5839] Bluetooth: hci3: command tx timeout [ 87.790420][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.790533][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.790656][ T5841] bridge_slave_0: entered allmulticast mode [ 87.792137][ T5841] bridge_slave_0: entered promiscuous mode [ 87.819132][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.822083][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.822302][ T5837] bridge_slave_0: entered allmulticast mode [ 87.824889][ T5837] bridge_slave_0: entered promiscuous mode [ 87.851079][ T5839] Bluetooth: hci4: command tx timeout [ 87.911898][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.912065][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.912262][ T5841] bridge_slave_1: entered allmulticast mode [ 87.915040][ T5841] bridge_slave_1: entered promiscuous mode [ 88.000840][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.000991][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.001158][ T5837] bridge_slave_1: entered allmulticast mode [ 88.003899][ T5837] bridge_slave_1: entered promiscuous mode [ 88.083692][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.346132][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.490376][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.490577][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.490747][ T5849] bridge_slave_0: entered allmulticast mode [ 88.492521][ T5849] bridge_slave_0: entered promiscuous mode [ 88.584275][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.605456][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.605705][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.605831][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.605991][ T5849] bridge_slave_1: entered allmulticast mode [ 88.607867][ T5849] bridge_slave_1: entered promiscuous mode [ 88.825447][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.923927][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.993102][ T5844] team0: Port device team_slave_0 added [ 89.312369][ T5844] team0: Port device team_slave_1 added [ 89.383219][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.383428][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.383694][ T5851] bridge_slave_0: entered allmulticast mode [ 89.386977][ T5851] bridge_slave_0: entered promiscuous mode [ 89.505145][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.588353][ T5841] team0: Port device team_slave_0 added [ 89.588909][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.589037][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.589209][ T5851] bridge_slave_1: entered allmulticast mode [ 89.592470][ T5851] bridge_slave_1: entered promiscuous mode [ 89.596230][ T5837] team0: Port device team_slave_0 added [ 89.609549][ T5839] Bluetooth: hci1: command tx timeout [ 89.611892][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.689883][ T5839] Bluetooth: hci0: command tx timeout [ 89.689917][ T5839] Bluetooth: hci2: command tx timeout [ 89.769469][ T59] Bluetooth: hci3: command tx timeout [ 89.793045][ T5837] team0: Port device team_slave_1 added [ 89.929564][ T59] Bluetooth: hci4: command tx timeout [ 90.031346][ T5841] team0: Port device team_slave_1 added [ 90.032446][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.032456][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.032471][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.333671][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.333687][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.333711][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.338005][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.413260][ T5849] team0: Port device team_slave_0 added [ 90.485542][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.486211][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.486222][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.486235][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.512537][ T5849] team0: Port device team_slave_1 added [ 90.513811][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.513823][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.513846][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.631079][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.631090][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.631103][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.632009][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.632018][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.632031][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.084027][ T5851] team0: Port device team_slave_0 added [ 91.091365][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.091379][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.091402][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.185927][ T5851] team0: Port device team_slave_1 added [ 91.193767][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.193783][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.193806][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.215420][ T5844] hsr_slave_0: entered promiscuous mode [ 91.217292][ T5844] hsr_slave_1: entered promiscuous mode [ 91.685154][ T5837] hsr_slave_0: entered promiscuous mode [ 91.685935][ T5837] hsr_slave_1: entered promiscuous mode [ 91.686573][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 91.686658][ T5837] Cannot create hsr debugfs directory [ 91.687586][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.687597][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.687611][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.699412][ T59] Bluetooth: hci1: command tx timeout [ 91.706981][ T5841] hsr_slave_0: entered promiscuous mode [ 91.708808][ T5841] hsr_slave_1: entered promiscuous mode [ 91.723552][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 91.723577][ T5841] Cannot create hsr debugfs directory [ 91.769727][ T59] Bluetooth: hci2: command tx timeout [ 91.769756][ T59] Bluetooth: hci0: command tx timeout [ 91.844648][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.844664][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.844678][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.859893][ T5839] Bluetooth: hci3: command tx timeout [ 92.009705][ T5839] Bluetooth: hci4: command tx timeout [ 92.366296][ T5849] hsr_slave_0: entered promiscuous mode [ 92.367570][ T5849] hsr_slave_1: entered promiscuous mode [ 92.368808][ T5849] debugfs: 'hsr0' already exists in 'hsr' [ 92.368830][ T5849] Cannot create hsr debugfs directory [ 92.803995][ T5851] hsr_slave_0: entered promiscuous mode [ 92.804755][ T5851] hsr_slave_1: entered promiscuous mode [ 92.805274][ T5851] debugfs: 'hsr0' already exists in 'hsr' [ 92.805291][ T5851] Cannot create hsr debugfs directory [ 93.770463][ T5839] Bluetooth: hci1: command tx timeout [ 93.850343][ T59] Bluetooth: hci2: command tx timeout [ 93.850387][ T5839] Bluetooth: hci0: command tx timeout [ 93.890353][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.933023][ T5839] Bluetooth: hci3: command tx timeout [ 93.962735][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.995698][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.051621][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.089450][ T5839] Bluetooth: hci4: command tx timeout [ 94.193399][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.244473][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.277836][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.336252][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.483620][ T5849] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.517093][ T5849] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.563380][ T5849] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.617189][ T5849] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.767496][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.803777][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.848122][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.905301][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.067267][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.088460][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.142696][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.187768][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.223509][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.304357][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.365235][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.365907][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.389058][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.422938][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.423093][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.507913][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.559929][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.560129][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.591314][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.627069][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.627202][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.728111][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.743191][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.827320][ T1106] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.827721][ T1106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.898792][ T1295] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.898942][ T1295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.957731][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.023266][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.050103][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.050316][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.117784][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.117971][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.223419][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.292153][ T4501] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.292525][ T4501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.322023][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.392507][ T4501] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.399488][ T4501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.611191][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.950348][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.993102][ T5837] veth0_vlan: entered promiscuous mode [ 97.084981][ T5837] veth1_vlan: entered promiscuous mode [ 97.208835][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.306771][ T5849] veth0_vlan: entered promiscuous mode [ 97.348727][ T5837] veth0_macvtap: entered promiscuous mode [ 97.384583][ T5849] veth1_vlan: entered promiscuous mode [ 97.405361][ T5837] veth1_macvtap: entered promiscuous mode [ 97.427115][ T5844] veth0_vlan: entered promiscuous mode [ 97.460184][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.489154][ T5844] veth1_vlan: entered promiscuous mode [ 97.518556][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.548747][ T5841] veth0_vlan: entered promiscuous mode [ 97.567255][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.614297][ T5849] veth0_macvtap: entered promiscuous mode [ 97.616274][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.644295][ T5841] veth1_vlan: entered promiscuous mode [ 97.657848][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.667359][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.682394][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.685986][ T5849] veth1_macvtap: entered promiscuous mode [ 97.836596][ T5844] veth0_macvtap: entered promiscuous mode [ 97.942563][ T5851] veth0_vlan: entered promiscuous mode [ 97.956175][ T5844] veth1_macvtap: entered promiscuous mode [ 97.963181][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.038503][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.079066][ T5851] veth1_vlan: entered promiscuous mode [ 98.087631][ T5841] veth0_macvtap: entered promiscuous mode [ 98.103655][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.103680][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.139091][ T1295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.149064][ T1295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.169016][ T1295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.177673][ T5841] veth1_macvtap: entered promiscuous mode [ 98.194232][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.197248][ T1295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.258573][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.302424][ T1458] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.302444][ T1458] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.414704][ T1295] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.418806][ T1295] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.422040][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.463081][ T1295] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.488718][ T1295] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.508759][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.648947][ T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.664092][ T5851] veth0_macvtap: entered promiscuous mode [ 98.665977][ T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.668595][ T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.674608][ T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.685341][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.685360][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.766556][ T5851] veth1_macvtap: entered promiscuous mode [ 98.883980][ T5954] mkiss: ax0: crc mode is auto. [ 99.256874][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.256894][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.376519][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.415424][ T1295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.415442][ T1295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.442431][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.508407][ T1458] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.557528][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.557547][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.562456][ T1458] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.571311][ T1458] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.607998][ T1458] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.685026][ T1295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.685046][ T1295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.812817][ T5963] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 99.897079][ T1295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.897099][ T1295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.404121][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.404142][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.741823][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.741843][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.329873][ T5990] netlink: 'syz.0.17': attribute type 3 has an invalid length. [ 101.353776][ T1231] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 101.537842][ T1231] usb 5-1: Using ep0 maxpacket: 8 [ 101.633390][ T1231] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 101.633419][ T1231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.633439][ T1231] usb 5-1: Product: syz [ 101.633453][ T1231] usb 5-1: Manufacturer: syz [ 101.633467][ T1231] usb 5-1: SerialNumber: syz [ 101.717259][ T1231] usb 5-1: config 0 descriptor?? [ 101.826550][ T1231] gspca_main: sq930x-2.14.0 probing 2770:930c [ 102.111014][ T6004] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 102.439404][ T1231] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 102.661802][ T1231] gspca_sq930x: Sensor ov9630 not yet treated [ 102.661905][ T1231] sq930x 5-1:0.0: probe with driver sq930x failed with error -22 [ 102.745184][ T1231] usb 5-1: USB disconnect, device number 2 [ 103.737354][ T6033] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.083017][ T6060] Bluetooth: MGMT ver 1.23 [ 105.085902][ T43] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.092139][ T43] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.092185][ T43] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.092218][ T43] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.145501][ T6054] Zero length message leads to an empty skb [ 105.416316][ T5839] Bluetooth: hci1: unexpected subevent 0x0e length: 30 > 15 [ 105.416363][ T5839] Bluetooth: hci1: Unable to find connection for dst 00:00:00:00:00:00 sid 0x00 [ 105.590607][ T6074] xt_l2tp: invalid flags combination: 0 [ 105.744189][ T6080] netlink: 'syz.0.54': attribute type 1 has an invalid length. [ 105.744209][ T6080] netlink: 'syz.0.54': attribute type 2 has an invalid length. [ 105.744727][ T6080] netlink: 'syz.0.54': attribute type 1 has an invalid length. [ 105.744743][ T6080] netlink: 'syz.0.54': attribute type 2 has an invalid length. [ 106.138345][ T6093] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.634553][ T6109] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (1024) [ 106.634579][ T6109] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 107.665498][ T6136] program syz.2.79 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 107.957277][ T6145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.84'. [ 108.530310][ T6164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.93'. [ 109.061086][ T6175] tmpfs: Cannot disable swap on remount [ 109.839096][ T6195] sd 0:0:1:0: device reset [ 110.468175][ T6220] capability: warning: `syz.0.113' uses deprecated v2 capabilities in a way that may be insecure [ 111.269809][ T5952] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 111.419704][ T5952] usb 5-1: Using ep0 maxpacket: 32 [ 111.422261][ T5952] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 111.425716][ T5952] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 111.425743][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.425762][ T5952] usb 5-1: Product: syz [ 111.425775][ T5952] usb 5-1: Manufacturer: syz [ 111.425787][ T5952] usb 5-1: SerialNumber: syz [ 111.467474][ T5952] usb 5-1: config 0 descriptor?? [ 111.503743][ T5952] cdc_ether 5-1:0.0: skipping garbage [ 111.503770][ T5952] usb 5-1: bad CDC descriptors [ 111.514296][ T31] kernel write not supported for file /55/loginuid (pid: 31 comm: kworker/1:0) [ 111.523156][ T5952] usb 5-1: unsupported MDLM descriptors [ 111.712370][ T5998] usb 5-1: USB disconnect, device number 3 [ 112.234102][ T6265] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 112.234136][ T6265] CIFS: Unable to determine destination address [ 112.389708][ T6271] netlink: 'syz.4.131': attribute type 1 has an invalid length. [ 113.146925][ T6296] syz.0.140 (6296) used greatest stack depth: 18936 bytes left [ 113.379578][ T5998] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 113.476727][ T6308] netlink: 8 bytes leftover after parsing attributes in process `syz.4.146'. [ 113.490827][ T6310] netlink: 104 bytes leftover after parsing attributes in process `syz.1.147'. [ 113.541272][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 113.541306][ T5998] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 113.541348][ T5998] usb 4-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 113.541371][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.595230][ T5998] usb 4-1: config 0 descriptor?? [ 113.608419][ T6299] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 113.621256][ T6308] netlink: 8 bytes leftover after parsing attributes in process `syz.4.146'. [ 114.020686][ T6322] netlink: 24 bytes leftover after parsing attributes in process `syz.4.150'. [ 114.078566][ T5998] waltop 0003:172F:0500.0001: unknown main item tag 0x0 [ 114.078610][ T5998] waltop 0003:172F:0500.0001: unknown main item tag 0x0 [ 114.078637][ T5998] waltop 0003:172F:0500.0001: unknown main item tag 0x0 [ 114.078662][ T5998] waltop 0003:172F:0500.0001: unknown main item tag 0x0 [ 114.078688][ T5998] waltop 0003:172F:0500.0001: unknown main item tag 0x0 [ 114.078713][ T5998] waltop 0003:172F:0500.0001: unknown main item tag 0x0 [ 114.078738][ T5998] waltop 0003:172F:0500.0001: unknown main item tag 0x0 [ 114.173207][ T5998] waltop 0003:172F:0500.0001: hidraw0: USB HID vff.fa Device [HID 172f:0500] on usb-dummy_hcd.3-1/input0 [ 114.324617][ T31] usb 4-1: USB disconnect, device number 2 [ 114.465624][ T6332] fido_id[6332]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 