last executing test programs: 4.675629873s ago: executing program 1 (id=12856): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x55, {0x55, 0x0, "a7ea3163fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb785025f2e7b3504ff87cbfd10f3c080b73385a7015d3a32ed6b5217cdbb6fadb2ea7a288982d5337c364daf03bd400d66293b0a2b103d"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 4.008350292s ago: executing program 1 (id=12867): r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x35, &(0x7f0000000040)=0x1, 0x4) 3.884203345s ago: executing program 1 (id=12868): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') pwrite64(r0, 0x0, 0x0, 0x0) 3.794991635s ago: executing program 1 (id=12871): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adf8", 0x2) 3.674894729s ago: executing program 4 (id=12873): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x28, r1, 0x1, 0x0, 0x84, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}]}, 0x28}}, 0x20000800) 3.627211007s ago: executing program 1 (id=12874): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000200)=[{{0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}], 0x8) 3.585568653s ago: executing program 4 (id=12876): setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000080)}, 0x10) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x51}}) 3.449184122s ago: executing program 1 (id=12877): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401) ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000000)=0x2) ioctl$USBDEVFS_BULK(r0, 0x80045503, &(0x7f00000002c0)={{{0x1, 0x1}}, 0x0, 0x0, 0x0}) 3.329286814s ago: executing program 4 (id=12879): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x11080}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) 3.204074114s ago: executing program 4 (id=12881): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000107d1e502d0000ecff000109022400010000300009040000010300020009210700b90122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="0000070000000700cb030f47"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1.544222595s ago: executing program 3 (id=12896): mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000005ec0)=0x10) 1.522409581s ago: executing program 3 (id=12897): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x18, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0x4, 0x5}]}, 0x18}}, 0x0) 1.426425762s ago: executing program 3 (id=12900): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x7, 0x4, 0x300, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.307073292s ago: executing program 3 (id=12903): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2c, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x2c}}, 0x0) 1.258422143s ago: executing program 3 (id=12904): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f0000009640)={0x0, 0x0, &(0x7f0000009600)={&(0x7f00000095c0)={0x1c, r0, 0x41d01a4ef1a0b4a1, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x44000) 1.208978782s ago: executing program 3 (id=12906): r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) read(r0, 0x0, 0x0) syz_usb_connect(0x2, 0x3f, &(0x7f00000008c0)=ANY=[@ANYBLOB="1201000067d06f20070a640065170000000109022d00010000000009046e00036f333a0009050d08849c0006f909050c0300028005240905f903"], 0x0) 862.269007ms ago: executing program 0 (id=12914): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x955, 0x7214, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x6, {[@global, @global=@item_4={0x3, 0x1, 0x0, "4fb0eae6"}]}}, 0x0}, 0x0) 679.910154ms ago: executing program 2 (id=12918): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000110000003500000000000000850000002a0000009500000000000000f4670880271efa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa397fabd5f9810e81ae0b737126ea6f7be39cd34d5ae35de38dde54704d25c79949c00a7c09cc28d7673294f42a5f0a8320e13fecd45c0f8612c10b100000000b0d3712c7e93363af3c075ff1e23166a32d95433008000000000000051e1cc4c45d576090c4867a7b62a7e73a0c14e97dc30fd4b393e366c6386d5ec7209d031f40f3012e9576e51a7f578602f07785b92e544fc46c744ae6af3e4195cc037102124d85cec074c6949e1298901ebb39522f6649dd76d067a82f5fe47fe5f17f9ab800f4104dbaba46aa43a815a1e5c6d1d224b64be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab7894de93d928cf95846be6277c04b48556c870814ec532b66a696a623cd8a4f8dc8dcba00b1b2d2747c45b0c52087b5efabf8496b9a951667d510ba0e3c4c00356ffebfb19a34268335648e1f844ce328c10752a42dca52fb98c1452b6518a6ef7297f7b3d0cd46dafc6ac5500f53e5309ec91d83cf4fbd775d9c07d8d591a4d8c60ff000000b78863e629b3b200000000000000000000000000008b00000000449c810d3174c87e080000003126af7a8b20744ea9875b9cba735b9594aa904e5a4bb2c3dfa80564e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac921a4fc6e625247510bc24e20ad88d3442a5d143c3047dd08e56a1b9764270c6ab800451b95e22f30a85f5681ca300000000af89a79b92a2c6743e478bd799415b6000f51168b71714bada12041752e2fcf95c1ced98fdc4f4bf2157b261380307d943b34c489734d55c4e15bbda5f5e31371c5330d920b71fbaaabd57ae73201b47f2c7e5e69a798f3c14f969fab1005e8ccedd9c46c3e39f949dd4c87ae724ef73e2abdb4485027139e9445f77e8dd3af90248ede241b408a320e069f6becd0b8405d24f0000000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xfffff002, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) 597.172232ms ago: executing program 2 (id=12919): sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x28, 0x0, 0x2, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}]}, 0x28}}, 0x40000) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001f000504000000000000000004"], 0x114}], 0x1}, 0x0) 530.912753ms ago: executing program 2 (id=12920): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x30, r1, 0x1, 0x0, 0x0, {0x54}, [@pci={{0x8}, {0x11}}]}, 0x30}}, 0x0) 480.119575ms ago: executing program 2 (id=12921): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000000880)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000000a621cf434b9eaafdc2a00e9bfde908990817b364e51afe9c8dab05b16a6437211f9f0570759f1cae63487ff68fffffffffffe8e3932e2b75a25a4cf8a9456aa8a701c318c67edb6e9330b53c0eeba8644311ba7541189070000f50c000000d8e5b1dc91c5499be2097784a94b6cc2d272ac751d8bce5db4862c1b2eab7007ceea158dbc329bab5f8450147b2b9629fdd6cdb5507d3a76dbaf6f93d161caa513f8aa41f795507856ea0015166c56ea0103220ed5a66834be086ef206a8606b04fc8462cbbe8233f308397006da8e243ec9fb19f3fab2b0f46d73a9f2d7c674cdbe4d7f76f5fbd05043e81f435fccf5063a93aa9b4c7f686705944ceafb57ab1bd88dc50dd21d8267"], &(0x7f0000000000)='GPL\x00', 0x5, 0x487, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xd00, 0x0, &(0x7f0000000380)="263abd030e98ff4dc870bd6688a8640888a8", 0x0, 0x1200}, 0x28) 396.095797ms ago: executing program 2 (id=12922): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000240)) 358.546202ms ago: executing program 2 (id=12923): r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10c4, 0x8acf, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{}, [{}]}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) 280.57663ms ago: executing program 0 (id=12924): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0x8, 0x1, 'udp\x00'}, @NFTA_MATCH_INFO={0xe, 0x3, "7acc6338a90000b03bd9"}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14}}, 0x90}}, 0x0) 239.712329ms ago: executing program 0 (id=12925): r0 = socket$key(0xf, 0x3, 0x2) ioctl$BTRFS_IOC_DEV_REPLACE(0xffffffffffffffff, 0xca289435, &(0x7f0000000740)={0x2, 0x0, @status}) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="020d000014000000000000000000000005000600000000000a00000000000000fc010000000000000000000000000000000000001300000005000500000000000a000000000000000000000000000000000000000000000000000000000000000800120002000200000000000000000012003300020300000037"], 0xa0}}, 0x0) 199.337638ms ago: executing program 0 (id=12926): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x3) shutdown(r0, 0x0) 68.063943ms ago: executing program 4 (id=12927): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = dup2(r0, r0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x4, [{0x11}, {0x0, 0x100000000000000}]}, 0x68) 67.928421ms ago: executing program 0 (id=12928): r0 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0x3}) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r0, &(0x7f00000005c0)=""/80, 0x50, 0x2000529f, 0x0) 31.501195ms ago: executing program 4 (id=12929): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x4e, &(0x7f0000000440)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @dccp_packet={0xd, 0x6, "3cdbc2", 0x18, 0x21, 0x1, @rand_addr=' \x01\x00', @local, {[@srh={0x73, 0x0, 0x4, 0x0, 0x2, 0x48, 0x2}], {{0x4e20, 0x4e22, 0x4, 0x1, 0x2, 0x0, 0x0, 0x3, 0x0, "98c45b", 0x3, "dee27b"}}}}}}}, 0x0) 0s ago: executing program 0 (id=12930): r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r0, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c4600000065000000000000000002"], 0x58) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): 00 [ 588.243069][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.259262][T28869] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11196'. [ 588.403626][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.571713][T28846] chnl_net:caif_netlink_parms(): no params data found [ 588.923643][T28846] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.941819][T28846] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.957280][T28846] bridge_slave_0: entered allmulticast mode [ 588.969082][T28846] bridge_slave_0: entered promiscuous mode [ 588.996976][T28846] bridge0: port 2(bridge_slave_1) entered blocking state [ 589.036685][T28846] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.065962][T28846] bridge_slave_1: entered allmulticast mode [ 589.084891][T28846] bridge_slave_1: entered promiscuous mode [ 589.120076][ T12] bridge_slave_1: left allmulticast mode [ 589.140499][ T12] bridge_slave_1: left promiscuous mode [ 589.162270][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.196964][ T12] bridge_slave_0: left allmulticast mode [ 589.217229][ T12] bridge_slave_0: left promiscuous mode [ 589.237623][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.848276][ T5309] Bluetooth: hci5: command tx timeout [ 590.246742][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 590.260820][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 590.272038][ T12] bond0 (unregistering): Released all slaves [ 590.488713][T28846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 590.522280][T28846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 590.759766][T28989] netlink: 72 bytes leftover after parsing attributes in process `syz.1.11244'. [ 590.759796][T28989] netlink: 72 bytes leftover after parsing attributes in process `syz.1.11244'. [ 590.835688][T28846] team0: Port device team_slave_0 added [ 590.978774][T28846] team0: Port device team_slave_1 added [ 591.054404][T28846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.068062][T28846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.118006][T28846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 591.164657][T28846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 591.191707][T28846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.210004][ T47] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 591.278279][T28846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 591.297056][T29017] delete_channel: no stack [ 591.372060][ T12] hsr_slave_0: left promiscuous mode [ 591.379154][ T47] usb 5-1: Using ep0 maxpacket: 16 [ 591.395120][ T12] hsr_slave_1: left promiscuous mode [ 591.401132][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.422432][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.438353][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 591.457973][ T47] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 591.458141][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 591.495960][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 591.507481][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 591.508169][ T47] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 591.546158][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.580033][ T47] usb 5-1: config 0 descriptor?? [ 591.593251][ T12] veth1_macvtap: left promiscuous mode [ 591.628939][ T12] veth0_macvtap: left promiscuous mode [ 591.638167][ T12] veth1_vlan: left promiscuous mode [ 591.643511][ T12] veth0_vlan: left promiscuous mode [ 591.904748][T29045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 591.928395][ T5309] Bluetooth: hci5: command tx timeout [ 591.937353][T29045] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 592.018859][ T47] microsoft 0003:045E:07DA.0024: unknown main item tag 0x0 [ 592.042936][ T47] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0024/input/input112 [ 592.072034][ T47] microsoft 0003:045E:07DA.0024: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 592.162411][ T5410] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 592.287782][ T9] usb 5-1: USB disconnect, device number 38 [ 592.357233][ T5410] usb 3-1: New USB device found, idVendor=0c45, idProduct=608c, bcdDevice=b5.55 [ 592.380621][ T5410] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.391264][ T5410] usb 3-1: Product: syz [ 592.395449][ T5410] usb 3-1: Manufacturer: syz [ 592.400626][ T5410] usb 3-1: SerialNumber: syz [ 592.417880][ T5410] usb 3-1: config 0 descriptor?? [ 592.426504][ T5410] gspca_main: sonixb-2.14.0 probing 0c45:608c [ 592.645532][ T12] team0 (unregistering): Port device team_slave_1 removed [ 592.702702][ T12] team0 (unregistering): Port device team_slave_0 removed [ 592.834971][ T5410] input: sonixb as /devices/platform/dummy_hcd.2/usb3/3-1/input/input113 [ 593.061465][ T5346] usb 3-1: USB disconnect, device number 25 [ 593.278270][ T47] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 593.438692][ T47] usb 5-1: Using ep0 maxpacket: 16 [ 593.449716][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 593.469832][ T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 593.488871][T28846] hsr_slave_0: entered promiscuous mode [ 593.505198][T28846] hsr_slave_1: entered promiscuous mode [ 593.505554][ T47] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 593.521576][T29058] CIFS mount error: No usable UNC path provided in device string! [ 593.521576][T29058] [ 593.536463][ T47] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 593.556299][ T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.557342][T29058] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 593.579327][ T47] usb 5-1: config 0 descriptor?? [ 593.903449][T29070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.008842][ T5309] Bluetooth: hci5: command tx timeout [ 594.016755][ T47] microsoft 0003:045E:07DA.0025: ignoring exceeding usage max [ 594.040562][ T47] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0 [ 594.051637][ T47] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0 [ 594.064420][ T47] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0 [ 594.078061][ T47] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0 [ 594.092842][ T47] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0 [ 594.107994][ T47] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0 [ 594.138921][ T47] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0 [ 594.153006][T29070] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 594.177313][ T47] microsoft 0003:045E:07DA.0025: No inputs registered, leaving [ 594.199994][ T47] microsoft 0003:045E:07DA.0025: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 594.229501][T29084] overlayfs: lower data-only dirs require metacopy support. [ 594.239514][T29087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11279'. [ 594.267446][ T47] microsoft 0003:045E:07DA.0025: no inputs found [ 594.287707][ T47] microsoft 0003:045E:07DA.0025: could not initialize ff, continuing anyway [ 594.346267][ T47] usb 5-1: USB disconnect, device number 39 [ 594.936014][T29114] ipip0: entered promiscuous mode [ 594.983443][T28846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 595.028052][ T47] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 595.036607][T28846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 595.102981][T28846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 595.125898][T28846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 595.218447][ T47] usb 3-1: Using ep0 maxpacket: 16 [ 595.236083][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 