last executing test programs: 21.535040259s ago: executing program 2 (id=1952): socket$kcm(0x10, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000140)=""/4087, 0xff7}], 0x1, 0x0, 0xffffffff) 19.669121869s ago: executing program 2 (id=2043): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) syz_init_net_socket$netrom(0x6, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) write$capi20_data(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="14990b00009ba3f3a74d1d3e9dec97ae5749eb889957670e070d810f5ab4ec928651ce5f0dff9e095bcf9c0f025817346752fd5958d2c2ba7d3b457bf3406669c0a7cf329aca88a66c9c50a10e62436caec08ecc10fadd25d81bf2127131bb3dbc5f2857d38f5dace2c0d2d413c874a1f3352d8da3303294319f9c4be2ebbd140d145a25e087cc5378fc47353884ab94f5fd79aea4abc31be32df9987e61073d02ac"], 0x12) 19.297957852s ago: executing program 2 (id=2046): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, 0x0) syz_open_pts(r1, 0x0) r2 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000080), &(0x7f0000000180)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r2, 0x381b, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 18.892958327s ago: executing program 2 (id=2049): openat$vimc1(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000380)) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r2, 0x3, r1, 0x5}) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r3) mkdir(&(0x7f0000000000)='./control\x00', 0x0) r4 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r4, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r4, &(0x7f0000000280)=""/54, 0x36) unlinkat(r4, &(0x7f0000000140)='./control\x00', 0x200) getdents(r4, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 15.744055525s ago: executing program 2 (id=2054): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x80}, 0x0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) pwritev2(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)="7270aa3f0c63ef31716980d71af481e691d156e5c690c37493c965008b713ed133a85027d43b49d05b8ec0e538f674752205f76fb42632a5233a7d64e1cea692029b6a", 0x43}], 0x1, 0x0, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000ac0)={0x1, 0x0, [{0x0, 0xd3, &(0x7f0000000780)=""/211}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x1}) socket$vsock_stream(0x28, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0502103, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_PORT={0x8, 0x2}, @NFTA_TPROXY_FAMILY={0x8}]}}}]}]}], {0x14}}, 0x7c}}, 0x0) ioperm(0x0, 0x0, 0x4) r2 = socket(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000100), &(0x7f0000000140)=0x4) fstat(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r3) syz_usb_connect$uac1(0x0, 0x9f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8d, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc}, @input_terminal={0xc}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x0, 0x0, 0x0, "f6f81132fff8"}, @as_header={0x7}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x103}}}}}}}]}}, 0x0) 14.747158806s ago: executing program 2 (id=2055): syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000400)={0x2, 0x0, [{}, {0x0, 0x0, 0x3}]}) creat(&(0x7f00000000c0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140)) 8.91481774s ago: executing program 3 (id=2071): r0 = gettid() r1 = io_uring_setup(0x7fe7, &(0x7f0000000140)={0x0, 0x0, 0x3000}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x7c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x5d, 0x33, @beacon={{{}, {0x8}, @device_b, @device_b}, 0x1000, @random, 0x0, @void, @val, @val={0x3, 0x1, 0x3}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0xb7}}, @val={0x2d, 0x1a, {0x2, 0x2, 0x6, 0x0, {0x6df, 0xff, 0x0, 0x3, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x1, 0x101, 0x5}}, @void, @val={0x71, 0x7, {0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x60}}, @void}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4005}, 0x0) io_uring_enter(r1, 0x0, 0xe257, 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000000), 0xffe000) r7 = syz_io_uring_setup(0xd5, &(0x7f0000000480), &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r7, 0x47ba, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo(r0, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff}) r10 = socket(0x200000100000011, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) r12 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r12, 0x0, 0x80, &(0x7f00000001c0)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x0, 0x0, 0x20000070], 0x0, 0x0, &(0x7f0000000040)=[{}, {0x2}, {}]}, 0x108) bind$packet(r10, &(0x7f0000000040)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_int(r10, 0x107, 0xf, &(0x7f0000000100), 0x4) sendmsg$netlink(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x0, "", [@generic="d96e6c8d5e"]}, 0xa}, {0x0}], 0x2}, 0x0) r13 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$FUSE(r13, 0x0, 0x0) 7.238069336s ago: executing program 3 (id=2076): openat$vimc1(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000380)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000180)={r2}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r3, 0x3, r1, 0x5}) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r4 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r4) mkdir(&(0x7f0000000000)='./control\x00', 0x0) r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r5, &(0x7f0000000280)=""/54, 0x36) unlinkat(r5, &(0x7f0000000140)='./control\x00', 