114.559428][ T5952] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 114.713018][ T5952] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.713045][ T5952] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 114.713096][ T5952] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 114.713117][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.726393][ T5952] usb 3-1: config 0 descriptor?? [ 114.765555][ T5952] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 114.765931][ T5952] dvb-usb: bulk message failed: -22 (3/0) [ 114.848214][ T5952] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 114.861994][ T5952] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 114.862077][ T5952] usb 3-1: media controller created [ 114.912729][ T5952] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 115.011515][ T6329] dvb-usb: bulk message failed: -22 (2/0) [ 115.024421][ T5952] dvb-usb: bulk message failed: -22 (6/0) [ 115.024563][ T5952] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 115.058184][ T5952] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 115.161554][ T5952] dvb-usb: schedule remote query interval to 150 msecs. [ 115.161578][ T5952] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 115.207138][ T5952] usb 3-1: USB disconnect, device number 2 [ 115.502918][ T5952] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 116.459407][ T5998] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.609436][ T5998] usb 1-1: Using ep0 maxpacket: 32 [ 116.628440][ T5998] usb 1-1: config 0 interface 0 altsetting 17 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.628471][ T5998] usb 1-1: config 0 interface 0 altsetting 17 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 116.628498][ T5998] usb 1-1: config 0 interface 0 has no altsetting 0 [ 116.628532][ T5998] usb 1-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 116.628554][ T5998] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.691150][ T5998] usb 1-1: config 0 descriptor?? [ 116.884567][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.178'. [ 117.148945][ T5998] asus 0003:048D:CE50.0002: item fetching failed at offset 2/5 [ 117.149894][ T5998] asus 0003:048D:CE50.0002: Asus hid parse failed: -22 [ 117.149998][ T5998] asus 0003:048D:CE50.0002: probe with driver asus failed with error -22 [ 117.250633][ T31] kernel write not supported for file /vcs (pid: 31 comm: kworker/1:0) [ 117.362261][ T31] usb 1-1: USB disconnect, device number 2 [ 117.382073][ T6417] [U] [ 117.834511][ T6431] capability: warning: `syz.4.190' uses 32-bit capabilities (legacy support in use) [ 118.270995][ T6451] process 'syz.3.197' launched './file0' with NULL argv: empty string added [ 118.389438][ T986] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 118.547146][ T986] usb 2-1: too many endpoints for config 0 interface 0 altsetting 185: 33, using maximum allowed: 30 [ 118.547187][ T986] usb 2-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.547204][ T986] usb 2-1: config 0 interface 0 altsetting 185 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 118.547226][ T986] usb 2-1: config 0 interface 0 has no altsetting 0 [ 118.547254][ T986] usb 2-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00 [ 118.547274][ T986] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.633147][ T986] usb 2-1: config 0 descriptor?? [ 119.108926][ T986] nzxt-kraken2 0003:1E71:170E.0003: unknown main item tag 0x0 [ 119.108963][ T986] nzxt-kraken2 0003:1E71:170E.0003: unknown main item tag 0x0 [ 119.108990][ T986] nzxt-kraken2 0003:1E71:170E.0003: unknown main item tag 0x0 [ 119.109016][ T986] nzxt-kraken2 0003:1E71:170E.0003: unknown main item tag 0x0 [ 119.109041][ T986] nzxt-kraken2 0003:1E71:170E.0003: unknown main item tag 0x0 [ 119.149457][ T5952] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 119.165919][ T986] nzxt-kraken2 0003:1E71:170E.0003: hidraw0: USB HID v8.00 Device [HID 1e71:170e] on usb-dummy_hcd.1-1/input0 [ 119.302403][ T5952] usb 4-1: Using ep0 maxpacket: 32 [ 119.311696][ T5952] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 119.315633][ T5952] usb 4-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 119.315661][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.315680][ T5952] usb 4-1: Product: syz [ 119.315693][ T5952] usb 4-1: Manufacturer: syz [ 119.315707][ T5952] usb 4-1: SerialNumber: syz [ 119.319685][ T986] usb 2-1: USB disconnect, device number 2 [ 119.478329][ T6472] fido_id[6472]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 119.610101][ T5952] usb 4-1: selecting invalid altsetting 1 [ 119.815703][ T5952] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 119.815843][ T5952] dvb_usb_lmedm04 4-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 120.030632][ T5998] usb 4-1: USB disconnect, device number 3 [ 120.253112][ T59] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 120.253215][ T59] Bluetooth: hci2: Injecting HCI hardware error event [ 120.255974][ T5158] Bluetooth: hci2: hardware error 0x00 [ 120.558555][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.303519][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.693453][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 121.695395][ T5839] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 121.716409][ T6524] bad cache= option: no%e [ 121.716409][ T6524] [ 121.716651][ T6524] CIFS: VFS: bad cache= option: no%e [ 121.753826][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 121.757589][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 121.771901][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 121.774346][ T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 121.775428][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 121.966068][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.489435][ T5158] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 122.517117][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.749391][ T44] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 122.918440][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.918473][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.918519][ T44] usb 4-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 122.918541][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.924875][ T44] usb 4-1: config 0 descriptor?? [ 123.279478][ T986] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 123.422534][ T44] hid_mf 0003:0079:1846.0004: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.3-1/input0 [ 123.422575][ T44] hid_mf 0003:0079:1846.0004: Invalid report, this should never happen! [ 123.422589][ T44] hid_mf 0003:0079:1846.0004: Force feedback init failed. [ 123.449605][ T986] usb 5-1: Using ep0 maxpacket: 16 [ 123.453597][ T986] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.453630][ T986] usb 5-1: config 0 interface 0 has no altsetting 0 [ 123.453661][ T986] usb 5-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 123.453683][ T986] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.539147][ T986] usb 5-1: config 0 descriptor?? [ 123.646369][ T44] usb 4-1: USB disconnect, device number 4 [ 123.849424][ T5158] Bluetooth: hci4: command tx timeout [ 123.933712][ T6577] fido_id[6577]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 124.025916][ T986] kye 0003:0458:0087.0005: unknown main item tag 0x0 [ 124.025953][ T986] kye 0003:0458:0087.0005: unknown main item tag 0x0 [ 124.025979][ T986] kye 0003:0458:0087.0005: unknown main item tag 0x0 [ 124.026003][ T986] kye 0003:0458:0087.0005: unknown main item tag 0x0 [ 124.026027][ T986] kye 0003:0458:0087.0005: unknown main item tag 0x0 [ 124.067498][ T986] kye 0003:0458:0087.0005: hidraw0: USB HID v0.05 Device [HID 0458:0087] on usb-dummy_hcd.4-1/input0 [ 124.236974][ T986] usb 5-1: USB disconnect, device number 4 [ 124.237278][ T6587] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 124.237329][ T6587] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 124.237416][ T6587] comedi comedi3: 8255: I/O port conflict (0x21,4) [ 124.246686][ T6587] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 124.246744][ T6587] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 124.246791][ T6587] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 124.312692][ T12] bridge_slave_1: left allmulticast mode [ 124.326343][ T12] bridge_slave_1: left promiscuous mode [ 124.329012][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.375000][ T6584] fido_id[6584]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 124.443590][ T12] bridge_slave_0: left allmulticast mode [ 124.443621][ T12] bridge_slave_0: left promiscuous mode [ 124.444129][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.615117][ T6593] nbd: must specify a size in bytes for the device [ 124.682935][ T6595] netlink: 'syz.3.249': attribute type 62 has an invalid length. [ 125.026808][ T6607] xt_socket: unknown flags 0xd0 [ 125.320197][ T5903] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 125.499392][ T5903] usb 2-1: Using ep0 maxpacket: 16 [ 125.502622][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.502654][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.502676][ T5903] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 125.502717][ T5903] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 125.502739][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.597411][ T5903] usb 2-1: config 0 descriptor?? [ 125.929836][ T5158] Bluetooth: hci4: command tx timeout [ 126.027467][ T5903] konepure 0003:1E7D:2DB4.0006: item fetching failed at offset 0/2 [ 126.028210][ T5903] konepure 0003:1E7D:2DB4.0006: parse failed [ 126.028280][ T5903] konepure 0003:1E7D:2DB4.0006: probe with driver konepure failed with error -22 [ 126.238484][ T5903] usb 2-1: USB disconnect, device number 3 [ 127.216627][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 127.313065][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 127.358800][ T12] bond0 (unregistering): Released all slaves [ 127.359126][ T6642] usb usb8: usbfs: process 6642 (syz.1.271) did not claim interface 0 before use [ 127.723126][ T6612] bridge0: entered promiscuous mode [ 127.723602][ T6612] macsec1: entered promiscuous mode [ 127.752358][ T6644] netlink: 4 bytes leftover after parsing attributes in process `syz.1.272'. [ 127.939589][ T37] audit: type=1326 audit(1759028475.732:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99cfe0eec9 code=0x7ffc0000 [ 127.939637][ T37] audit: type=1326 audit(1759028475.732:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99cfe0eec9 code=0x7ffc0000 [ 127.939675][ T37] audit: type=1326 audit(1759028475.752:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f99cfe0eec9 code=0x7ffc0000 [ 127.939713][ T37] audit: type=1326 audit(1759028475.752:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f99cfe0ef03 code=0x7ffc0000 [ 127.939749][ T37] audit: type=1326 audit(1759028475.752:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f99cfe0ef03 code=0x7ffc0000 [ 127.939782][ T37] audit: type=1326 audit(1759028475.752:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99cfe0eec9 code=0x7ffc0000 [ 127.939816][ T37] audit: type=1326 audit(1759028475.752:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99cfe0eec9 code=0x7ffc0000 [ 127.990279][ T37] audit: type=1326 audit(1759028475.802:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f99cfe0eec9 code=0x7ffc0000 [ 128.021794][ T5158] Bluetooth: hci4: command tx timeout [ 128.032244][ T37] audit: type=1326 audit(1759028475.842:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.4.274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99cfe0eec9 code=0x7ffc0000 [ 128.065289][ T6662] bridge_slave_0: invalid flags given to default FDB implementation [ 128.465084][ T6676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.281'. [ 128.766614][ T6523] chnl_net:caif_netlink_parms(): no params data found [ 129.349556][ T44] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 129.501605][ T44] usb 4-1: Using ep0 maxpacket: 8 [ 129.510540][ T44] usb 4-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 129.510568][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.510588][ T44] usb 4-1: Product: syz [ 129.510602][ T44] usb 4-1: Manufacturer: syz [ 129.510616][ T44] usb 4-1: SerialNumber: syz [ 129.988747][ T44] mxuport 4-1:254.0: mxuport_recv_ctrl_urb - short read (0 / 4) [ 129.988858][ T44] mxuport 4-1:254.0: probe with driver mxuport failed with error -5 [ 130.097010][ T5158] Bluetooth: hci4: command tx timeout [ 130.173515][ T6722] mkiss: ax0: crc mode is auto. [ 130.239013][ T5923] usb 4-1: USB disconnect, device number 5 [ 130.521973][ T6729] netlink: 'syz.4.302': attribute type 29 has an invalid length. [ 130.525670][ T6523] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.525801][ T6523] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.528118][ T6523] bridge_slave_0: entered allmulticast mode [ 130.538075][ T6523] bridge_slave_0: entered promiscuous mode [ 130.739485][ T12] hsr_slave_0: left promiscuous mode [ 130.780286][ T12] hsr_slave_1: left promiscuous mode [ 130.783081][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.783180][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.832945][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.832975][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.953026][ T12] veth1_macvtap: left promiscuous mode [ 130.953255][ T12] veth0_macvtap: left promiscuous mode [ 130.953877][ T12] veth1_vlan: left promiscuous mode [ 130.954247][ T12] veth0_vlan: left promiscuous mode [ 131.999421][ T5903] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 132.183625][ T5903] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 132.183655][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.183673][ T5903] usb 4-1: Product: syz [ 132.183687][ T5903] usb 4-1: Manufacturer: syz [ 132.183700][ T5903] usb 4-1: SerialNumber: syz [ 132.200903][ T5903] usb 4-1: config 0 descriptor?? [ 132.211939][ T5903] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 132.837416][ T5998] usb 4-1: USB disconnect, device number 6 [ 132.978255][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.978356][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.372750][ T12] team0 (unregistering): Port device team_slave_1 removed [ 133.682729][ T12] team0 (unregistering): Port device team_slave_0 removed [ 135.750259][ T6732] netlink: 'syz.4.302': attribute type 29 has an invalid length. [ 135.757077][ T6523] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.757224][ T6523] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.757459][ T6523] bridge_slave_1: entered allmulticast mode [ 135.760617][ T6523] bridge_slave_1: entered promiscuous mode [ 136.210047][ T6523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.219928][ T6523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.349525][ T6774] netlink: 44 bytes leftover after parsing attributes in process `syz.0.321'. [ 136.349553][ T6774] netlink: 'syz.0.321': attribute type 6 has an invalid length. [ 136.349566][ T6774] netlink: 'syz.0.321': attribute type 5 has an invalid length. [ 136.349577][ T6774] netlink: 'syz.0.321': attribute type 4 has an invalid length. [ 136.682447][ T6523] team0: Port device team_slave_0 added [ 136.703438][ T6523] team0: Port device team_slave_1 added [ 136.851569][ T6788] netlink: 20 bytes leftover after parsing attributes in process `syz.3.330'. [ 137.229395][ T44] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 137.305698][ T6523] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 137.305714][ T6523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.305737][ T6523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 137.308166][ T6523] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 137.308178][ T6523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.308206][ T6523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 137.411584][ T44] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 137.411613][ T44] usb 1-1: config 0 has no interface number 0 [ 137.411646][ T44] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 137.411684][ T44] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 137.411711][ T44] usb 1-1: config 0 interface 255 has no altsetting 0 [ 137.411744][ T44] usb 1-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 137.411766][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.449769][ T6805] xt_limit: Overflow, try lower: 324382443/4200216956 [ 137.509721][ T44] usb 1-1: config 0 descriptor?? [ 137.529679][ T44] ums-realtek 1-1:0.255: USB Mass Storage device detected [ 137.791760][ T44] usb 1-1: USB disconnect, device number 3 [ 138.128886][ T6523] hsr_slave_0: entered promiscuous mode [ 138.150895][ T6523] hsr_slave_1: entered promiscuous mode [ 138.151874][ T6523] debugfs: 'hsr0' already exists in 'hsr' [ 138.151898][ T6523] Cannot create hsr debugfs directory [ 138.547211][ T6832] netlink: 24 bytes leftover after parsing attributes in process `syz.0.347'. [ 139.248276][ T6856] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 139.248341][ T6856] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 139.248465][ T6856] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 139.248555][ T6856] comedi comedi3: 8255: I/O port conflict (0xc9,4) [ 139.248604][ T6856] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 139.248655][ T6856] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 139.248713][ T6856] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 139.248857][ T6856] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 139.248906][ T6856] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 139.248951][ T6856] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 139.249078][ T6856] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 139.249125][ T6856] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 139.249172][ T6856] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 139.262349][ T6856] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 139.262412][ T6856] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 139.262462][ T6856] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 139.262508][ T6856] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4) [ 139.262555][ T6856] comedi comedi3: 8255: I/O port conflict (0xffffffffffffeadb,4) [ 139.262605][ T6856] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 139.262649][ T6856] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 139.262696][ T6856] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 140.022614][ T6877] netlink: 8 bytes leftover after parsing attributes in process `syz.3.365'. [ 140.107053][ T6523] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 140.231049][ T6523] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 140.379645][ T6523] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 140.437643][ T6523] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 140.627884][ T6897] Bluetooth: MGMT ver 1.23 [ 140.862351][ T6908] netlink: 24 bytes leftover after parsing attributes in process `syz.1.376'. [ 141.085933][ T6523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.141774][ T6920] netlink: 'syz.0.379': attribute type 6 has an invalid length. [ 141.147349][ T6523] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.198898][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.199165][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.274431][ T6924] bridge0: port 3(syz_tun) entered blocking state [ 141.274557][ T6924] bridge0: port 3(syz_tun) entered disabled state [ 141.274977][ T6924] syz_tun: entered allmulticast mode [ 141.366011][ T6924] syz_tun: entered promiscuous mode [ 141.404150][ T6924] bridge0: port 3(syz_tun) entered blocking state [ 141.404322][ T6924] bridge0: port 3(syz_tun) entered forwarding state [ 141.425784][ T1781] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.425931][ T1781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.529660][ T5158] Bluetooth: hci4: command tx timeout [ 142.989544][ T5923] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 143.026112][ T6523] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 143.154195][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.154224][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 143.154264][ T5923] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 143.154285][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.205210][ T5923] usb 2-1: config 0 descriptor?? [ 143.690668][ T5923] koneplus 0003:1E7D:2D51.