595.268251][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.306608][ T47] usb 3-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 595.343880][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.369409][ T47] usb 3-1: config 0 descriptor?? [ 595.538203][T29140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.573335][T29140] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.666209][T28846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 595.703609][T28846] 8021q: adding VLAN 0 to HW filter on device team0 [ 595.789704][ T47] razer 0003:1532:010D.0026: item fetching failed at offset 4/6 [ 595.806766][ T47] razer 0003:1532:010D.0026: probe with driver razer failed with error -22 [ 595.934108][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.941305][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 595.972927][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.980132][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 596.003846][ T5345] usb 3-1: USB disconnect, device number 26 [ 596.088297][ T5309] Bluetooth: hci5: command tx timeout [ 596.446521][T28846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 596.579082][T29177] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 596.579347][T28846] veth0_vlan: entered promiscuous mode [ 596.585629][T29177] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 596.644308][T28846] veth1_vlan: entered promiscuous mode [ 596.648632][T29177] vhci_hcd vhci_hcd.0: Device attached [ 596.702247][T29180] vhci_hcd: connection closed [ 596.702596][ T2939] vhci_hcd: stop threads [ 596.735412][ T2939] vhci_hcd: release socket [ 596.753990][T28846] veth0_macvtap: entered promiscuous mode [ 596.758804][ T2939] vhci_hcd: disconnect device [ 596.774949][T28846] veth1_macvtap: entered promiscuous mode [ 596.854807][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.892570][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.923096][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.952795][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.986678][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 597.023520][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.053849][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 597.086784][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.118477][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 597.160003][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.187979][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 597.228152][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.269603][T28846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 597.338835][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 597.398152][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.437432][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 597.462464][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.488074][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 597.523276][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.552287][T29227] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11321'. [ 597.561403][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 597.582472][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.602807][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 597.626209][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.656465][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 597.687374][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.711338][T28846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 597.727511][T28846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 597.749536][T28846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 597.971385][T28846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.995435][T28846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.010938][T28846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.031817][T28846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 598.247661][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.281474][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.354835][ T2939] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.374361][ T2939] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.454738][T29266] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 598.718883][T29242] orangefs_mount: mount request failed with -4 [ 599.429304][ T8] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 599.600856][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 599.616834][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 599.639290][ T8] usb 3-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 599.661197][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.691654][ T8] usb 3-1: config 0 descriptor?? [ 600.004514][T29317] orangefs_mount: mount request failed with -4 [ 600.113201][T29362] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 600.147955][ T8] elecom 0003:056E:010D.0027: item fetching failed at offset 0/3 [ 600.156222][ T8] elecom 0003:056E:010D.0027: probe with driver elecom failed with error -22 [ 600.188015][ T5345] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 600.240359][T29370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 600.249478][T29369] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11368'. [ 600.262258][T29370] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 600.277668][T29371] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 600.338061][ T5345] usb 5-1: Using ep0 maxpacket: 8 [ 600.344749][ T5345] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 600.367112][ T5345] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 600.371135][ T5342] usb 3-1: USB disconnect, device number 27 [ 600.401677][ T5345] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 600.428180][T29377] netlink: 48 bytes leftover after parsing attributes in process `syz.0.11372'. [ 600.438405][ T5345] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 600.458125][ T5345] usb 5-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00 [ 600.472826][ T5345] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.497206][ T5345] usb 5-1: config 0 descriptor?? [ 600.619234][T29385] tipc: Started in network mode [ 600.629474][T29385] tipc: Node identity ac14140f, cluster identity 4711 [ 600.640845][T29385] tipc: New replicast peer: 255.255.255.255 [ 600.647822][T29385] tipc: Enabled bearer , priority 10 [ 600.930696][ T5345] apple 0003:05AC:0246.0028: report_id 0 is invalid [ 600.937684][ T5345] apple 0003:05AC:0246.0028: item 0 1 1 8 parsing failed [ 600.960580][ T5345] apple 0003:05AC:0246.0028: parse failed [ 600.966411][ T5345] apple 0003:05AC:0246.0028: probe with driver apple failed with error -22 [ 601.036294][T29401] sp0: Synchronizing with TNC [ 601.036438][T29403] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 601.049686][T29398] [U] è [ 601.064032][T29405] netlink: 60 bytes leftover after parsing attributes in process `syz.0.11386'. [ 601.084407][T29403] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 601.104507][T29403] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 601.115304][T29405] Êü: entered promiscuous mode [ 601.128034][T29403] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 601.216173][ T5409] usb 5-1: USB disconnect, device number 40 [ 601.544969][T29427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 601.578344][T29427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 601.761128][ T5344] tipc: Node number set to 2886997007 [ 602.411443][T29466] vhci_hcd: invalid port number 0 [ 603.148804][T29494] ebtables: ebtables: counters copy to user failed while replacing table [ 603.157572][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 603.157588][ T29] audit: type=1326 audit(2000000107.609:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29499 comm="syz.2.11430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 603.185795][ T29] audit: type=1326 audit(2000000107.609:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29499 comm="syz.2.11430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 603.207720][ T29] audit: type=1326 audit(2000000107.609:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29499 comm="syz.2.11430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 603.229987][ T29] audit: type=1326 audit(2000000107.609:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29499 comm="syz.2.11430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 603.252257][ T29] audit: type=1326 audit(2000000107.609:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29499 comm="syz.2.11430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 603.688553][ T5342] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 603.858711][ T5342] usb 3-1: Using ep0 maxpacket: 16 [ 603.865852][ T5342] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.877051][ T5342] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 603.899224][ T5342] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 603.931604][ T5342] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 603.941057][ T5342] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.968794][ T5342] usb 3-1: config 0 descriptor?? [ 604.411806][ T5342] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0 [ 604.419315][ T5342] microsoft 0003:045E:07DA.0029: unknown main item tag 0x0 [ 604.432708][ T5342] microsoft 0003:045E:07DA.0029: No inputs registered, leaving [ 604.450469][ T5342] microsoft 0003:045E:07DA.0029: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 604.488243][ T5342] microsoft 0003:045E:07DA.0029: no inputs found [ 604.490116][T29543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 604.496168][ T5342] microsoft 0003:045E:07DA.0029: could not initialize ff, continuing anyway [ 604.533196][T29543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 604.659888][ T5345] usb 3-1: USB disconnect, device number 28 [ 605.228656][T29561] netlink: 188 bytes leftover after parsing attributes in process `syz.4.11459'. [ 605.254902][T29561] netlink: 'syz.4.11459': attribute type 1 has an invalid length. [ 605.315517][T29563] program syz.1.11460 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 605.636229][T29579] netlink: 277 bytes leftover after parsing attributes in process `syz.4.11468'. [ 607.398286][ T5409] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 607.548164][ T5409] usb 5-1: Using ep0 maxpacket: 8 [ 607.556800][ T5409] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 607.584933][ T5409] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 607.606038][ T5409] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 607.624683][ T5409] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.642861][ T5409] usb 5-1: config 0 descriptor?? [ 607.918977][T29687] netlink: 'syz.3.11516': attribute type 29 has an invalid length. [ 607.926969][T29687] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11516'. [ 607.939741][T29684] netlink: 'syz.3.11516': attribute type 29 has an invalid length. [ 607.947848][T29684] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11516'. [ 607.998222][ T8] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 608.068201][ T5409] isku 0003:1E7D:319C.002A: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.4-1/input0 [ 608.219698][ T8] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 608.232663][ T8] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 608.247700][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 608.288041][ T8] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 608.293201][ T5345] usb 5-1: USB disconnect, device number 41 [ 608.309140][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.322216][ T8] usb 3-1: config 0 descriptor?? [ 608.333317][ T8] usb-storage 3-1:0.0: USB Mass Storage device detected [ 608.366766][ T8] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 608.544038][ T8] usb 3-1: USB disconnect, device number 29 [ 608.757628][T29723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 608.770629][T29723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 609.066180][T29737] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11542'. [ 609.530547][T29767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 609.549862][T29767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 609.678171][T27627] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 609.840468][T27627] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 609.864268][T27627] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 609.875592][T27627] usb 3-1: New USB device found, idVendor=056a, idProduct=033c, bcdDevice= 0.00 [ 609.885261][T27627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.895960][T27627] usb 3-1: config 0 descriptor?? [ 610.183661][T29795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 610.194153][T29795] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 610.329020][T27627] wacom 0003:056A:033C.002B: Unknown device_type for 'HID 056a:033c'. Assuming pen. [ 610.341681][T27627] wacom 0003:056A:033C.002B: hidraw0: USB HID v0.00 Device [HID 056a:033c] on usb-dummy_hcd.2-1/input0 [ 610.368223][T27627] input: Wacom Intuos PT S 2 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:033C.002B/input/input116 [ 610.537651][ T8] usb 3-1: USB disconnect, device number 30 [ 610.878382][T29823] netlink: 14568 bytes leftover after parsing attributes in process `syz.1.11583'. [ 611.228994][T29839] program syz.1.11590 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 611.975564][ T5295] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 611.985145][ T5295] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 611.993868][ T5295] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 612.002604][ T5295] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 612.011124][ T5295] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 612.018684][ T5295] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 612.099628][T29877] lo speed is unknown, defaulting to 1000 [ 612.407571][T29906] usb usb1: usbfs: process 29906 (syz.4.11621) did not claim interface 3 before use [ 612.430134][T29877] chnl_net:caif_netlink_parms(): no params data found [ 612.635858][T29877] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.662256][T29877] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.680874][T29877] bridge_slave_0: entered allmulticast mode [ 612.702559][T29877] bridge_slave_0: entered promiscuous mode [ 612.723307][T29877] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.744991][T29877] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.768167][T29877] bridge_slave_1: entered allmulticast mode [ 612.785859][T29877] bridge_slave_1: entered promiscuous mode [ 612.799383][ T5345] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 612.842259][T29877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 612.881306][T29877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 612.940485][T29877] team0: Port device team_slave_0 added [ 612.960169][ T5345] usb 5-1: Using ep0 maxpacket: 16 [ 612.961874][T29877] team0: Port device team_slave_1 added [ 612.996667][ T5345] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.016665][ T5345] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.039548][ T5345] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 613.051371][T29877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 613.059277][T29877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.060522][ T5345] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.093101][T29877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 613.111972][ T5345] usb 5-1: config 0 descriptor?? [ 613.131942][T29936] tipc: Started in network mode [ 613.137658][T29936] tipc: Node identity , cluster identity 4711 [ 613.154866][T29936] tipc: Failed to set node id, please configure manually [ 613.167139][T29936] tipc: Enabling of bearer rejected, failed to enable media [ 613.188913][T29877] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 613.195908][T29877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.278508][T29877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 613.499216][T29877] hsr_slave_0: entered promiscuous mode [ 613.519432][T29956] rtc_cmos 00:00: Alarms can be up to one day in the future [ 613.527376][T29877] hsr_slave_1: entered promiscuous mode [ 613.547275][T29877] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 