0x200) getdents(r5, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r6 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 7.206556739s ago: executing program 1 (id=2077): syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000400)={0x2, 0x0, [{}, {0x0, 0x0, 0x3}]}) creat(&(0x7f00000000c0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140)) 6.818049265s ago: executing program 1 (id=2078): syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180), 0x4200, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) creat(0x0, 0x0) chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000000c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) close(0xffffffffffffffff) syz_open_dev$vim2m(&(0x7f0000000a40), 0x9, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x10000, 0x20001, 0x6, 0x91}, 0x48) 6.755179058s ago: executing program 4 (id=2079): socket$kcm(0x10, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000140)=""/4087, 0xff7}], 0x1, 0x0, 0xffffffff) 5.966703936s ago: executing program 0 (id=2080): madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) r0 = io_uring_setup(0x1fc3, &(0x7f00000002c0)) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040f04060007049f1c66c424c847cc6456809ecbafce2adc5516da9566ee448688674b5e3d572b9839c525ec2dd00944fd278e84b2f58c0b274aa2b7ad0000000000000000970762880ad72c71df06b9740d1ec24e52d807000000008e42dff609b6e479be29dadcd63720f7e4ceb06ede5dfa38347bdfa67aced4d2fa6b9d71ad48874a826b9f7a7b5538cc46ccb517dad9f5e5323cc894"], 0x7) syz_emit_vhci(0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x5) accept(r1, &(0x7f0000000200)=@can, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') lstat(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0)) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0xe0ff, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x74800) write$binfmt_aout(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x0) close_range(r0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x15) madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8) socket$nl_generic(0x10, 0x3, 0x10) 5.933742985s ago: executing program 4 (id=2081): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"}) syz_open_pts(0xffffffffffffffff, 0x0) r2 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000080), &(0x7f0000000180)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r2, 0x381b, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.486413558s ago: executing program 1 (id=2082): r0 = socket(0x0, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) 5.320331183s ago: executing program 4 (id=2083): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x74, 0x2}, @ramp}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) readv(r0, 0x0, 0x0) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) 5.16532865s ago: executing program 3 (id=2084): socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$phonet_pipe(0x23, 0x5, 0x2) poll(0x0, 0x0, 0x2) socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000004680)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d010000000100bf000000003bbd424c6e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b00f45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e460a000517ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab71587a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd41503f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb372713255012e00300000000000000b35faae176f98b745eda2967199cc93685bb537e8e487166737089df20618cd4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df08445e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5aed65201cc2c51944da8d7391d5b6b9741aa3b76600cd1aa0afe5f8f46df4c5124caf673374b371867a79b31c6617fc3327191fbf514573f1e30d1fd2d763f3ee9218b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf81109715b67ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87dc0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c534187738655d7a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74f1ffdaccf0ea5f02e0219ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01efada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa400d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82b04cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b00110635376413c29f7c6f7b7e29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000bc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5b98e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22adef9546abb9b5fe7f30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b3bff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b011d193ba8075da1d1da9311a050000ab89524414cae922141f7baf17756c31559907a53581b6ebb790ad60bd03870c39d1ad12c750837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a156ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf0a74680bc9987d5aade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de10bacecfff2d58437f422df4252c018795310c25e8fce18ed366ac2caade564ca869727a7dc26271e17d7aba48971835530311545273d3caadeb5d2017dcddab8f38f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f736c5867831c5d6eaa9ef1806fd95bbe00318000000000000259da51ff7517ace7361420a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94993157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d703dd29ad77f54836779600bb0db3ecfad36fa8164999898e4aaa56324e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d32edfca386be16b1c549aec52e31e1405d86c7760282901750b732ec06b0db735222a