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.1-1/input0 [ 143.840048][ T5998] usb 2-1: USB disconnect, device number 4 [ 144.140307][ T6999] fido_id[6999]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 144.404792][ T6523] veth0_vlan: entered promiscuous mode [ 144.439778][ T6523] veth1_vlan: entered promiscuous mode [ 144.573557][ T6523] veth0_macvtap: entered promiscuous mode [ 144.623994][ T6523] veth1_macvtap: entered promiscuous mode [ 144.695671][ T6523] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 144.769843][ T6523] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 144.810426][ T37] audit: type=1326 audit(1759028492.632:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7022 comm="syz.3.415" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff1b1cfeec9 code=0x0 [ 144.860698][ T57] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.898299][ T57] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.905913][ T57] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.916388][ T57] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.653602][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.653622][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.709570][ T5903] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 145.859997][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.860015][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.895495][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.895528][ T5903] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.895566][ T5903] usb 2-1: New USB device found, idVendor=06a3, idProduct=0cfa, bcdDevice= 0.00 [ 145.895588][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.945820][ T5903] usb 2-1: config 0 descriptor?? [ 146.348102][ T5903] usbhid 2-1:0.0: can't add hid device: -71 [ 146.348224][ T5903] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 146.398912][ T5903] usb 2-1: USB disconnect, device number 5 [ 147.117847][ T7079] syz.4.434 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 147.370527][ T44] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 147.532165][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 147.536226][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.536255][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.536276][ T44] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 147.536315][ T44] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 147.536338][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.544688][ T44] usb 1-1: config 0 descriptor?? [ 148.024805][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.024842][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.024866][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.024901][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.024928][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.024953][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.024980][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.025005][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.025030][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.025056][ T44] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 148.026671][ T44] HID 045e:07da: Invalid code 65791 type 1 [ 148.044008][ T44] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0008/input/input6 [ 148.303718][ T44] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 148.353903][ T44] usb 1-1: USB disconnect, device number 4 [ 148.627292][ T7106] fido_id[7106]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 148.781780][ T7099] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 149.329581][ T44] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 149.483384][ T44] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 149.483412][ T44] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 149.483429][ T44] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 149.483447][ T44] usb 4-1: config 220 has no interface number 2 [ 149.483517][ T44] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 149.483540][ T44] usb 4-1: config 220 interface 0 has no altsetting 0 [ 149.483556][ T44] usb 4-1: config 220 interface 76 has no altsetting 0 [ 149.483572][ T44] usb 4-1: config 220 interface 1 has no altsetting 0 [ 149.488316][ T44] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 149.488344][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.488362][ T44] usb 4-1: Product: syz [ 149.488375][ T44] usb 4-1: Manufacturer: syz [ 149.488389][ T44] usb 4-1: SerialNumber: syz [ 149.656375][ T7130] netlink: 'syz.5.456': attribute type 29 has an invalid length. [ 149.683259][ T7130] netlink: 'syz.5.456': attribute type 29 has an invalid length. [ 149.828866][ T44] usb 4-1: selecting invalid altsetting 0 [ 149.846296][ T44] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 149.846333][ T44] usb 4-1: No valid video chain found. [ 149.957704][ T44] usb 4-1: selecting invalid altsetting 0 [ 149.957745][ T44] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 150.048851][ T44] usb 4-1: USB disconnect, device number 7 [ 150.170412][ T5158] Bluetooth: hci0: command 0x0c1a tx timeout [ 150.515581][ T37] audit: type=1800 audit(1759028498.322:12): pid=7159 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.469" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 150.612591][ T7162] ======================================================= [ 150.612591][ T7162] WARNING: The mand mount option has been deprecated and [ 150.612591][ T7162] and is ignored by this kernel. Remove the mand [ 150.612591][ T7162] option from the mount to silence this warning. [ 150.612591][ T7162] ======================================================= [ 151.726851][ T7188] syz.1.481 (7188) used greatest stack depth: 17800 bytes left [ 151.737837][ T7199] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 152.119854][ T7213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.493'. [ 152.482896][ T7226] binder: 7224:7226 ioctl 541b 0 returned -22 [ 152.599859][ T7230] netlink: 'syz.1.500': attribute type 16 has an invalid length. [ 152.662819][ T7234] xt_l2tp: missing protocol rule (udp|l2tpip) [ 152.813459][ T7240] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 153.048284][ T37] audit: type=1326 audit(1759028500.862:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b1cfeec9 code=0x7ffc0000 [ 153.079756][ T37] audit: type=1326 audit(1759028500.892:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ff1b1cfeec9 code=0x7ffc0000 [ 153.089402][ T37] audit: type=1326 audit(1759028500.902:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff1b1cfef03 code=0x7ffc0000 [ 153.089449][ T37] audit: type=1326 audit(1759028500.902:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff1b1cfef03 code=0x7ffc0000 [ 153.099183][ T37] audit: type=1326 audit(1759028500.912:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b1cfeec9 code=0x7ffc0000 [ 153.120812][ T37] audit: type=1326 audit(1759028500.942:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7ff1b1cfeec9 code=0x7ffc0000 [ 153.120861][ T37] audit: type=1326 audit(1759028500.942:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b1cfeec9 code=0x7ffc0000 [ 153.120898][ T37] audit: type=1326 audit(1759028500.942:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7250 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b1cfeec9 code=0x7ffc0000 [ 153.879419][ T5910] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 153.909371][ T5998] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 154.041256][ T5910] usb 5-1: Using ep0 maxpacket: 8 [ 154.043918][ T5910] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 154.046675][ T5910] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 154.046703][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.046722][ T5910] usb 5-1: Product: syz [ 154.046736][ T5910] usb 5-1: Manufacturer: syz [ 154.046750][ T5910] usb 5-1: SerialNumber: syz [ 154.059431][ T5998] usb 2-1: Using ep0 maxpacket: 8 [ 154.073242][ T5998] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 154.073270][ T5998] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.073288][ T5998] usb 2-1: Product: syz [ 154.073302][ T5998] usb 2-1: Manufacturer: syz [ 154.073315][ T5998] usb 2-1: SerialNumber: syz [ 154.138320][ T5998] usb 2-1: config 0 descriptor?? [ 154.155711][ T5910] usb 5-1: config 0 descriptor?? [ 154.190098][ T5998] gspca_main: se401-2.14.0 probing 047d:5003 [ 154.191361][ T5910] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 154.191477][ T5910] usb 5-1: setting power ON [ 154.192728][ T5910] dvb-usb: bulk message failed: -22 (2/0) [ 154.331791][ T5910] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 154.333627][ T5910] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 154.333743][ T5910] usb 5-1: media controller created [ 154.422896][ T7269] dvb-usb: bulk message failed: -22 (3/0) [ 154.422918][ T7269] cxusb: i2c wr: len=80 is too big! [ 154.422918][ T7269] [ 154.449360][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 154.527957][ T5910] usb 5-1: selecting invalid altsetting 6 [ 154.527979][ T5910] usb 5-1: digital interface selection failed (-22) [ 154.527993][ T5910] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 154.552211][ T5910] usb 5-1: setting power OFF [ 154.553140][ T5910] dvb-usb: bulk message failed: -22 (2/0) [ 154.553164][ T5910] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 154.553177][ T5910] (NULL device *): no alternate interface [ 154.593497][ T5998] gspca_se401: Bayer format not supported! [ 154.813270][ T44] usb 2-1: USB disconnect, device number 6 [ 154.856170][ T5910] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 154.881538][ T5910] usb 5-1: USB disconnect, device number 5 [ 156.010818][ T44] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 156.069596][ T7334] mmap: syz.4.549 (7334) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 156.162873][ T44] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 156.162899][ T44] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 156.164423][ T44] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 156.164449][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 156.164467][ T44] usb 1-1: SerialNumber: syz [ 156.497338][ T44] usb 1-1: 0:2 : does not exist [ 156.510645][ T44] usb 1-1: unit 255 not found! [ 156.658117][ T7348] max out of range [ 156.713186][ T44] usb 1-1: USB