613.561937][ T5345] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:05AC:8241.002C/input/input119 [ 613.578530][T29877] Cannot create hsr debugfs directory [ 613.615947][T29960] netlink: 332 bytes leftover after parsing attributes in process `syz.2.11645'. [ 613.635825][T29960] netlink: 'syz.2.11645': attribute type 9 has an invalid length. [ 613.648790][T29960] netlink: 108 bytes leftover after parsing attributes in process `syz.2.11645'. [ 613.672717][T29960] netlink: 32 bytes leftover after parsing attributes in process `syz.2.11645'. [ 613.889861][T29971] netlink: 'syz.2.11649': attribute type 3 has an invalid length. [ 613.905305][T29877] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.906467][T29971] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.11649'. [ 614.059679][T29975] nbd: must specify at least one socket [ 614.079028][T29877] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.091064][ T5309] Bluetooth: hci8: command tx timeout [ 614.331607][T29877] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.487113][T29877] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.588026][ T29] audit: type=1326 audit(2000000119.059:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30007 comm="syz.4.11669" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd64337dff9 code=0x0 [ 614.727861][T29877] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 614.801440][T29877] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 614.812427][T29877] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 614.863177][T29877] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 615.094457][T29877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 615.158836][T29877] 8021q: adding VLAN 0 to HW filter on device team0 [ 615.179273][ T29] audit: type=1326 audit(2000000119.649:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30038 comm="syz.2.11683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 615.179320][ T29] audit: type=1326 audit(2000000119.649:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30038 comm="syz.2.11683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 615.179354][ T29] audit: type=1326 audit(2000000119.649:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30038 comm="syz.2.11683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 615.186235][ T3818] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.186307][ T3818] bridge0: port 1(bridge_slave_0) entered forwarding state [ 615.211913][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 615.211983][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 615.242634][T29877] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 615.307797][ T29] audit: type=1326 audit(2000000119.779:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30038 comm="syz.2.11683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 615.307844][ T29] audit: type=1326 audit(2000000119.779:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30038 comm="syz.2.11683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x7ffc0000 [ 615.340329][T30045] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11685'. [ 615.440593][T29877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 615.533029][T29877] veth0_vlan: entered promiscuous mode [ 615.550445][T29877] veth1_vlan: entered promiscuous mode [ 615.599307][T29877] veth0_macvtap: entered promiscuous mode [ 615.603111][T29877] veth1_macvtap: entered promiscuous mode [ 615.659210][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.836562][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.859663][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.882510][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.899903][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.925873][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.936327][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.947940][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.958530][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.970138][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 615.980598][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 615.991461][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.001740][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 616.013414][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.029554][T29877] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 616.072737][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.099960][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.115486][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.126057][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.135969][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.146859][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.157212][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.167739][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.178342][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.188741][ T5309] Bluetooth: hci8: command tx timeout [ 616.194769][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.204699][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.215310][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.225338][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.235870][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.246306][T29877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 616.257530][T29877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 616.269543][T29877] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 616.269712][T30077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 616.279964][T29877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.294446][T29877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.303229][T29877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.311988][T29877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.379591][T30077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 616.412533][T30079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11700'. [ 616.429879][T30079] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11700'. [ 616.467554][T30079] netlink: 'syz.2.11700': attribute type 14 has an invalid length. [ 616.581003][T30087] nftables ruleset with unbound set [ 616.605816][ T3818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 616.619705][ T3818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 616.665589][ T3818] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 616.698528][ T3818] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 616.885505][T30101] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11597'. [ 616.938292][T30101] openvswitch: netlink: Actions may not be safe on all matching packets [ 617.583623][T30141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 617.607679][T30141] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 617.998248][ T9] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 618.149547][T30153] ebtables: ebtables: counters copy to user failed while replacing table [ 618.172574][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 618.192446][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 618.213092][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 618.227976][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 618.248128][ T5309] Bluetooth: hci8: command tx timeout [ 618.266851][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 618.279602][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.287803][ T9] usb 3-1: Product: syz [ 618.298111][ T9] usb 3-1: Manufacturer: syz [ 618.302792][ T9] usb 3-1: SerialNumber: syz [ 618.321640][ T9] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 618.339161][ T9] cdc_ncm 3-1:1.0: bind() failure [ 618.535951][ T9] usb 3-1: USB disconnect, device number 31 [ 618.640245][T30175] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11745'. [ 618.772247][T30183] netlink: 'syz.1.11749': attribute type 1 has an invalid length. [ 618.957099][ T29] audit: type=1326 audit(2000000123.429:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30194 comm="syz.0.11755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7897dff9 code=0x7ffc0000 [ 618.982896][ T29] audit: type=1326 audit(2000000123.429:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30194 comm="syz.0.11755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7897dff9 code=0x7ffc0000 [ 619.004545][ C0] vkms_vblank_simulate: vblank timer overrun [ 619.012277][ T29] audit: type=1326 audit(2000000123.459:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30194 comm="syz.0.11755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fef7897dff9 code=0x7ffc0000 [ 619.033827][ C0] vkms_vblank_simulate: vblank timer overrun [ 619.048192][ T29] audit: type=1326 audit(2000000123.459:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30194 comm="syz.0.11755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7897dff9 code=0x7ffc0000 [ 619.069835][ C0] vkms_vblank_simulate: vblank timer overrun [ 619.273676][T30207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 619.282665][T30207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 619.358122][ T5409] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 619.519076][ T5409] usb 3-1: too many configurations: 90, using maximum allowed: 8 [ 619.543473][ T5409] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 619.553231][ T5409] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.562264][ T5409] usb 3-1: Product: syz [ 619.566588][ T5409] usb 3-1: Manufacturer: syz [ 619.571563][ T5409] usb 3-1: SerialNumber: syz [ 619.590150][ T5409] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 619.599602][ T29] kauditd_printk_skb: 69 callbacks suppressed [ 619.599619][ T29] audit: type=1326 audit(2000000124.079:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.654278][ T9] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 619.667835][ T29] audit: type=1326 audit(2000000124.109:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.728047][ T29] audit: type=1326 audit(2000000124.109:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.763177][ T29] audit: type=1326 audit(2000000124.109:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.796995][ T29] audit: type=1326 audit(2000000124.109:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.832211][ T29] audit: type=1326 audit(2000000124.109:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.865603][ T29] audit: type=1326 audit(2000000124.109:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.901378][ T29] audit: type=1326 audit(2000000124.109:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.947385][ T5409] usb 3-1: USB disconnect, device number 32 [ 619.957007][ T29] audit: type=1326 audit(2000000124.109:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 619.957048][ T29] audit: type=1326 audit(2000000124.109:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30198 comm="syz.2.11757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2449b7dbfb code=0x7ffc0000 [ 620.338815][ T5309] Bluetooth: hci8: command tx timeout [ 620.738324][ T9] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 620.758708][ T9] ath9k_htc: Failed to initialize the device [ 620.777816][ T5409] usb 3-1: ath9k_htc: USB layer deinitialized [ 621.254152][T30277] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11794'. [ 621.277777][T30277] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11794'. [ 621.445165][T30289] tipc: Enabling of bearer rejected, failed to enable media [ 621.815126][T30315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 621.858816][T30315] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 622.229275][T30338] nbd: must specify a size in bytes for the device [ 622.999332][T30380] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11839'. [ 623.367376][T30401] netlink: 'syz.0.11849': attribute type 3 has an invalid length. [ 623.389842][T30401] netlink: 'syz.0.11849': attribute type 1 has an invalid length. [ 623.397698][T30401] netlink: 199800 bytes leftover after parsing attributes in process `syz.0.11849'. [ 623.511748][T30408] tipc: Started in network mode [ 623.518108][T30408] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 623.525486][T30408] tipc: Enabled bearer , priority 0 [ 623.638155][T27627] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 623.800843][T27627] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 623.809227][T27627] usb 3-1: config 0 has no interface number 0 [ 623.815326][T27627] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.841709][T27627] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.856831][T27627] usb 3-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 623.876984][T27627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.889318][T27627] usb 3-1: config 0 descriptor?? [ 623.908943][T30422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 623.924673][T30422] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 624.125876][T30426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 624.136660][T30426] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 624.313535][T27627] hid (null): global environment stack underflow [ 624.329853][T27627] uclogic 0003:5543:0522.002D: global environment stack underflow [ 624.338957][T27627] uclogic 0003:5543:0522.002D: item 0 1 1 11 parsing failed [ 624.346743][T27627] uclogic 0003:5543:0522.002D: parse failed [ 624.353091][T27627] uclogic 0003:5543:0522.002D: probe with driver uclogic failed with error -22 [ 624.476033][T30429] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11862'. [ 624.518278][ T5409] tipc: Node number set to 11578026 [ 624.540896][ T5410] usb 3-1: USB disconnect, device number 33 [ 624.767439][T30435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 624.842078][T30435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 625.758362][ T5346] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 625.845828][T30477] netlink: 'syz.0.11885': attribute type 25 has an invalid length. [ 625.937188][ T5346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 625.958018][ T5346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 625.967823][ T5346] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 625.981972][ T5346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.992334][ T5346] usb 3-1: config 0 descriptor?? [ 626.138343][T30489] ucma_write: process 146 (syz.0.11891) changed security contexts after opening file descriptor, this is not allowed. [ 626.290140][T30495] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 626.299580][T30495] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 626.417447][ T5346] magicmouse 0003:05AC:0265.002E: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.2-1/input0 [ 626.607684][ T8] usb 3-1: USB disconnect, device number 34 [ 626.719083][T30499] tipc: Started in network mode [ 626.724058][T30499] tipc: Node identity ., cluster identity 4711 [ 626.736797][T30499] tipc: Enabling of bearer rejected, failed to enable media [ 627.029225][T30512] binder: 30511:30512 ioctl c018620c 20000140 returned -22 [ 628.105187][T30566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.123223][T30566] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 628.311079][T30576] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11933'. [ 628.771660][T30602] syz.0.11945 (30602) used obsolete PPPIOCDETACH ioctl [ 628.923611][T30609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11949'. [ 629.266685][T30631] netlink: 332 bytes leftover after parsing attributes in process `syz.0.11959'. [ 629.276720][T30631] netlink: 'syz.0.11959': attribute type 3 has an invalid length. [ 629.351772][T30635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 629.366295][T30635] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 629.853820][T30639] openvswitch: netlink: Actions may not be safe on all matching packets [ 630.276325][T30664] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11974'. [ 630.307770][T30664] tipc: Enabling of bearer rejected, failed to enable media [ 630.568553][ T5410] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 630.738872][ T5410] usb 3-1: Using ep0 maxpacket: 32 [ 630.745351][ T5410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 630.756885][ T5410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 