731195633164704886a0c50a5db0d694028cdf61b9749d5d7bd79969a92114ca804a6365615ceb09ed22e4fc3a7d0e2ee4a5fc10f3d01346481e934e411d0e9d7a9fa515a2219b526d8f3e2b383ef694ff99257fc52c31a3503ce22e503214fa808301b489bb0cd8000000000000159c447fc6f1bf1137f6863aceb90d62dae497fe08f7e627727ad0919a62fe92a33f1e5d390000000000000000004135cb6dda469cd6622e6c36e9f005789e6b827c07b8f4f8d4f15695fe30d32ee6efe22cf8d299239eaa54e5c699a904a0344febb884d1cc94f552f48d84ee3431d817edc4bdb762d62778f30baee4aa428bba55f6cff1b5ba395d461db8ffe6fb89e1058a73bc8564c86497b92330b23cb3befb569cc67f15e349644a2c47924423e2983517074747680306eddd948e5211377575787cfa291ec8796dd7db6968791aea4f5e627b219e99bb9262493bbf04415b22ee398406ec88f6b758f6b240a87dc169f51d3a79fb512afae14fbc5e7808764b8550622c1e3080cdd6b21ce0f0324712343943f5e061df056b3b809c07e1318daf9ed1ebea0f95e302dab0b6bc52ed2aac8b950b448ca3a03d1bd21078c54f5cf86c5563b9bba2805a30574a4123e27d6f281f70ac769c62b49bf7cc73f0c9a2b84534d234d2eb136f8620d3e1147a7b7361618e0064cad6fe32685d143af0d378d54c0a5953c764ae8721bd23cba4701e9f0d7a6e1ba92c87b0384f8ee595d618f7cf5a80a0a2edc2541072e146c1e5a8f7b65c877af04e742cfdcac0641a11d51fd6dc88965691bce388005fbb071451bc260bcf7df8890d9c5c8ef47bc4ff5080a2a771f85b4f3d2a2259196a8423e7a992e9b320a40921f6f74d5b0e94be6c9c059e62ff53e5c2139806cca4545d88a7f7ff366e5d7f08a56609130931b64e3bb70000d38011b924ed9df6aa170c6d845f43c0bcbe3839cd1422944651a5908c76c3f3b4070aa1d896e4adc117698c452c9926442a000e128bb936a99536290f906c088cb10ee7bee50b7b013e4e1ff3481d77c7697738b46deebd9ac6e58b41341dcbfad161e3d529a504821549629ef63f8297bec881eb5edb07ed6c86640fb4128d7931e56bb89f0ce605"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r6 = socket$kcm(0x29, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)={'#! ', './bus', [{0x20, '#&\\(@[#)\x8f%'}, {0x20, ']\'*\''}]}, 0x19) ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000180)={r4, r5}) 5.075305068s ago: executing program 1 (id=2085): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004ea", @ANYBLOB="f7", @ANYRESOCT], 0x0) syz_usb_ep_read(0xffffffffffffffff, 0x1, 0xe2, &(0x7f0000000000)=""/226) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) syz_usb_disconnect(r0) write$char_usb(r2, 0x0, 0x0) 5.050060599s ago: executing program 4 (id=2086): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) landlock_create_ruleset(&(0x7f0000000000), 0x10, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) prlimit64(0x0, 0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r6 = syz_open_procfs(r5, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40106614, 0x0) 4.290361707s ago: executing program 0 (id=2087): syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000400)={0x2, 0x0, [{}, {0x0, 0x0, 0x3}]}) creat(&(0x7f00000000c0)='./file0\x00', 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140)) 3.560573253s ago: executing program 3 (id=2088): syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180), 0x4200, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) creat(0x0, 0x0) chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) close(0xffffffffffffffff) syz_open_dev$vim2m(&(0x7f0000000a40), 0x9, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x10000, 0x20001, 0x6, 0x91}, 0x48) 3.339602583s ago: executing program 4 (id=2089): openat$vimc1(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000380)) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000180)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r2, 0x3, r1, 0x5}) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r3 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r3) mkdir(&(0x7f0000000000)='./control\x00', 0x0) r4 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r4, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r4, &(0x7f0000000280)=""/54, 0x36) unlinkat(r4, &(0x7f0000000140)='./control\x00', 0x200) getdents(r4, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 3.099093614s ago: executing program 0 (id=2090): socket$kcm(0x10, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000140)=""/4087, 0xff7}], 0x1, 0x0, 0xffffffff) 2.597622273s ago: executing program 3 (id=2091): recvmsg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @empty}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r2, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) 2.589663948s ago: executing program 0 (id=2092): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"}) syz_open_pts(0xffffffffffffffff, 0x0) r2 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000080), &(0x7f0000000180)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r2, 0x381b, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.348530879s ago: executing program 3 (id=2093): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) shutdown(r1, 0x1) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) recvmmsg(r2, &(0x7f0000006f80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000006780)=[{0xfffffffffffffffc}], 0x1}}], 0x2, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_HEADER(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x64, 0xc, 0x6, 0x804, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x40) sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000000c0)={0x0, @in={{0xa, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, &(0x7f0000000040)=0x90) sched_setscheduler(0x0, 0x0, 0x0) lsetxattr$security_evm(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180), &(0x7f00000001c0)=@md5={0x1, "88540ef44dd0f88b5c3a3c049bac3fe2"}, 