disconnect, device number 5 [ 156.779497][ T5910] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 156.798383][ T5999] udevd[5999]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 156.954854][ T5910] usb 2-1: Using ep0 maxpacket: 16 [ 156.968762][ T5910] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 156.968792][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.968810][ T5910] usb 2-1: Product: syz [ 156.968824][ T5910] usb 2-1: Manufacturer: syz [ 156.968837][ T5910] usb 2-1: SerialNumber: syz [ 157.032383][ T5910] usb 2-1: config 0 descriptor?? [ 157.080199][ T5910] ums-onetouch 2-1:0.0: USB Mass Storage device detected [ 157.385675][ T5910] usb 2-1: USB disconnect, device number 7 [ 158.209794][ T7385] Driver unsupported XDP return value 0 on prog (id 43) dev N/A, expect packet loss! [ 158.936044][ T7407] can0: slcan on ttynull. [ 159.251088][ T7406] can0 (unregistered): slcan off ttynull. [ 160.512790][ T7451] syz.5.589 uses old SIOCAX25GETINFO [ 160.641727][ T44] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 160.801327][ T44] usb 2-1: Using ep0 maxpacket: 8 [ 160.813747][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.813783][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.813829][ T44] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 160.813851][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.871500][ T44] usb 2-1: config 0 descriptor?? [ 160.889480][ T31] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 161.039333][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 161.044831][ T31] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30 [ 161.044875][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 161.044968][ T31] usb 5-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 161.044991][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.127943][ T31] usb 5-1: config 0 descriptor?? [ 161.447397][ T44] input: HID 28bd:0935 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0935.0009/input/input7 [ 161.600330][ T31] saitek 0003:06A3:0621.000A: unknown main item tag 0x0 [ 161.600372][ T31] saitek 0003:06A3:0621.000A: unknown main item tag 0x0 [ 161.600398][ T31] saitek 0003:06A3:0621.000A: unknown main item tag 0x0 [ 161.600423][ T31] saitek 0003:06A3:0621.000A: unknown main item tag 0x0 [ 161.600449][ T31] saitek 0003:06A3:0621.000A: unknown main item tag 0x0 [ 161.652741][ T31] saitek 0003:06A3:0621.000A: hidraw0: USB HID v0.05 Device [HID 06a3:0621] on usb-dummy_hcd.4-1/input0 [ 161.655724][ T7482] netlink: 'syz.0.600': attribute type 10 has an invalid length. [ 161.655743][ T7482] netlink: 40 bytes leftover after parsing attributes in process `syz.0.600'. [ 161.714033][ T44] uclogic 0003:28BD:0935.0009: input,hidraw1: USB HID v0.00 Mouse [HID 28bd:0935] on usb-dummy_hcd.1-1/input0 [ 161.740965][ T44] usb 2-1: USB disconnect, device number 8 [ 161.795505][ T31] usb 5-1: USB disconnect, device number 6 [ 161.867350][ T7482] team0: Port device geneve0 added [ 161.942072][ T7487] fido_id[7487]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 162.130768][ T7488] fido_id[7488]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 162.371041][ T7494] netlink: 108 bytes leftover after parsing attributes in process `syz.5.604'. [ 163.147650][ T7528] netlink: 'syz.0.618': attribute type 32 has an invalid length. [ 163.147672][ T7528] netlink: 8 bytes leftover after parsing attributes in process `syz.0.618'. [ 163.148154][ T7528] (unnamed net_device) (uninitialized): option coupled_control: invalid value (98) [ 163.263444][ T5903] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 163.307882][ T7529] batman_adv: batadv0: Adding interface: gretap1 [ 163.307903][ T7529] batman_adv: batadv0: Interface activated: gretap1 [ 163.408747][ T7534] netlink: 8 bytes leftover after parsing attributes in process `syz.0.621'. [ 163.453281][ T5903] usb 4-1: Using ep0 maxpacket: 8 [ 163.459035][ T5903] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 163.459083][ T5903] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 163.459106][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.472374][ T5903] usb 4-1: config 0 descriptor?? [ 163.963397][ T5903] corsair 0003:1B1C:1B09.000B: unbalanced collection at end of report description [ 163.964296][ T5903] corsair 0003:1B1C:1B09.000B: parse failed [ 163.964400][ T5903] corsair 0003:1B1C:1B09.000B: probe with driver corsair failed with error -22 [ 164.150785][ T5910] usb 4-1: USB disconnect, device number 8 [ 164.629853][ T7569] netlink: 12 bytes leftover after parsing attributes in process `syz.0.633'. [ 164.979690][ T7577] sp0: Synchronizing with TNC [ 167.852637][ T7661] netlink: 'syz.5.668': attribute type 29 has an invalid length. [ 168.159585][ T7668] Bluetooth: MGMT ver 1.23 [ 168.506036][ T7678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.676'. [ 170.622791][ T7741] ptrace attach of "./syz-executor exec"[7749] was attempted by "./syz-executor exec"[7741] [ 170.800812][ T5910] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 170.959577][ T5910] usb 1-1: Using ep0 maxpacket: 32 [ 170.961937][ T5910] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 170.961966][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.004410][ T5910] usb 1-1: config 0 descriptor?? [ 171.020077][ T5910] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 171.306009][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.708'. [ 171.652247][ T5910] usb 1-1: USB disconnect, device number 6 [ 171.957195][ T7766] veth3: entered allmulticast mode [ 172.576199][ T37] audit: type=1326 audit(1759028520.392:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 172.576250][ T37] audit: type=1326 audit(1759028520.392:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 172.577363][ T37] audit: type=1326 audit(1759028520.392:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 172.577408][ T37] audit: type=1326 audit(1759028520.392:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 172.577446][ T37] audit: type=1326 audit(1759028520.392:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 172.609628][ T37] audit: type=1326 audit(1759028520.422:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 172.728350][ T37] audit: type=1326 audit(1759028520.522:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 172.731957][ T37] audit: type=1326 audit(1759028520.542:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7800 comm="syz.5.723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f706d3aeec9 code=0x7ffc0000 [ 173.244981][ T7818] gretap1: entered allmulticast mode [ 173.589399][ T5923] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 173.753599][ T5923] usb 4-1: config 9 has an invalid interface number: 88 but max is 1 [ 173.753627][ T5923] usb 4-1: config 9 contains an unexpected descriptor of type 0x2, skipping [ 173.753646][ T5923] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 173.753664][ T5923] usb 4-1: config 9 has no interface number 1 [ 173.753735][ T5923] usb 4-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 173.753757][ T5923] usb 4-1: config 9 interface 88 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 173.753777][ T5923] usb 4-1: config 9 interface 88 altsetting 9 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 173.753803][ T5923] usb 4-1: config 9 interface 88 has no altsetting 0 [ 173.847187][ T5923] usb 4-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=50.80 [ 173.847218][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.847238][ T5923] usb 4-1: Product: syz [ 173.847252][ T5923] usb 4-1: Manufacturer: syz [ 173.847266][ T5923] usb 4-1: SerialNumber: syz [ 174.135355][ T5923] qmi_wwan 4-1:9.88: skipping garbage [ 174.135641][ T5923] qmi_wwan 4-1:9.88: probe with driver qmi_wwan failed with error -22 [ 174.255264][ T5923] usb 4-1: Could not set interface, error -71 [ 174.275336][ T5923] usb 4-1: USB disconnect, device number 9 [ 174.383869][ T7852] veth1_macvtap: left promiscuous mode [ 174.383898][ T7852] macsec0: entered promiscuous mode [ 174.383917][ T7852] macsec0: entered allmulticast mode [ 174.479450][ T7854] veth1_macvtap: entered promiscuous mode [ 174.479477][ T7854] veth1_macvtap: entered allmulticast mode [ 174.479825][ T7854] macsec0: left promiscuous mode [ 174.480011][ T7854] macsec0: left allmulticast mode [ 174.480024][ T7854] veth1_macvtap: left allmulticast mode [ 175.359436][ T5923] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 175.359587][ T986] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 175.529335][ T5923] usb 1-1: Using ep0 maxpacket: 8 [ 175.529516][ T986] usb 4-1: Using ep0 maxpacket: 8 [ 175.534366][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.534399][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.534436][ T5923] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 175.534457][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.544842][ T986] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 175.544869][ T986] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.544885][ T986] usb 4-1: Product: syz [ 175.544898][ T986] usb 4-1: Manufacturer: syz [ 175.544911][ T986] usb 4-1: SerialNumber: syz [ 175.630230][ T5923] usb 1-1: config 0 descriptor?? [ 175.648601][ T986] usb 4-1: config 0 descriptor?? [ 175.755389][ T986] gspca_main: sq930x-2.14.0 probing 2770:930c [ 176.116593][ T5923] logitech 0003:046D:C20E.000C: rdesc size test failed for formula gp [ 176.118015][ T5923] logitech 0003:046D:C20E.000C: unbalanced collection at end of report description [ 176.142582][ T5923] logitech 0003:046D:C20E.000C: parse failed [ 176.142750][ T5923] logitech 0003:046D:C20E.000C: probe with driver logitech failed with error -22 [ 176.286612][ T5903] usb 1-1: USB disconnect, device number 7 [ 176.330518][ T986] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 176.330621][ T986] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 176.337284][ T986] usb 4-1: USB disconnect, device number 10 [ 176.692094][ T44] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 176.866048][ T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 176.866103][ T44] usb 6-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00 [ 176.866132][ T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.884807][ T44] usb 6-1: config 0 descriptor?? [ 176.886642][ T7899] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 177.383978][ T44] belkin 0003:050D:3201.000D: unbalanced collection at end of report description [ 177.384972][ T44] belkin 0003:050D:3201.000D: parse failed [ 177.385042][ T44] belkin 0003:050D:3201.000D: probe with driver belkin failed with error -22 [ 177.513264][ T7920] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 177.513450][ T7920] macsec2: entered allmulticast mode [ 177.513469][ T7920] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 177.551635][ T986] usb 6-1: USB disconnect, device number 2 [ 177.851592][ T7936] tmpfs: Cannot change global quota limit on remount [ 177.963133][ T7938] Invalid logical block size (8192) [ 178.413708][ T7953] hpfs: Bad magic ... probably not HPFS [ 178.878504][ T7967] netlink: 8 bytes leftover after parsing attributes in process `syz.5.791'. [ 178.878690][ T7967] openvswitch: netlink: Invalid MD length 0 for MD type 0 [ 178.878724][ T7967] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 179.679712][ T7986] netlink: 'syz.1.801': attribute type 1 has an invalid length. [ 179.679734][ T7986] netlink: 244 bytes leftover after parsing attributes in process `syz.1.801'. [ 179.770546][ T7990] comedi comedi3: comedi_test: 20263 microvolt, 31 microsecond waveform attached [ 180.193593][ T8003] MPI: mpi too large (130952 bits) [ 180.429822][ T8008] netlink: 'syz.5.811': attribute type 16 has an invalid length. [ 180.549318][ T8011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.812'. [ 180.588313][ T8012] netlink: 12 bytes leftover after parsing attributes in process `syz.3.813'. [ 180.949744][ T8024] netlink: 'syz.5.818': attribute type 10 has an invalid length. [ 181.100270][ T8024] team0: Port device syz_tun added [ 181.489647][ T37] audit: type=1326 audit(1759028529.302:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.4.825" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f99cfe0eec9 code=0x0 [ 182.636014][ T37] audit: type=1326 audit(1759028530.452:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8064 comm="syz.3.837" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff1b1cfeec9 code=0x0 [ 182.820201][ T8068] overlayfs: failed to resolve './file1': -2 [ 185.290863][ T8128] kAFS: unable to lookup cell 'sէKyy [ 185.290863][ T8128] [ 185.290863][ T8128] =6%*;eܲ5;Z*d{iElZSjUF/k!btF\_vfVnDPPB1%A)X\YT"8ώdJ_.5d#ۜhGp6"5ͺ*,ImI-(WA?WZ)n[qG jnڇ%(J-%ؘccʵ{|6ZA5k@a+oST;]5 !G3{K,' [ 185.545806][ T8135] netlink: 8 bytes leftover after parsing attributes in process `syz.4.867'. [ 186.922053][ T8183] netlink: 76 bytes leftover after parsing attributes in process `syz.4.892'. [ 187.028262][ T8188] netlink: 8 bytes leftover after parsing attributes in process `syz.3.894'. [ 187.359333][ T5923] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 187.397972][ T5903] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 187.434643][ T8202] netlink: 52 bytes leftover after parsing attributes in process `syz.0.902'. [ 187.522108][ T5923] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 187.522137][ T5923] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 187.522160][ T5923] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 187.522181][ T5923] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 187.522221][ T5923] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 187.522242][ T5923] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.535832][ T5923] usb 6-1: config 0 descriptor?? [ 187.559593][ T986] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 187.581100][ T5903] usb 5-1: Using ep0 maxpacket: 32 [ 187.590530][ T5903] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 187.590556][ T5903] usb 5-1: config 0 has no interface number 0 [ 187.602269][ T5903] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 187.602306][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.602324][ T5903] usb 5-1: Product: syz [ 187.602337][ T5903] usb 5-1: Manufacturer: syz [ 187.602351][ T5903] usb 5-1: SerialNumber: syz [ 187.637634][ T5903] usb 5-1: config 0 descriptor?? [ 187.707678][ T5903] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 187.735351][ T986] usb 2-1: config 0 has an invalid interface number: 8 but max is 0 [ 187.735377][ T986] usb 2-1: config 0 has no interface number 0 [ 187.735496][ T986] usb 2-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 187.735522][ T986] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 187.735547][ T986] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 187.745563][ T986] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04 [ 187.745654][ T986] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 187.745672][ T986] usb 2-1: Product: syz [ 187.745686][ T986] usb 2-1: SerialNumber: syz [ 187.816328][ T986] usb 2-1: config 0 descriptor?? [ 187.840313][ T8191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.840919][ T8191] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.887650][ T5923] hdpvr 6-1:0.0: firmware version 0xd dated [ 187.952594][ T986] cm109 2-1:0.8: invalid payload size 0, expected 4 [ 187.971725][ T5903] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 188.054016][ T986] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input8 [ 188.078372][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.080284][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.080529][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.081171][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.081450][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.081721][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.081989][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.082215][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.082486][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.082754][ C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 188.125031][ T5923] hdpvr 6-1:0.0: device init failed [ 188.125680][ T5923] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -12 [ 188.272043][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 188.277052][ T5903] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 188.356360][ T5923] usb 6-1: USB disconnect, device number 3 [ 188.439491][ T5903] usb 5-1: USB disconnect, device number 7 [ 188.662697][ T986] usb 2-1: USB disconnect, device number 9 [ 188.662780][ C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 188.775701][ T5903] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 188.832529][ T5903] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 188.847733][ T5903] quatech2 5-1:0.51: device disconnected [ 188.892419][ T986] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 189.419958][ T8239] netlink: 'syz.5.919': attribute type 2 has an invalid length. [ 189.759434][ T5952] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 189.915139][ T5952] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.915190][ T5952] usb 5-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.10 [ 189.915212][ T5952] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.960593][ T5952] usb 5-1: config 0 descriptor?? [ 189.999353][ T31] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 190.169433][ T31] usb 4-1: Using ep0 maxpacket: 8 [ 190.178549][ T31] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 190.178576][ T31] usb 4-1: config 179 has no interface number 0 [ 190.178624][ T31] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 190.210747][ T31] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 190.210782][ T31] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 190.210806][ T31] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 190.210831][ T31] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 190.210875][ T31] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 190.210897][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.294808][ T8250] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 190.452173][ T5952] logitech 0003:046D:C626.000E: ignoring exceeding usage max [ 190.473084][ T5952] logitech 0003:046D:C626.000E: unbalanced delimiter at end of report description [ 190.478885][ T5952] logitech 0003:046D:C626.000E: parse failed [ 190.497246][ T5952] logitech 0003:046D:C626.000E: probe with driver logitech failed with error -22 [ 190.598866][ T986] usb 5-1: USB disconnect, device number 8 [ 190.729761][ T5903] usb 4-1: USB disconnect, device number 11 [ 190.732416][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 190.732489][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 190.732789][ C1] ================================================================== [ 190.732803][ C1] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.732857][ C1] Read of size 1 at addr ffff888031991070 by task ktimers/1/29 [ 190.732871][ C1] [ 190.732896][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 190.732919][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 190.732937][ C1] Call Trace: [ 190.732945][ C1] [ 190.732953][ C1] dump_stack_lvl+0x189/0x250 [ 190.732982][ C1] ? rcu_is_watching+0x15/0xb0 [ 190.733016][ C1] ? __kasan_check_byte+0x12/0x40 [ 190.733045][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.733071][ C1] ? rcu_is_watching+0x15/0xb0 [ 190.733097][ C1] ? lock_release+0x4b/0x3e0 [ 190.733124][ C1] ? __virt_addr_valid+0x1c8/0x5c0 [ 190.733142][ C1] ? __virt_addr_valid+0x4a5/0x5c0 [ 190.733161][ C1] print_report+0xca/0x240 [ 190.733186][ C1] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.733214][ C1] kasan_report+0x118/0x150 [ 190.733239][ C1] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.733269][ C1] ? rt_spin_lock+0x144/0x2c0 [ 190.733290][ C1] __kasan_check_byte+0x2a/0x40 [ 190.733315][ C1] lock_acquire+0x8d/0x360 [ 190.733343][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.733371][ C1] ? rt_spin_lock+0x144/0x2c0 [ 190.733394][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 190.733428][ C1] rt_spin_lock+0x144/0x2c0 [ 190.733451][ C1] ? __pfx_migrate_enable+0x10/0x10 [ 190.733474][ C1] ? __pfx_rt_spin_lock+0x10/0x10 [ 190.733498][ C1] ? rt_spin_unlock+0x65/0x80 [ 190.733524][ C1] __wake_up_common_lock+0x2f/0x1e0 [ 190.733552][ C1] __usb_hcd_giveback_urb+0x41a/0x5e0 [ 190.733584][ C1] dummy_timer+0x89c/0x45a0 [ 190.733620][ C1] ? do_raw_spin_lock+0x121/0x290 [ 