630.778897][ T5410] usb 3-1: New USB device found, idVendor=056a, idProduct=00f0, bcdDevice= 0.00 [ 630.792026][ T5410] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.814512][ T5410] usb 3-1: config 0 descriptor?? [ 630.840359][T30693] netlink: 324 bytes leftover after parsing attributes in process `syz.0.11989'. [ 631.242458][ T5410] wacom 0003:056A:00F0.002F: unknown main item tag 0x0 [ 631.266721][ T5410] wacom 0003:056A:00F0.002F: hidraw0: USB HID v0.00 Device [HID 056a:00f0] on usb-dummy_hcd.2-1/input0 [ 631.451338][ T47] usb 3-1: USB disconnect, device number 35 [ 634.271404][T30865] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.12060'. [ 634.309279][T30865] netlink: 6332 bytes leftover after parsing attributes in process `syz.3.12060'. [ 634.614088][ T5295] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 634.638430][ T5295] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 634.650938][ T5295] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 634.661626][ T5295] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 634.683173][ T5295] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 634.692661][ T5295] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 634.755563][T30877] lo speed is unknown, defaulting to 1000 [ 634.794599][T30887] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12068'. [ 634.923669][T30892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 634.965378][T30892] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 635.034246][T30877] chnl_net:caif_netlink_parms(): no params data found [ 635.184236][T30877] bridge0: port 1(bridge_slave_0) entered blocking state [ 635.193240][T30877] bridge0: port 1(bridge_slave_0) entered disabled state [ 635.202206][T30877] bridge_slave_0: entered allmulticast mode [ 635.212836][T30877] bridge_slave_0: entered promiscuous mode [ 635.221485][T30877] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.229179][T30877] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.236379][T30877] bridge_slave_1: entered allmulticast mode [ 635.243838][T30877] bridge_slave_1: entered promiscuous mode [ 635.268301][T30877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.281283][T30877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.315118][T30877] team0: Port device team_slave_0 added [ 635.324952][T30877] team0: Port device team_slave_1 added [ 635.347387][T30877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 635.355152][T30877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.382530][T30877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 635.396871][T30877] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 635.404052][T30877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 635.431486][ T5409] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 635.439440][T30877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 635.476881][T30877] hsr_slave_0: entered promiscuous mode [ 635.484201][T30877] hsr_slave_1: entered promiscuous mode [ 635.490746][T30877] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 635.499427][T30877] Cannot create hsr debugfs directory [ 635.620894][ T5409] usb 3-1: Using ep0 maxpacket: 32 [ 635.636322][ T5409] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 635.652899][ T5409] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.663785][ T5409] usb 3-1: Product: syz [ 635.680293][ T5409] usb 3-1: Manufacturer: syz [ 635.684945][ T5409] usb 3-1: SerialNumber: syz [ 635.698370][T30877] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.714812][ T5409] usb 3-1: config 0 descriptor?? [ 635.727225][ T5409] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 635.830117][T30877] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.946150][T30877] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.040662][T30877] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 636.222550][T30877] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 636.236085][T30877] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 636.257166][T30877] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 636.269856][T30877] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 636.353652][ T5409] gspca_stk1135: reg_w 0x3 err -71 [ 636.370722][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.393207][T30877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 636.398226][ T5409] gspca_stk1135: Sensor write failed [ 636.411410][T30877] 8021q: adding VLAN 0 to HW filter on device team0 [ 636.420323][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.432962][ T2917] bridge0: port 1(bridge_slave_0) entered blocking state [ 636.440149][ T2917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 636.460975][ T5409] gspca_stk1135: Sensor write failed [ 636.466353][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.469993][ T2917] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.478200][ T5409] gspca_stk1135: Sensor read failed [ 636.479863][ T2917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 636.485184][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.499639][ T5409] gspca_stk1135: Sensor read failed [ 636.504870][ T5409] gspca_stk1135: Detected sensor type unknown (0x0) [ 636.514956][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.524746][ T5409] gspca_stk1135: Sensor read failed [ 636.530193][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.536766][ T5409] gspca_stk1135: Sensor read failed [ 636.542133][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.557265][ T5409] gspca_stk1135: Sensor write failed [ 636.569340][ T5409] gspca_stk1135: serial bus timeout: status=0x00 [ 636.586094][ T5409] gspca_stk1135: Sensor write failed [ 636.609288][ T5409] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 636.631092][ T5409] usb 3-1: USB disconnect, device number 36 [ 636.809222][ T5309] Bluetooth: hci9: command tx timeout [ 636.852820][T30877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 636.905860][T30877] veth0_vlan: entered promiscuous mode [ 636.925684][T30877] veth1_vlan: entered promiscuous mode [ 636.962736][T30877] veth0_macvtap: entered promiscuous mode [ 636.992775][T30877] veth1_macvtap: entered promiscuous mode [ 637.029862][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.055795][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.078275][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.100719][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.123596][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.145316][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.168252][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.188127][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.212900][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.228271][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.247985][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.268288][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.295479][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.308057][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.330380][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 637.356369][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.369545][T30877] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 637.388217][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.399013][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.409944][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.420685][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.432629][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.444055][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.454514][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.465222][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.475174][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.485794][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.495752][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.506436][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.516374][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.526980][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.537468][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.550882][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.560835][T30877] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 637.571501][T30877] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 637.582582][T30877] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 637.597860][T30952] netlink: 'syz.2.12094': attribute type 16 has an invalid length. [ 637.618209][T30952] netlink: 'syz.2.12094': attribute type 17 has an invalid length. [ 637.679658][T30877] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.702290][T30877] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.721619][T30877] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.745359][T30877] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 637.861960][T30960] devtmpfs: Too few inodes for current use [ 637.882740][ T2917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.904510][ T2917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 637.966196][ T1306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 637.986536][ T1306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 638.377539][T30982] netlink: 'syz.0.12108': attribute type 10 has an invalid length. [ 638.385821][T30982] tipc: Resetting bearer [ 638.446646][T30982] batman_adv: batadv0: Adding interface: team0 [ 638.453271][T30982] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.479362][T30982] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 638.512740][T30989] netlink: 'syz.0.12108': attribute type 10 has an invalid length. [ 638.521125][T30989] netlink: 2 bytes leftover after parsing attributes in process `syz.0.12108'. [ 638.534960][T30989] team0: entered promiscuous mode [ 638.540714][T30989] team_slave_0: entered promiscuous mode [ 638.546801][T30989] team_slave_1: entered promiscuous mode [ 638.555160][T30989] batman_adv: batadv0: Interface activated: team0 [ 638.562184][T30989] batman_adv: batadv0: Interface deactivated: team0 [ 638.574271][T30989] batman_adv: batadv0: Removing interface: team0 [ 638.587517][T30989] bridge0: port 3(team0) entered blocking state [ 638.596308][T30989] bridge0: port 3(team0) entered disabled state [ 638.610506][T30989] team0: entered allmulticast mode [ 638.615666][T30989] team_slave_0: entered allmulticast mode [ 638.626396][T30989] team_slave_1: entered allmulticast mode [ 638.634373][T30989] bridge0: port 3(team0) entered blocking state [ 638.640739][T30989] bridge0: port 3(team0) entered forwarding state [ 638.888408][ T5309] Bluetooth: hci9: command tx timeout [ 639.408937][T31030] netlink: 'syz.3.12130': attribute type 3 has an invalid length. [ 639.543640][T31038] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 639.599072][T31038] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 639.727080][T31047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 639.749611][T31047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 639.827797][T31049] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12140'. [ 640.302586][T31062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 640.328480][T31062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 640.358996][T31064] hub 6-0:1.0: USB hub found [ 640.364096][T31064] hub 6-0:1.0: 1 port detected [ 640.568224][T31070] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 640.593073][T31070] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 640.718348][T31072] netlink: 'syz.4.12151': attribute type 2 has an invalid length. [ 640.922657][T31027] syz.2.12129: vmalloc error: size 3584000, failed to allocated page array size 7000, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 640.955766][T31027] CPU: 1 UID: 0 PID: 31027 Comm: syz.2.12129 Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 640.966707][T31027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 640.976806][T31027] Call Trace: [ 640.980113][T31027] [ 640.983072][T31027] dump_stack_lvl+0x241/0x360 [ 640.987780][T31027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 640.993009][T31027] ? __pfx__printk+0x10/0x10 [ 640.997631][T31027] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 641.004071][T31027] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 641.010312][ T5309] Bluetooth: hci9: command tx timeout [ 641.010581][T31027] warn_alloc+0x278/0x410 [ 641.020305][T31027] ? __pfx_warn_alloc+0x10/0x10 [ 641.025182][T31027] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 641.031366][T31027] ? __get_vm_area_node+0x23d/0x270 [ 641.036602][T31027] __vmalloc_node_range_noprof+0x691/0x13f0 [ 641.042551][T31027] ? __kmalloc_cache_node_noprof+0x1d3/0x300 [ 641.048557][T31027] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 641.054912][T31027] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 641.061096][T31027] ? __get_vm_area_node+0x23d/0x270 [ 641.066321][T31027] __vmalloc_node_range_noprof+0x59c/0x13f0 [ 641.072228][T31027] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 641.078377][T31027] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 641.084101][T31027] ? rcu_is_watching+0x15/0xb0 [ 641.088868][T31027] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 641.095223][T31027] ? rcu_is_watching+0x15/0xb0 [ 641.100017][T31027] ? trace_kmalloc+0x1f/0xd0 [ 641.104632][T31027] ? __kmalloc_node_noprof+0x247/0x440 [ 641.110114][T31027] ? __kvmalloc_node_noprof+0x72/0x190 [ 641.115597][T31027] __kvmalloc_node_noprof+0x142/0x190 [ 641.120998][T31027] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 641.127177][T31027] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 641.133182][T31027] ? tpg_update_mv_step+0x361/0x4f0 [ 641.138415][T31027] vivid_update_format_cap+0x133c/0x2090 [ 641.144088][T31027] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 641.150107][T31027] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 641.155963][T31027] __video_do_ioctl+0xc23/0xdd0 [ 641.160863][T31027] ? __pfx___video_do_ioctl+0x10/0x10 [ 641.166269][T31027] ? __might_fault+0xc6/0x120 [ 641.170978][T31027] video_usercopy+0x89b/0x1180 [ 641.175790][T31027] ? __pfx___video_do_ioctl+0x10/0x10 [ 641.181197][T31027] ? __pfx_video_usercopy+0x10/0x10 [ 641.186424][T31027] ? smack_file_ioctl+0x2f7/0x3a0 [ 641.191487][T31027] ? __fget_files+0x3f3/0x470 [ 641.196224][T31027] v4l2_ioctl+0x189/0x1e0 [ 641.200588][T31027] ? __pfx_v4l2_ioctl+0x10/0x10 [ 641.205474][T31027] __se_sys_ioctl+0xf9/0x170 [ 641.210095][T31027] do_syscall_64+0xf3/0x230 [ 641.214622][T31027] ? clear_bhb_loop+0x35/0x90 [ 641.219326][T31027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.225261][T31027] RIP: 0033:0x7f2449b7dff9 [ 641.229708][T31027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 641.249343][T31027] RSP: 002b:00007f244a8c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 641.257798][T31027] RAX: ffffffffffffffda RBX: 00007f2449d35f80 RCX: 00007f2449b7dff9 [ 641.265801][T31027] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003 [ 641.273807][T31027] RBP: 00007f2449bf0296 R08: 0000000000000000 R09: 0000000000000000 [ 641.281804][T31027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 641.289800][T31027] R13: 0000000000000000 R14: 00007f2449d35f80 R15: 00007ffea09cf2f8 [ 641.297817][T31027] [ 641.299046][T31093] pim6reg: entered allmulticast mode [ 641.344364][T31027] Mem-Info: [ 641.347529][T31027] active_anon:271 inactive_anon:4892 isolated_anon:0 [ 641.347529][T31027] active_file:15818 inactive_file:39071 isolated_file:0 [ 641.347529][T31027] unevictable:768 dirty:256 writeback:0 [ 641.347529][T31027] slab_reclaimable:10290 slab_unreclaimable:114655 [ 641.347529][T31027] mapped:39444 shmem:1264 pagetables:1092 [ 641.347529][T31027] sec_pagetables:0 bounce:0 [ 641.347529][T31027] kernel_misc_reclaimable:0 [ 641.347529][T31027] free:1221642 free_pcp:955 free_cma:0 [ 641.426569][T31027] Node 0 active_anon:1084kB inactive_anon:19368kB active_file:63096kB inactive_file:156284kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:157776kB dirty:1020kB writeback:0kB shmem:3520kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11576kB pagetables:4168kB sec_pagetables:0kB all_unreclaimable? no [ 641.488011][T31027] Node 1 active_anon:0kB inactive_anon:0kB active_file:176kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 