0x11, 0x2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000200), 0xfffffd9d) r6 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000000)=0x0, &(0x7f0000001480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x3f70, 0x0, 0x0, 0x0, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$vim2m_VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, 0x0) sendfile(r4, r5, 0x0, 0x8000002b) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000003680)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xa}, @hci_ev_le_conn_update_complete}}, 0xd) socket$inet6_udp(0xa, 0x2, 0x0) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a001000000002800000129406bfdd59461d183d143013e8b7fefb3b54bceabf6b2505af8dac06d168261c0ae1b88963f1bb6ed81f531e5cd4781d9b1ad731b98bfeee2daf4e227209b2928181c5cb8c05b94a0dd2", 0x77}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) 2.291997396s ago: executing program 0 (id=2094): openat$vimc1(0xffffffffffffff9c, &(0x7f0000002100), 0x2, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000380)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f0000000180)={r2}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r3, 0x3, r1, 0x5}) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r4 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r4) mkdir(&(0x7f0000000000)='./control\x00', 0x0) r5 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) mkdirat(r5, &(0x7f0000000100)='./control\x00', 0x0) getdents64(r5, &(0x7f0000000280)=""/54, 0x36) unlinkat(r5, &(0x7f0000000140)='./control\x00', 0x200) getdents(r5, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r6 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.709959802s ago: executing program 4 (id=2095): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x6, 0x4, &(0x7f0000013d40)=ANY=[@ANYBLOB="18000000000000000000000000000000b5000000087c950095"], &(0x7f0000000140)='syzkaller\x00'}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={0xffffffffffffffff, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x40) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2800000010001100"/20, @ANYRES32=r4, @ANYBLOB='\x00\x00\x00t\x00\x00\x00\x00\b\x00\n\x00', @ANYRESHEX=r3, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x50}, 0x8084) 1.294120467s ago: executing program 0 (id=2096): socket$tipc(0x1e, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast1, 0x2, 0x0, 0x0, 0x2}, 0x20) ioctl(0xffffffffffffffff, 0x8b32, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) lseek(0xffffffffffffffff, 0x0, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}}) syz_io_uring_setup(0x2666, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3, &(0x7f0000000080)=0x1, 0x50, 0x0) mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) 1.248987029s ago: executing program 1 (id=2097): socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$phonet_pipe(0x23, 0x5, 0x2) poll(0x0, 0x0, 0x2) socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000004680)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d010000000100bf000000003bbd424c6e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b00f45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e460a000517ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab71587a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd41503f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb372713255012e00300000000000000b35faae176f98b745eda2967199cc93685bb537e8e487166737089df20618cd4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df08445e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5aed65201cc2c51944da8d7391d5b6b9741aa3b76600cd1aa0afe5f8f46df4c5124caf673374b371867a79b31c6617fc3327191fbf514573f1e30d1fd2d763f3ee9218b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf81109715b67ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87dc0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c534187738655d7a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74f1ffdaccf0ea5f02e0219ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01efada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa400d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82b04cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b00110635376413c29f7c6f7b7e29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000bc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5b98e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22adef9546abb9b5fe7f30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b3bff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b011d193ba8075da1d1da9311a050000ab89524414cae922141f7baf17756c31559907a53581b6ebb790ad60bd03870c39d1ad12c750837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a156ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf0a74680bc9987d5aade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de10bacecfff2d58437f422df4252c018795310c25e8fce18ed366ac2caade564ca869727a7dc26271e17d7aba48971835530311545273d3caadeb5d2017dcddab8f38f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f736c5867831c5d6eaa9ef1806fd95bbe00318000000000000259da51ff7517ace7361420a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94993157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d703dd29ad77f54836779600bb0db3ecfad36fa8164999898e4aaa56324e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d32edfca386be16b1c549aec52e31e1405d86c7760282901750b732ec06b0db735222a731195633164704886a0c