190.733655][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.733685][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 190.733715][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 190.733740][ C1] __hrtimer_run_queues+0x54f/0xd40 [ 190.733778][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 190.733805][ C1] ? ktime_get_update_offsets_now+0x3ab/0x3d0 [ 190.733842][ C1] hrtimer_run_softirq+0x1a3/0x2e0 [ 190.733863][ C1] handle_softirqs+0x22c/0x710 [ 190.733892][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 190.733921][ C1] run_ktimerd+0xcf/0x190 [ 190.733947][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 190.733972][ C1] ? schedule+0x91/0x360 [ 190.734002][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 190.734026][ C1] smpboot_thread_fn+0x542/0xa60 [ 190.734051][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 190.734078][ C1] kthread+0x711/0x8a0 [ 190.734107][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 190.734132][ C1] ? __pfx_kthread+0x10/0x10 [ 190.734162][ C1] ? __pfx_kthread+0x10/0x10 [ 190.734190][ C1] ret_from_fork+0x436/0x7d0 [ 190.734217][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 190.734244][ C1] ? __switch_to_asm+0x39/0x70 [ 190.734263][ C1] ? __switch_to_asm+0x33/0x70 [ 190.734280][ C1] ? __pfx_kthread+0x10/0x10 [ 190.734309][ C1] ret_from_fork_asm+0x1a/0x30 [ 190.734335][ C1] [ 190.734343][ C1] [ 190.734347][ C1] Allocated by task 31: [ 190.734357][ C1] kasan_save_track+0x3e/0x80 [ 190.734377][ C1] __kasan_kmalloc+0x93/0xb0 [ 190.734399][ C1] __kmalloc_cache_noprof+0x1a8/0x320 [ 190.734423][ C1] xpad_probe+0x428/0x1fd0 [ 190.734449][ C1] usb_probe_interface+0x665/0xc30 [ 190.734472][ C1] really_probe+0x26a/0x9e0 [ 190.734491][ C1] __driver_probe_device+0x18c/0x2f0 [ 190.734509][ C1] driver_probe_device+0x4f/0x430 [ 190.734527][ C1] __device_attach_driver+0x2ce/0x530 [ 190.734547][ C1] bus_for_each_drv+0x251/0x2e0 [ 190.734570][ C1] __device_attach+0x2bb/0x400 [ 190.734583][ C1] bus_probe_device+0x188/0x260 [ 190.734602][ C1] device_add+0x7b6/0xb50 [ 190.734616][ C1] usb_set_configuration+0x1a87/0x20e0 [ 190.734638][ C1] usb_generic_driver_probe+0x8d/0x150 [ 190.734659][ C1] usb_probe_device+0x1c4/0x390 [ 190.734680][ C1] really_probe+0x26a/0x9e0 [ 190.734699][ C1] __driver_probe_device+0x18c/0x2f0 [ 190.734716][ C1] driver_probe_device+0x4f/0x430 [ 190.734736][ C1] __device_attach_driver+0x2ce/0x530 [ 190.734755][ C1] bus_for_each_drv+0x251/0x2e0 [ 190.734778][ C1] __device_attach+0x2bb/0x400 [ 190.734794][ C1] bus_probe_device+0x188/0x260 [ 190.734813][ C1] device_add+0x7b6/0xb50 [ 190.734835][ C1] usb_new_device+0xa29/0x16e0 [ 190.734852][ C1] hub_event+0x2958/0x4a20 [ 190.734872][ C1] process_scheduled_works+0xae1/0x17b0 [ 190.734894][ C1] worker_thread+0x8a0/0xda0 [ 190.734916][ C1] kthread+0x711/0x8a0 [ 190.734941][ C1] ret_from_fork+0x436/0x7d0 [ 190.734962][ C1] ret_from_fork_asm+0x1a/0x30 [ 190.734979][ C1] [ 190.734983][ C1] Freed by task 5903: [ 190.734992][ C1] kasan_save_track+0x3e/0x80 [ 190.735011][ C1] kasan_save_free_info+0x46/0x50 [ 190.735027][ C1] __kasan_slab_free+0x5b/0x80 [ 190.735048][ C1] kfree+0x195/0x550 [ 190.735069][ C1] xpad_disconnect+0x350/0x480 [ 190.735088][ C1] usb_unbind_interface+0x26e/0x910 [ 190.735111][ C1] device_release_driver_internal+0x4d9/0x800 [ 190.735130][ C1] bus_remove_device+0x355/0x420 [ 190.735154][ C1] device_del+0x515/0x8e0 [ 190.735169][ C1] usb_disable_device+0x3e9/0x8a0 [ 190.735190][ C1] usb_disconnect+0x316/0x940 [ 190.735207][ C1] hub_event+0x1cf5/0x4a20 [ 190.735227][ C1] process_scheduled_works+0xae1/0x17b0 [ 190.735249][ C1] worker_thread+0x8a0/0xda0 [ 190.735271][ C1] kthread+0x711/0x8a0 [ 190.735296][ C1] ret_from_fork+0x436/0x7d0 [ 190.735318][ C1] ret_from_fork_asm+0x1a/0x30 [ 190.735335][ C1] [ 190.735340][ C1] The buggy address belongs to the object at ffff888031991000 [ 190.735340][ C1] which belongs to the cache kmalloc-1k of size 1024 [ 190.735357][ C1] The buggy address is located 112 bytes inside of [ 190.735357][ C1] freed 1024-byte region [ffff888031991000, ffff888031991400) [ 190.735379][ C1] [ 190.735384][ C1] The buggy address belongs to the physical page: [ 190.735406][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31990 [ 190.735435][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 190.735450][ C1] flags: 0x80000000000040(head|node=0|zone=1) [ 190.735467][ C1] page_type: f5(slab) [ 190.735481][ C1] raw: 0080000000000040 ffff888019841dc0 dead000000000100 dead000000000122 [ 190.735494][ C1] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 190.735510][ C1] head: 0080000000000040 ffff888019841dc0 dead000000000100 dead000000000122 [ 190.735523][ C1] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 190.735539][ C1] head: 0080000000000003 ffffea0000c66401 00000000ffffffff 00000000ffffffff [ 190.735553][ C1] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 190.735560][ C1] page dumped because: kasan: bad access detected [ 190.735568][ C1] page_owner tracks the page as allocated [ 190.735573][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1458, tgid 1458 (kworker/u8:11), ts 100437954256, free_ts 100402557142 [ 190.735606][ C1] post_alloc_hook+0x240/0x2a0 [ 190.735628][ C1] get_page_from_freelist+0x2119/0x21b0 [ 190.735645][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 190.735662][ C1] alloc_pages_mpol+0xd1/0x380 [ 190.735684][ C1] allocate_slab+0x8a/0x370 [ 190.735698][ C1] ___slab_alloc+0x8d1/0xdc0 [ 190.735713][ C1] __kmalloc_node_track_caller_noprof+0x14c/0x450 [ 190.735734][ C1] kmalloc_reserve+0x136/0x290 [ 190.735759][ C1] pskb_expand_head+0x18e/0x1150 [ 190.735776][ C1] batadv_skb_head_push+0x169/0x200 [ 190.735793][ C1] batadv_send_skb_packet+0xfa/0x6d0 [ 190.735811][ C1] batadv_iv_send_outstanding_bat_ogm_packet+0x62f/0x7e0 [ 190.735846][ C1] process_scheduled_works+0xae1/0x17b0 [ 190.735866][ C1] worker_thread+0x8a0/0xda0 [ 190.735887][ C1] kthread+0x711/0x8a0 [ 190.735913][ C1] ret_from_fork+0x436/0x7d0 [ 190.735933][ C1] page last free pid 5849 tgid 5849 stack trace: [ 190.735943][ C1] __free_frozen_pages+0xb59/0xce0 [ 190.735966][ C1] __slab_free+0x2db/0x390 [ 190.735982][ C1] qlist_free_all+0x97/0x140 [ 190.736000][ C1] kasan_quarantine_reduce+0x148/0x160 [ 190.736018][ C1] __kasan_slab_alloc+0x22/0x80 [ 190.736039][ C1] kmem_cache_alloc_noprof+0x143/0x310 [ 190.736061][ C1] getname_flags+0xb8/0x540 [ 190.736084][ C1] __x64_sys_unlink+0x3a/0x50 [ 190.736111][ C1] do_syscall_64+0xfa/0x3b0 [ 190.736128][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.736146][ C1] [ 190.736150][ C1] Memory state around the buggy address: [ 190.736161][ C1] ffff888031990f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 190.736174][ C1] ffff888031990f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 190.736187][ C1] >ffff888031991000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 190.736197][ C1] ^ [ 190.736208][ C1] ffff888031991080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 190.736221][ C1] ffff888031991100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 190.736231][ C1] ================================================================== [ 190.736247][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 190.736262][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 190.736284][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 190.736296][ C1] Call Trace: [ 190.736303][ C1] [ 190.736312][ C1] dump_stack_lvl+0x99/0x250 [ 190.736341][ C1] ? __asan_memcpy+0x40/0x70 [ 190.736359][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.736386][ C1] ? __pfx__printk+0x10/0x10 [ 190.736413][ C1] vpanic+0x281/0x750 [ 190.736440][ C1] ? __pfx_print_hex_dump+0x10/0x10 [ 190.736469][ C1] ? __pfx_vpanic+0x10/0x10 [ 190.736502][ C1] panic+0xb9/0xc0 [ 190.736527][ C1] ? __pfx_panic+0x10/0x10 [ 190.736554][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 190.736587][ C1] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.736616][ C1] check_panic_on_warn+0x89/0xb0 [ 190.736637][ C1] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.736665][ C1] end_report+0x78/0x160 [ 190.736687][ C1] kasan_report+0x129/0x150 [ 190.736714][ C1] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.736746][ C1] ? rt_spin_lock+0x144/0x2c0 [ 190.736767][ C1] __kasan_check_byte+0x2a/0x40 [ 190.736790][ C1] lock_acquire+0x8d/0x360 [ 190.736857][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 190.736886][ C1] ? rt_spin_lock+0x144/0x2c0 [ 190.736910][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 190.736942][ C1] rt_spin_lock+0x144/0x2c0 [ 190.736963][ C1] ? __pfx_migrate_enable+0x10/0x10 [ 190.736986][ C1] ? __pfx_rt_spin_lock+0x10/0x10 [ 190.737009][ C1] ? rt_spin_unlock+0x65/0x80 [ 190.737034][ C1] __wake_up_common_lock+0x2f/0x1e0 [ 190.737060][ C1] __usb_hcd_giveback_urb+0x41a/0x5e0 [ 190.737087][ C1] dummy_timer+0x89c/0x45a0 [ 190.737122][ C1] ? do_raw_spin_lock+0x121/0x290 [ 190.737156][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.737185][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 190.737214][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 190.737237][ C1] __hrtimer_run_queues+0x54f/0xd40 [ 190.737274][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 190.737301][ C1] ? ktime_get_update_offsets_now+0x3ab/0x3d0 [ 190.737330][ C1] hrtimer_run_softirq+0x1a3/0x2e0 [ 190.737351][ C1] handle_softirqs+0x22c/0x710 [ 190.737376][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 190.737403][ C1] run_ktimerd+0xcf/0x190 [ 190.737427][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 190.737451][ C1] ? schedule+0x91/0x360 [ 190.737481][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 190.737503][ C1] smpboot_thread_fn+0x542/0xa60 [ 190.737526][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 190.737552][ C1] kthread+0x711/0x8a0 [ 190.737582][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 190.737605][ C1] ? __pfx_kthread+0x10/0x10 [ 190.737634][ C1] ? __pfx_kthread+0x10/0x10 [ 190.737662][ C1] ret_from_fork+0x436/0x7d0 [ 190.737689][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 190.737715][ C1] ? __switch_to_asm+0x39/0x70 [ 190.737734][ C1] ? __switch_to_asm+0x33/0x70 [ 190.737752][ C1] ? __pfx_kthread+0x10/0x10 [ 190.737781][ C1] ret_from_fork_asm+0x1a/0x30 [ 190.737808][ C1] [ 190.738135][ C1] Kernel Offset: disabled