641.539781][T31027] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 641.594892][T31027] lowmem_reserve[]: 0 2465 2466 0 0 [ 641.608700][T31027] Node 0 DMA32 free:945292kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:1080kB inactive_anon:22132kB active_file:62308kB inactive_file:156232kB unevictable:1536kB writepending:1016kB present:3129332kB managed:2552504kB mlocked:0kB bounce:0kB free_pcp:1980kB local_pcp:1452kB free_cma:0kB [ 641.707990][T31027] lowmem_reserve[]: 0 0 0 0 0 [ 641.712784][T31027] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:788kB inactive_file:52kB unevictable:0kB writepending:4kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 641.790411][T31027] lowmem_reserve[]: 0 0 0 0 0 [ 641.828376][T31112] netlink: 87 bytes leftover after parsing attributes in process `syz.0.12168'. [ 641.837617][T31027] Node 1 Normal free:3923284kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:176kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:1512kB local_pcp:0kB free_cma:0kB [ 641.941428][T31027] lowmem_reserve[]: 0 0 0 0 0 [ 641.946255][T31027] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 641.962729][T31027] Node 0 DMA32: 0*4kB 1*8kB (U) 2*16kB (UM) 6*32kB (UME) 34*64kB (UME) 71*128kB (UME) 24*256kB (UME) 22*512kB (ME) 15*1024kB (UM) 4*2048kB (UME) 215*4096kB (M) = 933096kB [ 641.982333][T31027] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 641.994363][T31027] Node 1 Normal: 169*4kB (UME) 50*8kB (UME) 34*16kB (UME) 198*32kB (UME) 79*64kB (UME) 33*128kB (UME) 16*256kB (UME) 5*512kB (UM) 6*1024kB (UME) 9*2048kB (UME) 946*4096kB (M) = 3923284kB [ 642.014674][T31027] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 642.024801][T31027] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 642.034457][T31027] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 642.051401][T31118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 642.060147][T31027] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 642.070391][T31027] 59010 total pagecache pages [ 642.075090][T31027] 1 pages in swap cache [ 642.079751][T31027] Free swap = 124692kB [ 642.084010][T31027] Total swap = 124996kB [ 642.089216][T31118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 642.100332][T31027] 2097051 pages RAM [ 642.104165][T31027] 0 pages HighMem/MovableOnly [ 642.112280][T31027] 427073 pages reserved [ 642.116468][T31027] 0 pages cma reserved [ 642.505918][T31130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 642.536026][T31130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 643.058912][ T5309] Bluetooth: hci9: command tx timeout [ 643.209589][T31147] ADFS-fs (nullb0): unrecognised mount option "@" or missing value [ 643.813319][T31160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 643.828798][T31160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 643.926663][T31158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 643.953453][T31158] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 645.529526][T31198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 645.598304][T31198] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 645.645009][T31204] program syz.2.12209 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 645.658485][T31204] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 646.747862][T31249] netlink: 'syz.4.12228': attribute type 1 has an invalid length. [ 646.755945][T31249] netlink: 9376 bytes leftover after parsing attributes in process `syz.4.12228'. [ 646.765796][T31249] netlink: 'syz.4.12228': attribute type 1 has an invalid length. [ 646.802553][T31253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 646.851570][T31253] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.956721][T31264] netlink: 36 bytes leftover after parsing attributes in process `syz.1.12238'. [ 647.214367][T31280] netlink: 'syz.1.12244': attribute type 1 has an invalid length. [ 647.266002][T31280] netlink: 9384 bytes leftover after parsing attributes in process `syz.1.12244'. [ 647.764611][T31306] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12256'. [ 647.780361][T31306] netlink: 56 bytes leftover after parsing attributes in process `syz.1.12256'. [ 647.804688][T31306] netlink: 'syz.1.12256': attribute type 10 has an invalid length. [ 647.879965][T31312] netlink: 248 bytes leftover after parsing attributes in process `syz.1.12260'. [ 647.959908][T31316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 648.039089][T31316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 648.067707][T31320] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12264'. [ 648.322792][ T8] IPVS: starting estimator thread 0... [ 648.418077][T31337] IPVS: using max 20 ests per chain, 48000 per kthread [ 648.714352][T31361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12283'. [ 649.250011][T31380] netlink: 134716 bytes leftover after parsing attributes in process `syz.3.12292'. [ 649.276054][T31380] openvswitch: netlink: Message has 5 unknown bytes. [ 649.410458][T31384] netlink: 56 bytes leftover after parsing attributes in process `syz.3.12294'. [ 649.545527][T31389] lo speed is unknown, defaulting to 1000 [ 649.828352][ T8] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 649.998104][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 650.012148][ T8] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 650.027992][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 650.046355][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.067934][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 650.087597][ T8] usb 3-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 650.100258][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.119924][ T8] usb 3-1: config 0 descriptor?? [ 650.152190][T31407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 650.162585][T31407] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 650.533358][ T8] hid (null): report_id 0 is invalid [ 650.541985][ T8] uclogic 0003:2179:0077.0030: interface is invalid, ignoring [ 650.755241][ T5346] usb 3-1: USB disconnect, device number 37 [ 651.878926][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 651.878944][ T29] audit: type=1326 audit(2000000156.359:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31447 comm="syz.2.12324" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2449b7dff9 code=0x0 [ 652.642141][T31481] netlink: 'syz.1.12339': attribute type 1 has an invalid length. [ 652.666090][T31481] __nla_validate_parse: 1 callbacks suppressed [ 652.666109][T31481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12339'. [ 652.695973][T31484] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 653.687220][T31541] sp0: Synchronizing with TNC [ 653.998811][ T8] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 654.158168][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 654.181136][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 654.192323][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 654.202241][ T8] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c1e, bcdDevice= 0.00 [ 654.211402][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.222117][ T8] usb 3-1: config 0 descriptor?? [ 654.607238][T31566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12379'. [ 654.654543][ T8] corsair-psu 0003:1B1C:1C1E.0031: hidraw0: USB HID v0.00 Device [HID 1b1c:1c1e] on usb-dummy_hcd.2-1/input0 [ 654.728130][ T8] corsair-psu 0003:1B1C:1C1E.0031: unable to initialize device (-38) [ 654.739699][ T8] corsair-psu 0003:1B1C:1C1E.0031: probe with driver corsair-psu failed with error -38 [ 654.874666][T30032] usb 3-1: USB disconnect, device number 38 [ 655.146828][T31588] lo speed is unknown, defaulting to 1000 [ 655.466528][T31599] netlink: 72 bytes leftover after parsing attributes in process `syz.2.12395'. [ 655.677038][T31607] IPVS: Scheduler module ip_vs_sip not found [ 656.084455][T31624] bridge5: entered promiscuous mode [ 656.112721][T31624] bridge5: entered allmulticast mode [ 656.187561][T31624] team0: Port device bridge5 added [ 657.059180][ T5309] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 657.076134][ T5309] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 657.085511][ T5309] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 657.099029][ T5309] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 657.116045][ T5309] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 657.123690][ T5309] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 657.127574][T31677] netlink: 188 bytes leftover after parsing attributes in process `syz.3.12429'. [ 657.199743][T31673] lo speed is unknown, defaulting to 1000 [ 657.213415][T31677] netlink: 56 bytes leftover after parsing attributes in process `syz.3.12429'. [ 657.326411][ T29] audit: type=1326 audit(2000000161.799:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 657.443959][ T29] audit: type=1326 audit(2000000161.799:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 657.576030][ T29] audit: type=1326 audit(2000000161.809:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 657.673146][T31673] chnl_net:caif_netlink_parms(): no params data found [ 657.679674][ T29] audit: type=1326 audit(2000000161.809:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 657.701557][ C1] vkms_vblank_simulate: vblank timer overrun [ 657.732345][ T29] audit: type=1326 audit(2000000161.809:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 657.757965][ T29] audit: type=1326 audit(2000000161.809:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 657.796839][ T29] audit: type=1326 audit(2000000161.889:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 657.818483][ C1] vkms_vblank_simulate: vblank timer overrun [ 657.838123][ T29] audit: type=1326 audit(2000000161.889:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31682 comm="syz.3.12432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f835e57dff9 code=0x7ffc0000 [ 658.059346][T31706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12441'. [ 658.071299][T31673] bridge0: port 1(bridge_slave_0) entered blocking state [ 658.080231][T31673] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.087561][T31673] bridge_slave_0: entered allmulticast mode [ 658.095377][T31673] bridge_slave_0: entered promiscuous mode [ 658.134015][T31673] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.149770][T31673] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.183826][T31673] bridge_slave_1: entered allmulticast mode [ 658.199130][T31673] bridge_slave_1: entered promiscuous mode [ 658.240005][T31673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 658.260928][T31673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 658.328977][T31673] team0: Port device team_slave_0 added [ 658.339520][T31673] team0: Port device team_slave_1 added [ 658.428707][T31673] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 658.442841][T31673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 658.447979][T30032] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 658.475185][T31673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 658.521236][T31673] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 658.537769][T31673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 658.568449][T31673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 658.631108][T31673] hsr_slave_0: entered promiscuous mode [ 658.646084][T31673] hsr_slave_1: entered promiscuous mode [ 658.650404][T30032] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 658.668159][T31673] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 658.675754][T31673] Cannot create hsr debugfs directory [ 658.684054][T30032] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 658.714168][T30032] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 658.737139][T30032] usb 3-1: New USB device found, idVendor=046d, idProduct=c287, bcdDevice= 0.00 [ 658.754466][T30032] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.777528][T30032] usb 3-1: config 0 descriptor?? [ 658.904269][T31734] netlink: 20 bytes leftover after parsing attributes in process `syz.1.12454'. [ 659.027512][T31673] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.084970][T31741] openvswitch: netlink: Actions may not be safe on all matching packets [ 659.182666][T31673] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.195286][T30032] logitech 0003:046D:C287.0032: unknown main item tag 0x3 [ 659.204509][T30032] logitech 0003:046D:C287.0032: hidraw0: USB HID v0.00 Device [HID 046d:c287] on usb-dummy_hcd.2-1/input0 [ 659.216771][ T5309] Bluetooth: hci10: command tx timeout [ 659.228282][T30032] logitech 0003:046D:C287.0032: no inputs found [ 659.327667][T31673] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.477856][T31673] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.507362][ T5410] usb 3-1: USB disconnect, device number 39 [ 659.716507][T31673] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 659.866466][T31673] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 659.883333][T31673] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 659.905677][T31673] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 660.001578][T31775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 660.023541][T31673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 660.032622][T31775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 660.061409][T31673] 8021q: adding VLAN 0 to HW filter on device team0 [ 660.091735][ T2917] bridge0: port 1(bridge_slave_0) entered blocking state [ 660.098905][ T2917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 660.130332][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 660.137480][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 660.462123][T31673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 660.537594][T31673] veth0_vlan: entered promiscuous mode [ 660.579907][T31673] veth1_vlan: entered promiscuous mode [ 660.636645][T31673] veth0_macvtap: entered promiscuous mode [ 660.670592][T31673] veth1_macvtap: entered promiscuous mode [ 660.708798][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.719350][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.755695][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.783701][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.805763][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.829287][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.847316][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.860970][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.889759][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.911985][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.930773][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 660.962746][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 660.990426][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 661.018136][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.038076][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 661.069399][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.090733][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 661.116128][T31819] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12491'. [ 661.123891][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.149019][T31819] nbd: socks must be embedded in a SOCK_ITEM attr [ 661.150567][T31673] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 661.205052][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.238832][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.260058][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.281374][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.288248][ T5309] Bluetooth: hci10: command tx timeout [ 661.303815][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.330606][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.342576][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.353572][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.364823][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.377474][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.389144][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.406365][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.416858][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.427782][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.438943][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.450858][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.461137][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.472160][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.486201][T31673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 