50a5db0d694028cdf61b9749d5d7bd79969a92114ca804a6365615ceb09ed22e4fc3a7d0e2ee4a5fc10f3d01346481e934e411d0e9d7a9fa515a2219b526d8f3e2b383ef694ff99257fc52c31a3503ce22e503214fa808301b489bb0cd8000000000000159c447fc6f1bf1137f6863aceb90d62dae497fe08f7e627727ad0919a62fe92a33f1e5d390000000000000000004135cb6dda469cd6622e6c36e9f005789e6b827c07b8f4f8d4f15695fe30d32ee6efe22cf8d299239eaa54e5c699a904a0344febb884d1cc94f552f48d84ee3431d817edc4bdb762d62778f30baee4aa428bba55f6cff1b5ba395d461db8ffe6fb89e1058a73bc8564c86497b92330b23cb3befb569cc67f15e349644a2c47924423e2983517074747680306eddd948e5211377575787cfa291ec8796dd7db6968791aea4f5e627b219e99bb9262493bbf04415b22ee398406ec88f6b758f6b240a87dc169f51d3a79fb512afae14fbc5e7808764b8550622c1e3080cdd6b21ce0f0324712343943f5e061df056b3b809c07e1318daf9ed1ebea0f95e302dab0b6bc52ed2aac8b950b448ca3a03d1bd21078c54f5cf86c5563b9bba2805a30574a4123e27d6f281f70ac769c62b49bf7cc73f0c9a2b84534d234d2eb136f8620d3e1147a7b7361618e0064cad6fe32685d143af0d378d54c0a5953c764ae8721bd23cba4701e9f0d7a6e1ba92c87b0384f8ee595d618f7cf5a80a0a2edc2541072e146c1e5a8f7b65c877af04e742cfdcac0641a11d51fd6dc88965691bce388005fbb071451bc260bcf7df8890d9c5c8ef47bc4ff5080a2a771f85b4f3d2a2259196a8423e7a992e9b320a40921f6f74d5b0e94be6c9c059e62ff53e5c2139806cca4545d88a7f7ff366e5d7f08a56609130931b64e3bb70000d38011b924ed9df6aa170c6d845f43c0bcbe3839cd1422944651a5908c76c3f3b4070aa1d896e4adc117698c452c9926442a000e128bb936a99536290f906c088cb10ee7bee50b7b013e4e1ff3481d77c7697738b46deebd9ac6e58b41341dcbfad161e3d529a504821549629ef63f8297bec881eb5edb07ed6c86640fb4128d7931e56bb89f0ce605"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x7}, 0x48) r5 = socket$kcm(0x29, 0x2, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)={'#! ', './bus', [{0x20, '#&\\(@[#)\x8f%'}, {0x20, ']\'*\''}]}, 0x19) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000180)={r3, r4}) 0s ago: executing program 1 (id=2098): socket$pptp(0x18, 0x1, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x1c, 0x0, 0x2, 0x1, 0x4}, 0x20) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) pread64(0xffffffffffffffff, &(0x7f0000000880)=""/4096, 0x1000, 0x0) unshare(0x2a020400) r5 = syz_open_dev$vivid(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, &(0x7f0000000040)={0x0, 0x3, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "c7e49ffd"}}) ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, &(0x7f0000000040)) listen(r1, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_cipso(0x0, r6) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000640)=ANY=[@ANYRES16=r7, @ANYRESHEX=r3], 0x160}}, 0x4000000) mincore(&(0x7f00009ff000/0xc000)=nil, 0xc000, &(0x7f0000000000)=""/255) kernel console output (not intermixed with test programs): s unknown, defaulting to 1000 [ 722.379972][T11301] pim6reg1: entered promiscuous mode [ 722.399776][T11301] pim6reg1: entered allmulticast mode [ 723.080155][ T29] audit: type=1400 audit(1720196065.174:1113): avc: denied { getopt } for pid=11324 comm="syz.1.1518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 723.655104][T11349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 723.735156][T11349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 723.929284][ T29] audit: type=1400 audit(1720196066.024:1114): avc: denied { setopt } for pid=11348 comm="syz.4.1525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 723.983826][T11349] ip6gretap0 speed is unknown, defaulting to 1000 [ 724.159098][T11362] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11362 comm=syz.2.1528 [ 724.214519][ T29] audit: type=1400 audit(1720196066.314:1115): avc: denied { read } for pid=11360 comm="syz.2.1528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 724.489858][T11368] netlink: 208 bytes leftover after parsing attributes in process `syz.2.1530'. [ 724.721104][T11372] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 725.805753][T11397] overlayfs: failed to resolve './file0': -2 [ 725.980989][T11393] tipc: Enabling of bearer rejected, failed to enable media [ 727.051643][ T4551] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 727.261273][ T4551] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 727.307618][ T4551] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 727.326347][ T4551] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 727.341996][ T4551] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 727.353737][ T4551] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.369471][ T4551] usb 5-1: config 0 descriptor?? [ 727.391299][T11402] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 727.648551][ T1797] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 727.838532][ T1797] usb 1-1: Using ep0 maxpacket: 32 [ 727.847014][ T4551] plantronics 0003:047F:FFFF.000C: unknown main item tag 0xd [ 727.866134][ T1797] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 727.869248][ T4551] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 727.879280][ T1797] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 727.898289][ T1797] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 727.914620][ T1797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 727.930311][ T4551] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 727.932863][ T1797] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 727.959356][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 727.961449][ T1797] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 