661.500412][T31673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 661.513968][T31673] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 661.516877][T31831] netlink: 'syz.2.12496': attribute type 1 has an invalid length. [ 661.535269][T31673] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.547389][T31673] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.557325][T31673] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.566771][T31673] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 661.579737][T31831] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.12496'. [ 661.756351][ T3818] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 661.799074][ T3818] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 661.849306][ T2910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 661.857809][ T2910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 662.074449][T31855] tmpfs: Cannot change global quota limit on remount [ 662.441278][T31879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 662.473045][T31879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 662.483955][T31882] program syz.2.12519 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 662.586807][T31885] mkiss: ax0: crc mode is auto. [ 662.788507][T31893] usb usb8: usbfs: process 31893 (syz.4.12524) did not claim interface 0 before use [ 663.218332][ T5410] usb 3-1: new full-speed USB device number 40 using dummy_hcd [ 663.369528][ T5309] Bluetooth: hci10: command tx timeout [ 663.370692][ T5410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 663.414537][ T5410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 663.463155][ T5410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10 [ 663.476255][ T5410] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 663.486218][ T5410] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 663.499383][ T5410] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 663.508500][ T5410] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.549414][ T5410] usb 3-1: config 0 descriptor?? [ 663.712277][T31942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12547'. [ 663.722362][T31942] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12547'. [ 664.045780][ T5410] ntrig 0003:1B96:000A.0033: unknown main item tag 0x0 [ 664.078280][ T5410] ntrig 0003:1B96:000A.0033: unknown main item tag 0x0 [ 664.090307][ T5410] ntrig 0003:1B96:000A.0033: unknown main item tag 0x0 [ 664.107518][ T5410] ntrig 0003:1B96:000A.0033: unknown main item tag 0x0 [ 664.109303][T31962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 664.129479][ T5410] ntrig 0003:1B96:000A.0033: unknown main item tag 0x0 [ 664.146237][ T5410] ntrig 0003:1B96:000A.0033: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.2-1/input0 [ 664.171934][T31962] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 664.206367][T31962] random: crng reseeded on system resumption [ 664.268054][ T5410] usb 3-1: USB disconnect, device number 40 [ 664.592661][T31970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 664.606108][T31970] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.269213][T31996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.303080][T31996] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.448748][ T5309] Bluetooth: hci10: command tx timeout [ 665.524509][T32010] netlink: 104 bytes leftover after parsing attributes in process `syz.3.12580'. [ 665.599760][T32013] netlink: 40 bytes leftover after parsing attributes in process `syz.3.12581'. [ 665.743597][T32021] netlink: 4088 bytes leftover after parsing attributes in process `syz.1.12585'. [ 665.763464][T32021] openvswitch: netlink: Actions may not be safe on all matching packets [ 665.835984][T32025] usb 1-1: USB disconnect, device number 13 [ 666.116400][ T5346] kernel write not supported for file /snd/seq (pid: 5346 comm: kworker/1:7) [ 666.815055][T32082] openvswitch: netlink: Actions may not be safe on all matching packets [ 666.938826][T32090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 666.973919][T32090] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 667.195553][T32104] vivid-000: disconnect [ 667.201834][T32102] vivid-000: reconnect [ 667.980960][T32135] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12638'. [ 668.006575][T32137] netlink: 'syz.4.12639': attribute type 1 has an invalid length. [ 668.242534][T32152] netlink: 'syz.4.12647': attribute type 1 has an invalid length. [ 668.281517][T32152] netlink: 9396 bytes leftover after parsing attributes in process `syz.4.12647'. [ 668.418161][ T5346] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 668.643210][ T5346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 668.643247][ T5346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.643282][ T5346] usb 3-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 668.643308][ T5346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.645304][ T5346] usb 3-1: config 0 descriptor?? [ 668.682602][T32176] netlink: 'syz.4.12657': attribute type 1 has an invalid length. [ 669.010021][T32188] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 669.055118][T32188] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=io+mem:owns=io+mem [ 669.106695][ T5346] cougar 0003:060B:700A.0034: hidraw0: USB HID v0.00 Device [HID 060b:700a] on usb-dummy_hcd.2-1/input0 [ 669.160770][T32192] openvswitch: netlink: Actions may not be safe on all matching packets [ 669.275351][ T5410] usb 3-1: USB disconnect, device number 41 [ 669.352325][T32204] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 669.363511][T32204] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 669.705669][T32221] sctp: [Deprecated]: syz.1.12679 (pid 32221) Use of struct sctp_assoc_value in delayed_ack socket option. [ 669.705669][T32221] Use struct sctp_sack_info instead [ 669.965922][T32229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 669.985579][T32227] netlink: 192 bytes leftover after parsing attributes in process `syz.2.12682'. [ 669.995241][T32227] netlink: 48 bytes leftover after parsing attributes in process `syz.2.12682'. [ 670.001935][T32229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 670.175138][T32240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 670.185000][T32240] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 670.224417][T32242] netlink: 176 bytes leftover after parsing attributes in process `syz.2.12689'. [ 670.233864][T32242] netlink: 32 bytes leftover after parsing attributes in process `syz.2.12689'. [ 670.328593][ T5309] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 670.608221][T32258] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.12696'. [ 670.618702][T32258] openvswitch: netlink: Geneve option length err (len 3060, max 255). [ 670.784103][T32266] netlink: 188 bytes leftover after parsing attributes in process `syz.2.12700'. [ 670.794308][T32266] netlink: 'syz.2.12700': attribute type 1 has an invalid length. [ 670.808258][T32266] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12700'. [ 670.991744][T32275] [U] ^ [ 671.116929][T32284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 671.136148][T32284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 671.498106][ T8] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 671.669111][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 671.690494][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 671.701091][ T8] usb 3-1: New USB device found, idVendor=056a, idProduct=00b0, bcdDevice= 0.00 [ 671.710668][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.727657][ T8] usb 3-1: config 0 descriptor?? [ 672.152154][ T8] wacom 0003:056A:00B0.0035: Unknown device_type for 'HID 056a:00b0'. Assuming pen. [ 672.164793][T32305] netlink: 'syz.1.12719': attribute type 29 has an invalid length. [ 672.175111][ T8] wacom 0003:056A:00B0.0035: hidraw0: USB HID v0.00 Device [HID 056a:00b0] on usb-dummy_hcd.2-1/input0 [ 672.206973][ T8] input: Wacom Intuos3 4x5 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00B0.0035/input/input123 [ 672.359465][ T8] usb 3-1: USB disconnect, device number 42 [ 673.187977][T32348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 673.200480][T32348] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 673.558027][ T47] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 673.710502][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 673.721723][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 673.731803][ T47] usb 3-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 673.740934][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.751057][ T47] usb 3-1: config 0 descriptor?? [ 674.184137][ T47] magicmouse 0003:05AC:0269.0036: hidraw0: USB HID v0.00 Device [HID 05ac:0269] on usb-dummy_hcd.2-1/input0 [ 674.300930][T32367] netlink: 4096 bytes leftover after parsing attributes in process `syz.1.12749'. [ 674.311822][T32367] openvswitch: netlink: Actions may not be safe on all matching packets [ 674.381749][ T47] usb 3-1: USB disconnect, device number 43 [ 674.571540][T32379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 674.580937][T32379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 675.384743][ T29] audit: type=1326 audit(2000000179.859:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm="syz.1.12761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.417938][ T29] audit: type=1326 audit(2000000179.859:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm="syz.1.12761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.457935][ T29] audit: type=1326 audit(2000000179.869:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm="syz.1.12761" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.503958][ T29] audit: type=1326 audit(2000000179.869:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm=2BB55D7D5B exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.537045][ T29] audit: type=1326 audit(2000000179.869:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm=2BB55D7D5B exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.566307][ T29] audit: type=1326 audit(2000000179.869:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm=2BB55D7D5B exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.591878][T32394] loop6: detected capacity change from 0 to 524287999 [ 675.601514][ T29] audit: type=1326 audit(2000000179.949:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm=2BB55D7D5B exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.625468][ T29] audit: type=1326 audit(2000000179.949:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32391 comm=2BB55D7D5B exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f802c97dff9 code=0x7ffc0000 [ 675.994916][T32410] gfs2: path_lookup on c::: returned error -2 [ 676.209819][ T5307] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 676.220651][ T5307] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 676.238097][ T5307] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 676.256293][ T5307] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 676.264884][ T5307] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 676.272544][ T5307] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 676.316482][T32418] lo speed is unknown, defaulting to 1000 [ 676.463865][T32418] chnl_net:caif_netlink_parms(): no params data found [ 676.589118][T32418] bridge0: port 1(bridge_slave_0) entered blocking state [ 676.596272][T32418] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.603944][T32418] bridge_slave_0: entered allmulticast mode [ 676.611768][T32418] bridge_slave_0: entered promiscuous mode [ 676.620327][T32418] bridge0: port 2(bridge_slave_1) entered blocking state [ 676.627432][T32418] bridge0: port 2(bridge_slave_1) entered disabled state [ 676.634730][T32418] bridge_slave_1: entered allmulticast mode [ 676.641772][T32418] bridge_slave_1: entered promiscuous mode [ 676.685779][T32418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 676.714746][T32418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 676.836551][T32418] team0: Port device team_slave_0 added [ 676.842567][T32418] team0: Port device team_slave_1 added [ 676.918803][T32418] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.918824][T32418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.918850][T32418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 676.921612][T32418] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 676.921630][T32418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.921654][T32418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 677.013942][T32418] hsr_slave_0: entered promiscuous mode [ 677.017277][T32418] hsr_slave_1: entered promiscuous mode [ 677.137442][T32418] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 677.137530][T32418] Cannot create hsr debugfs directory [ 677.512437][T32466] netlink: 212912 bytes leftover after parsing attributes in process `syz.4.12794'. [ 677.655344][T32418] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.753839][T32418] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.788670][ T5410] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 677.876923][T32418] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.960838][ T5410] usb 3-1: New USB device found, idVendor=056a, idProduct=00b3, bcdDevice= 0.00 [ 677.964122][T32486] program syz.1.12802 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 677.970415][ T5410] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.001411][ T5410] usb 3-1: config 0 descriptor?? [ 678.034070][T32418] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 678.241692][T32418] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 678.271050][T32418] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 678.291102][T32418] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 678.310748][T32418] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 678.328803][ T5309] Bluetooth: hci11: command tx timeout [ 678.424619][ T5410] wacom 0003:056A:00B3.0037: Unknown device_type for 'HID 056a:00b3'. Assuming pen. [ 678.446189][ T5410] wacom 0003:056A:00B3.0037: hidraw0: USB HID v0.00 Device [HID 056a:00b3] on usb-dummy_hcd.2-1/input0 [ 678.461111][ T5410] input: Wacom Intuos3 12x12 Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00B3.0037/input/input126 [ 678.507451][T32418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 678.568631][T32418] 8021q: adding VLAN 0 to HW filter on device team0 [ 678.611570][ T2910] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.618728][ T2910] bridge0: port 1(bridge_slave_0) entered forwarding state [ 678.623389][ T9] usb 3-1: USB disconnect, device number 44 [ 678.628703][ T2910] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.638933][ T2910] bridge0: port 2(bridge_slave_1) entered forwarding state [ 678.977426][T32418] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 679.070839][T32418] veth0_vlan: entered promiscuous mode [ 679.090441][T32418] veth1_vlan: entered promiscuous mode [ 679.138892][T32418] veth0_macvtap: entered promiscuous mode [ 679.159787][T32418] veth1_macvtap: entered promiscuous mode [ 679.210193][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.220786][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.233351][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.244186][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.254473][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.268175][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.289008][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.309759][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.342345][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.360586][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.372080][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.383105][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.393423][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.404789][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.415138][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.457227][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.477751][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.497955][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.517959][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 679.538890][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.552216][T32418] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.568915][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.579576][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.591557][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.602387][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.627970][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.648043][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.660455][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.674813][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.703710][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.728597][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.744168][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.756158][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.766167][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.777517][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.789502][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.800280][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.831320][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.850776][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.861017][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.872452][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.891189][T32418] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.928009][T32418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.967524][T32418] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 680.015651][T32418] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.042044][T32418] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.061323][T32418] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.078800][T32418] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.342929][ T1306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.354988][ T1306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.367026][ T5307] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 680.383060][ T5307] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 680.391667][ T5307] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 680.400392][ T5307] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 680.409605][ T5307] Bluetooth: hci11: command tx timeout [ 680.419022][ T5295] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 680.426426][ T5295] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 680.496147][T32557] lo speed is unknown, defaulting to 1000 [ 680.520224][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 680.528324][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 680.900844][T32557] chnl_net:caif_netlink_parms(): no params data found [ 681.040986][T32592] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 681.099483][T32600] program syz.3.12854 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 681.153251][T32557] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.169826][T32557] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.177164][T32557] bridge_slave_0: entered allmulticast mode [ 681.184351][T32557] bridge_slave_0: entered promiscuous mode [ 681.192532][T32557] bridge0: port 2(bridge_slave_1) entered blocking state [ 681.199737][T32557] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.206981][T32557] bridge_slave_1: entered allmulticast mode [ 681.214309][T32557] bridge_slave_1: entered promiscuous mode [ 681.238841][T32604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 681.302938][T32604] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 681.359378][T32557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 681.377287][T32557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 681.419755][T32557] team0: Port device team_slave_0 added [ 681.430584][T32557] team0: Port device team_slave_1 added [ 681.460543][T32557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 681.467533][T32557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 681.494773][T32557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 681.508924][T32557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 681.515894][T32557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 681.542197][T32557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 681.593005][T32557] hsr_slave_0: entered promiscuous mode [ 681.601102][T32557] hsr_slave_1: entered promiscuous mode [ 681.607303][T32557] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 681.627624][T32557] Cannot create hsr debugfs directory [ 681.787850][T32557] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.912255][T32557] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 681.933816][ T29] audit: type=1400 audit(2000000186.409:415): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=32625 comm="syz.1.12867" [ 681.938222][T32624] netlink: 'syz.2.12866': attribute type 2 has an invalid length. [ 682.082126][T32557] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.128662][ T5410] kernel write not supported for file /input/event0 (pid: 5410 comm: kworker/0:6) [ 682.240591][T32557] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 682.488885][ T5295] Bluetooth: hci12: command tx timeout [ 682.489484][ T5309] Bluetooth: hci11: command tx timeout [ 682.519011][T32557] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 682.540467][T32557] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 682.554132][T32557] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 682.571013][T32649] rdma_rxe: rxe_newlink: failed to add lo [ 682.586348][T32557] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 682.773816][T32557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 682.819435][T32557] 8021q: adding VLAN 0 to HW filter on device team0 [ 682.850256][ T2917] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.857400][ T2917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 682.889599][ T1306] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.896747][ T1306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 683.192041][T32557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 683.271232][T32557] veth0_vlan: entered promiscuous mode [ 683.293662][T32557] veth1_vlan: entered promiscuous mode [ 683.345126][T32557] veth0_macvtap: entered promiscuous mode [ 683.355495][T32557] veth1_macvtap: entered promiscuous mode [ 683.395190][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.412240][T32679] Bluetooth: MGMT ver 1.23 [ 683.418291][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.445450][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.477843][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.491091][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.514751][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.526999][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.538490][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.549239][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.560034][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.569922][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.580764][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.592874][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.603625][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.613908][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.626167][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.636041][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.647532][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.657514][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.669549][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.680219][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 683.691084][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.704501][T32557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 683.729463][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.740622][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.751317][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.762017][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.773338][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.784623][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.794738][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.813134][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.825239][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.837376][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.847405][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.859444][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.869609][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.880422][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.891124][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.902564][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.912651][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.923453][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.941547][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.952273][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.962505][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.973195][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.987597][T32557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.999323][T32557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 684.012020][T32557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 684.031709][T32557] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.042727][T32557] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.054548][T32557] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.063887][T32557] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.179910][ T2917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 684.188646][ T2917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.262937][ T1306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 684.278245][ T1306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 684.568940][ T5309] Bluetooth: hci12: command tx timeout [ 684.569142][ T5295] Bluetooth: hci11: command tx timeout [ 684.867489][T32720] netlink: 'syz.0.12908': attribute type 1 has an invalid length. [ 684.964804][T32726] netlink: 'syz.0.12911': attribute type 33 has an invalid length. [ 684.996970][T32726] netlink: 152 bytes leftover after parsing attributes in process `syz.0.12911'. [ 685.073635][T32731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 685.089812][T32731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 685.330337][T32742] netlink: 'syz.2.12919': attribute type 1 has an invalid length. [ 685.338726][T32742] netlink: 236 bytes leftover after parsing attributes in process `syz.2.12919'. [ 685.814749][T27627] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 685.930096][ T30] INFO: task kworker/0:4:5373 blocked for more than 143 seconds. [ 685.940490][ T30] Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 685.968108][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 685.977981][T27627] usb 3-1: Using ep0 maxpacket: 16 [ 685.990622][ T30] task:kworker/0:4 state:D stack:19728 pid:5373 tgid:5373 ppid:2 flags:0x00004000 [ 686.009244][T27627] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.078047][ T30] Workqueue: usb_hub_wq hub_event [ 686.089801][T27627] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 686.105434][ T30] Call Trace: [ 686.143309][ T30] [ 686.146307][ T30] __schedule+0x1843/0x4ae0 [ 686.150999][T27627] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 686.190242][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 686.195352][ T30] ? schedule+0x90/0x320 [ 686.217912][T27627] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 686.227620][T27627] usb 3-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 686.236922][ T30] ? __pfx___schedule+0x10/0x10 [ 686.248153][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 686.254189][ T30] ? __pfx_lock_release+0x10/0x10 [ 686.259630][T27627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.288113][ T30] ? kick_pool+0x1bd/0x620 [ 686.292588][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 686.297810][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 686.328243][T27627] usb 3-1: config 0 descriptor?? [ 686.348020][ T30] ? schedule+0x90/0x320 [ 686.348109][T27627] usb 3-1: can't set config #0, error -71 [ 686.352294][ T30] schedule+0x14b/0x320 [ 686.370505][T27627] usb 3-1: USB disconnect, device number 45 [ 686.382898][ T30] schedule_preempt_disabled+0x13/0x30 [ 686.392969][ T30] rwsem_down_write_slowpath+0xeee/0x13b0 [ 686.409230][ T30] ? rwsem_down_write_slowpath+0xa09/0x13b0 [ 686.415184][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 686.437963][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 686.443048][ T30] ? kobject_put+0x272/0x480 [ 686.447673][ T30] down_write+0x1d7/0x220 [ 686.468004][ T30] ? __pfx_down_write+0x10/0x10 [ 686.472919][ T30] ? free_large_kmalloc+0x105/0x1c0 [ 686.488259][ T30] ? as102_usb_disconnect+0x50/0x120 [ 686.494911][ T30] usb_deregister_dev+0x88/0x210 [ 686.517094][ T30] as102_usb_disconnect+0x79/0x120 [ 686.528498][ T30] usb_unbind_interface+0x25e/0x940 [ 686.533747][ T30] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 686.555956][ T30] ? __pfx_usb_unbind_interface+0x10/0x10 [ 686.562193][ T30] device_release_driver_internal+0x503/0x7c0 [ 686.588022][ T30] bus_remove_device+0x34f/0x420 [ 686.593008][ T30] device_del+0x57a/0x9b0 [ 686.607977][ T30] ? __pfx_device_del+0x10/0x10 [ 686.612867][ T30] ? usb_disconnect+0x103/0x950 [ 686.617734][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 686.624819][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 686.632070][ T30] usb_disable_device+0x3bf/0x850 [ 686.637137][ T30] usb_disconnect+0x340/0x950 [ 686.642380][ T30] hub_event+0x1ebc/0x5150 [ 686.646844][ T30] ? debug_object_deactivate+0x2d5/0x390 [ 686.653322][ T5295] Bluetooth: hci12: command tx timeout [ 686.659376][ T30] ? __pfx_hub_event+0x10/0x10 [ 686.664177][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 686.669622][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 686.675634][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 686.682482][ T30] ? process_scheduled_works+0x976/0x1850 [ 686.688674][ T30] process_scheduled_works+0xa63/0x1850 [ 686.694274][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 686.703603][ T30] ? assign_work+0x364/0x3d0 [ 686.708527][ T30] worker_thread+0x870/0xd30 [ 686.713150][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 686.719506][ T30] ? __kthread_parkme+0x169/0x1d0 [ 686.724562][ T30] ? __pfx_worker_thread+0x10/0x10 [ 686.730292][ T30] kthread+0x2f0/0x390 [ 686.734385][ T30] ? __pfx_worker_thread+0x10/0x10 [ 686.742629][ T30] ? __pfx_kthread+0x10/0x10 [ 686.747253][ T30] ret_from_fork+0x4b/0x80 [ 686.752120][ T30] ? __pfx_kthread+0x10/0x10 [ 686.756728][ T30] ret_from_fork_asm+0x1a/0x30 [ 686.762588][ T30] [ 686.765670][ T30] INFO: task syz.0.10280:26777 blocked for more than 144 seconds. [ 686.774422][ T30] Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 686.782340][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 686.791409][ T30] task:syz.0.10280 state:D stack:23808 pid:26777 tgid:26777 ppid:12889 flags:0x00004004 [ 686.818010][ T30] Call Trace: [ 686.821316][ T30] [ 686.824261][ T30] __schedule+0x1843/0x4ae0 [ 686.837936][ T30] ? __pfx___schedule+0x10/0x10 [ 686.842933][ T30] ? __pfx_lock_release+0x10/0x10 [ 686.857902][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 686.863932][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 686.886824][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 686.893304][ T30] ? schedule+0x90/0x320 [ 686.897581][ T30] schedule+0x14b/0x320 [ 686.904576][ T30] rpm_resume+0x504/0x1670 [ 686.909410][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 686.914474][ T30] ? __pfx_rpm_resume+0x10/0x10 [ 686.919777][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 686.925877][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 686.931761][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 686.936998][ T30] rpm_resume+0x8fe/0x1670 [ 686.945956][ T30] ? __pfx_rpm_resume+0x10/0x10 [ 686.960081][ T30] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 686.965577][ T30] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 686.987927][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 686.993961][ T30] __pm_runtime_resume+0x120/0x180 [ 687.007975][ T30] ? __pfx_wdm_manage_power+0x10/0x10 [ 687.013384][ T30] usb_autopm_get_interface+0x22/0xf0 [ 687.035177][ T30] ? __pfx_wdm_manage_power+0x10/0x10 [ 687.045196][ T30] wdm_manage_power+0x1c/0xa0 [ 687.051203][ T30] ? __pfx_wdm_manage_power+0x10/0x10 [ 687.056605][ T30] wdm_release+0x20f/0x460 [ 687.061418][ T30] ? __pfx_wdm_release+0x10/0x10 [ 687.066388][ T30] __fput+0x23f/0x880 [ 687.072354][ T30] task_work_run+0x24f/0x310 [ 687.076984][ T30] ? __pfx_task_work_run+0x10/0x10 [ 687.082282][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 687.088120][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 687.093776][ T30] do_syscall_64+0x100/0x230 [ 687.098560][ T30] ? clear_bhb_loop+0x35/0x90 [ 687.103262][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.112181][ T30] RIP: 0033:0x7f1dff37dff9 [ 687.116625][ T30] RSP: 002b:00007ffcd0617688 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 687.125279][ T30] RAX: 0000000000000000 RBX: 00007f1dff537a80 RCX: 00007f1dff37dff9 [ 687.133469][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 687.141612][ T30] RBP: 00007f1dff537a80 R08: 0000000000000006 R09: 00007ffcd061797f [ 687.149665][ T30] R10: 00000000005e97bc R11: 0000000000000246 R12: 000000000008130f [ 687.157655][ T30] R13: 00007ffcd0617790 R14: 0000000000000032 R15: ffffffffffffffff [ 687.165913][ T30] [ 687.169097][ T30] INFO: task syz.3.10426:27086 blocked for more than 144 seconds. [ 687.218947][ T30] Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 687.226638][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 687.267967][ T30] task:syz.3.10426 state:D stack:26456 pid:27086 tgid:27085 ppid:5296 flags:0x00004004 [ 687.286538][ T30] Call Trace: [ 687.290178][ T30] [ 687.293129][ T30] __schedule+0x1843/0x4ae0 [ 687.297675][ T30] ? __pfx___schedule+0x10/0x10 [ 687.302627][ T30] ? __pfx_lock_release+0x10/0x10 [ 687.307676][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 687.314088][ T30] ? schedule+0x90/0x320 [ 687.319145][ T30] schedule+0x14b/0x320 [ 687.323338][ T30] schedule_preempt_disabled+0x13/0x30 [ 687.328911][ T30] __mutex_lock+0x6a7/0xd70 [ 687.333441][ T30] ? __mutex_lock+0x52a/0xd70 [ 687.338263][ T30] ? wdm_open+0x56/0x550 [ 687.342536][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 687.347580][ T30] ? __pfx_down_read+0x10/0x10 [ 687.352441][ T30] ? chrdev_open+0xfb/0x600 [ 687.356973][ T30] ? __pfx_lock_release+0x10/0x10 [ 687.362095][ T30] wdm_open+0x56/0x550 [ 687.366190][ T30] ? __pfx_wdm_open+0x10/0x10 [ 687.371125][ T30] usb_open+0x14b/0x1d0 [ 687.375312][ T30] chrdev_open+0x521/0x600 [ 687.379818][ T30] ? __pfx_chrdev_open+0x10/0x10 [ 687.384779][ T30] ? security_file_open+0x513/0x990 [ 687.390100][ T30] ? __pfx_chrdev_open+0x10/0x10 [ 687.395066][ T30] do_dentry_open+0x978/0x1460 [ 687.399953][ T30] vfs_open+0x3e/0x330 [ 687.404045][ T30] path_openat+0x2c84/0x3590 [ 687.408736][ T30] ? __pfx_path_openat+0x10/0x10 [ 687.415264][ T30] do_filp_open+0x235/0x490 [ 687.419883][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 687.424958][ T30] ? _raw_spin_unlock+0x28/0x50 [ 687.429911][ T30] ? alloc_fd+0x5a1/0x640 [ 687.434279][ T30] do_sys_openat2+0x13e/0x1d0 [ 687.439077][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 687.444322][ T30] __x64_sys_openat+0x247/0x2a0 [ 687.449400][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 687.454806][ T30] ? do_syscall_64+0x100/0x230 [ 687.459689][ T30] ? do_syscall_64+0xb6/0x230 [ 687.464393][ T30] do_syscall_64+0xf3/0x230 [ 687.468987][ T30] ? clear_bhb_loop+0x35/0x90 [ 687.473687][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.479772][ T30] RIP: 0033:0x7fa5feb7c990 [ 687.484209][ T30] RSP: 002b:00007fa5ffa49b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 687.492717][ T30] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa5feb7c990 [ 687.500756][ T30] RDX: 0000000000000002 RSI: 00007fa5ffa49c10 RDI: 00000000ffffff9c [ 687.508837][ T30] RBP: 00007fa5ffa49c10 R08: 0000000000000000 R09: 00007fa5ffa49987 [ 687.518626][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 687.526626][ T30] R13: 0000000000000000 R14: 00007fa5fed35f80 R15: 00007ffe542333d8 [ 687.535013][ T30] [ 687.538264][ T30] [ 687.538264][ T30] Showing all locks held in the system: [ 687.546307][ T30] 5 locks held by kworker/0:0/8: [ 687.551302][ T30] 3 locks held by kworker/0:1/9: [ 687.556373][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 687.567457][ T30] #1: ffffc900000e7d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 687.578282][ T30] #2: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 687.589394][ T30] 1 lock held by khungtaskd/30: [ 687.594259][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 687.604375][ T30] 6 locks held by kworker/1:2/937: [ 687.609693][ T30] #0: ffff888144e9ed48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 687.627307][ T30] #1: ffffc900038ffd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 687.643148][ T30] #2: ffff8881453af190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 687.652183][ T30] #3: ffff88805e557190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 687.661520][ T30] #4: ffff888072a87160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 687.670835][ T30] #5: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x13a/0x5a0 [ 687.680505][ T30] 3 locks held by kworker/u8:5/1306: [ 687.685809][ T30] 4 locks held by kworker/u8:6/2910: [ 687.691621][ T30] 6 locks held by kworker/u8:7/2917: [ 687.696918][ T30] 2 locks held by getty/4975: [ 687.701691][ T30] #0: ffff88814c54f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 687.711545][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 687.722509][ T30] 3 locks held by kworker/1:3/5290: [ 687.727729][ T30] #0: ffff88801dee7948 ((wq_completion)pm){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 687.739365][ T30] #1: ffffc90003d47d00 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 687.752926][ T30] #2: ffff8881453aa510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x1c6/0x14d0 [ 687.766190][ T30] 7 locks held by kworker/1:6/5345: [ 687.771661][ T30] #0: ffff888144e9ed48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 687.783142][ T30] #1: ffffc900042bfd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 687.795243][ T30] #2: ffff888028287190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 687.804260][ T30] #3: ffff8880561c3190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 687.813636][ T30] #4: ffff88806f1fd160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 687.824768][ T30] #5: ffff88805037da20 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 687.834871][ T30] #6: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x13a/0x5a0 [ 687.845795][ T30] 6 locks held by kworker/0:4/5373: [ 687.851424][ T30] #0: ffff888144e9ed48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 687.863274][ T30] #1: ffffc9000453fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 687.875210][ T30] #2: ffff88802826f190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 687.884229][ T30] #3: ffff888030339190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 [ 687.893551][ T30] #4: ffff888020a82160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 687.904190][ T30] #5: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_deregister_dev+0x88/0x210 [ 687.913982][ T30] 1 lock held by syz.0.10280/26777: [ 687.919285][ T30] #0: ffffffff8f621968 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4f/0x460 [ 687.934242][ T30] 2 locks held by syz.3.10426/27086: [ 687.939636][ T30] #0: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0 [ 687.948548][ T30] #1: ffffffff8f621968 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x56/0x550 [ 687.957047][ T30] 1 lock held by syz.1.10872/28069: [ 687.962323][ T30] #0: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0 [ 687.971207][ T30] 1 lock held by syz.0.11398/29427: [ 687.976415][ T30] #0: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0 [ 687.985346][ T30] 1 lock held by syz.1.11861/30426: [ 687.990628][ T30] #0: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0 [ 687.999532][ T30] 1 lock held by syz.0.12233/31253: [ 688.004738][ T30] #0: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0 [ 688.014373][ T30] 2 locks held by syz.3.12587/32025: [ 688.019894][ T30] #0: ffff888145377190 (&dev->mutex){....}-{3:3}, at: usbdev_ioctl+0x268/0x6120 [ 688.029194][ T30] #1: ffff8881453a8160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 688.040662][ T30] 1 lock held by syz.3.12587/32027: [ 688.046686][ T30] #0: ffff888145377190 (&dev->mutex){....}-{3:3}, at: usbdev_ioctl+0x268/0x6120 [ 688.055985][ T30] 1 lock held by syz.0.12684/32229: [ 688.061252][ T30] #0: ffffffff8f599bf0 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0 [ 688.070179][ T30] 1 lock held by syz.1.12877/32650: [ 688.075387][ T30] #0: ffff888028287190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x156/0x770 [ 688.084485][ T30] 2 locks held by syz.3.12906/32713: [ 688.090256][ T30] #0: ffff88804cf08d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 688.100365][ T30] #1: ffff88804cf08078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0 [ 688.110146][ T30] 2 locks held by syz.4.12929/300: [ 688.115255][ T30] #0: ffffffff8fcbffc8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 688.124307][ T30] #1: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 688.136017][ T30] 3 locks held by syz.0.12930/32766: [ 688.142107][ T30] #0: ffff888053584d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 688.152161][ T30] #1: ffff888053584078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0 [ 688.161935][ T30] #2: ffffffff8fe2c8e8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 [ 688.172094][ T30] [ 688.174430][ T30] ============================================= [ 688.174430][ T30] [ 688.182917][ T30] NMI backtrace for cpu 1 [ 688.187253][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 688.198112][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 688.208185][ T30] Call Trace: [ 688.211472][ T30] [ 688.214411][ T30] dump_stack_lvl+0x241/0x360 [ 688.219107][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 688.224309][ T30] ? __pfx__printk+0x10/0x10 [ 688.228908][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 688.233872][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 688.239352][ T30] ? _printk+0xd5/0x120 [ 688.243517][ T30] ? __pfx__printk+0x10/0x10 [ 688.248116][ T30] ? __wake_up_klogd+0xcc/0x110 [ 688.252983][ T30] ? __pfx__printk+0x10/0x10 [ 688.257580][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 688.262609][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 688.268612][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 688.274607][ T30] watchdog+0xff4/0x1040 [ 688.278874][ T30] ? watchdog+0x1ea/0x1040 [ 688.283312][ T30] ? __pfx_watchdog+0x10/0x10 [ 688.288004][ T30] kthread+0x2f0/0x390 [ 688.292090][ T30] ? __pfx_watchdog+0x10/0x10 [ 688.296771][ T30] ? __pfx_kthread+0x10/0x10 [ 688.301359][ T30] ret_from_fork+0x4b/0x80 [ 688.305779][ T30] ? __pfx_kthread+0x10/0x10 [ 688.310363][ T30] ret_from_fork_asm+0x1a/0x30 [ 688.315132][ T30] [ 688.319401][ T30] Sending NMI from CPU 1 to CPUs 0: [ 688.324655][ C0] NMI backtrace for cpu 0 [ 688.324668][ C0] CPU: 0 UID: 0 PID: 2917 Comm: kworker/u8:7 Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 688.324688][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 688.324699][ C0] Workqueue: bat_events batadv_nc_worker [ 688.324725][ C0] RIP: 0010:lock_acquire+0x232/0x550 [ 688.324751][ C0] Code: 92 7e 83 f8 01 0f 85 a3 01 00 00 49 89 de 48 c1 eb 03 42 80 3c 2b 00 74 08 4c 89 f7 e8 27 1d 8b 00 48 c7 44 24 60 00 00 00 00 <9c> 8f 44 24 60 42 80 3c 2b 00 74 08 4c 89 f7 e8 1a 1c 8b 00 f6 44 [ 688.324766][ C0] RSP: 0018:ffffc90009a079e0 EFLAGS: 00000046 [ 688.324778][ C0] RAX: 0000000000000001 RBX: 1ffff92001340f48 RCX: 0f731ad3aa72dd00 [ 688.324791][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0adc40 RDI: ffffffff8c6028a0 [ 688.324804][ C0] RBP: ffffc90009a07b40 R08: ffffffff94292807 R09: 1ffffffff2852500 [ 688.324817][ C0] R10: dffffc0000000000 R11: fffffbfff2852501 R12: 1ffff92001340f44 [ 688.324830][ C0] R13: dffffc0000000000 R14: ffffc90009a07a40 R15: 0000000000000246 [ 688.324843][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 688.324858][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 688.324870][ C0] CR2: 0000001b2ed1cff8 CR3: 000000000e734000 CR4: 00000000003526f0 [ 688.324885][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 688.324895][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 688.324907][ C0] Call Trace: [ 688.324913][ C0] [ 688.324921][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 688.324941][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 688.324966][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 688.324985][ C0] ? nmi_handle+0x2a/0x5a0 [ 688.325009][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 688.325036][ C0] ? nmi_handle+0x14f/0x5a0 [ 688.325053][ C0] ? nmi_handle+0x2a/0x5a0 [ 688.325070][ C0] ? lock_acquire+0x232/0x550 [ 688.325092][ C0] ? default_do_nmi+0x63/0x160 [ 688.325113][ C0] ? exc_nmi+0x123/0x1f0 [ 688.325133][ C0] ? end_repeat_nmi+0xf/0x53 [ 688.325153][ C0] ? lock_acquire+0x232/0x550 [ 688.325176][ C0] ? lock_acquire+0x232/0x550 [ 688.325199][ C0] ? lock_acquire+0x232/0x550 [ 688.325221][ C0] [ 688.325227][ C0] [ 688.325236][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 688.325261][ C0] ? batadv_nc_worker+0xcb/0x610 [ 688.325281][ C0] ? __pfx_lock_release+0x10/0x10 [ 688.325306][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 688.325333][ C0] batadv_nc_worker+0xec/0x610 [ 688.325353][ C0] ? batadv_nc_worker+0xcb/0x610 [ 688.325374][ C0] ? batadv_nc_worker+0xcb/0x610 [ 688.325395][ C0] ? process_scheduled_works+0x976/0x1850 [ 688.325418][ C0] process_scheduled_works+0xa63/0x1850 [ 688.325451][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 688.325477][ C0] ? assign_work+0x364/0x3d0 [ 688.325499][ C0] worker_thread+0x870/0xd30 [ 688.325527][ C0] ? __kthread_parkme+0x169/0x1d0 [ 688.325552][ C0] ? __pfx_worker_thread+0x10/0x10 [ 688.325573][ C0] kthread+0x2f0/0x390 [ 688.325588][ C0] ? __pfx_worker_thread+0x10/0x10 [ 688.325609][ C0] ? __pfx_kthread+0x10/0x10 [ 688.325625][ C0] ret_from_fork+0x4b/0x80 [ 688.325647][ C0] ? __pfx_kthread+0x10/0x10 [ 688.325662][ C0] ret_from_fork_asm+0x1a/0x30 [ 688.325691][ C0] [ 688.328984][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 688.328999][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 688.329028][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 688.329040][ T30] Call Trace: [ 688.329048][ T30] [ 688.329057][ T30] dump_stack_lvl+0x241/0x360 [ 688.329082][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 688.329101][ T30] ? __pfx__printk+0x10/0x10 [ 688.329118][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 688.329150][ T30] ? vscnprintf+0x5d/0x90 [ 688.329174][ T30] panic+0x349/0x880 [ 688.329192][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 688.329215][ T30] ? __pfx_panic+0x10/0x10 [ 688.329231][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 688.329251][ T30] ? __irq_work_queue_local+0x137/0x410 [ 688.329277][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 688.329295][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 688.329317][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 688.329341][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 688.329366][ T30] watchdog+0x1033/0x1040 [ 688.329389][ T30] ? watchdog+0x1ea/0x1040 [ 688.329416][ T30] ? __pfx_watchdog+0x10/0x10 [ 688.329439][ T30] kthread+0x2f0/0x390 [ 688.329457][ T30] ? __pfx_watchdog+0x10/0x10 [ 688.329477][ T30] ? __pfx_kthread+0x10/0x10 [ 688.329497][ T30] ret_from_fork+0x4b/0x80 [ 688.329520][ T30] ? __pfx_kthread+0x10/0x10 [ 688.329538][ T30] ret_from_fork_asm+0x1a/0x30 [ 688.329572][ T30] [ 688.799087][ T30] Kernel Offset: disabled [ 688.803399][ T30] Rebooting in 86400 seconds..