727.972237][T11423] pim6reg1: entered promiscuous mode [ 727.996422][ T1797] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 728.006772][ T1797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.018609][T11423] pim6reg1: entered allmulticast mode [ 728.026049][ T1797] usb 1-1: config 0 descriptor?? [ 728.149417][ T4551] usb 5-1: USB disconnect, device number 26 [ 728.194472][ T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 728.243964][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 728.281422][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 728.293533][ T1797] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 25 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 728.321563][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 728.353028][ T1797] usb 1-1: USB disconnect, device number 25 [ 728.386910][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 728.416615][ T9] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 728.428475][ T9] usb 3-1: Manufacturer: syz [ 728.439302][ T9] usb 3-1: config 0 descriptor?? [ 728.451525][ T1797] usblp0: removed [ 728.885556][ T9] appleir 0003:05AC:8243.000D: unknown main item tag 0x0 [ 728.923748][ T9] appleir 0003:05AC:8243.000D: No inputs registered, leaving [ 729.041998][ T9] appleir 0003:05AC:8243.000D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 729.148588][ T1797] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 729.388959][ T1797] usb 1-1: Using ep0 maxpacket: 32 [ 729.400964][ T1797] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 729.444552][ T1797] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 729.473848][ T1797] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 729.487224][ T1797] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 729.498131][ T1797] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 729.509146][ T1797] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 729.525893][ T1797] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 729.535770][ T1797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.564892][ T1797] usb 1-1: config 0 descriptor?? [ 729.642925][T10155] usb 3-1: USB disconnect, device number 25 [ 729.799604][ T1797] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 26 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 730.008796][ T4551] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 730.225098][ T4551] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 730.266630][ T4551] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 730.309426][ T4551] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 730.348525][ T4551] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 730.371741][ T4551] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 730.391749][ T4551] usb 2-1: Product: syz [ 730.419442][ T4551] usb 2-1: Manufacturer: syz [ 730.441836][ T4551] usb 2-1: SerialNumber: syz [ 730.843968][T11452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 730.892726][T11452] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 730.919274][T10155] usb 1-1: USB disconnect, device number 26 [ 731.026174][T10155] usblp0: removed [ 731.294139][ T4551] usb 2-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 731.333157][ T4551] usb 2-1: found format II with max.bitrate = 0, frame size=0 [ 731.359191][ T4551] usb 2-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 731.395337][T11466] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1560'. [ 731.399130][ T4551] usb 2-1: found format II with max.bitrate = 0, frame size=0 [ 731.663031][ T4551] usb 2-1: USB disconnect, device number 23 [ 731.890573][T10155] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 732.819423][T10155] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 732.873009][T10155] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 732.931148][T10155] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 732.989285][T10155] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 733.022558][T10155] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 733.080089][T10155] usb 1-1: config 0 descriptor?? [ 733.119697][T11473] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 734.712637][T10155] plantronics 0003:047F:FFFF.000E: unknown main item tag 0xd [ 734.727738][T11405] udevd[11405]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 734.877177][T10155] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 734.895035][T11494] program syz.2.1570 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 734.973916][T10155] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 735.087494][T10155] usb 1-1: USB disconnect, device number 27 [ 735.362421][T11501] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1572'. [ 735.617714][ T29] audit: type=1400 audit(1720196077.714:1116): avc: denied { write } for pid=11499 comm="syz.4.1571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 736.178981][ T4551] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 736.411372][ T4551] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 736.466370][ T29] audit: type=1400 audit(1720196078.564:1117): avc: denied { listen } for pid=11516 comm="syz.4.1577" laddr=::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 736.510610][ T4551] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 736.587852][ T4551] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 736.640466][ T4551] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 736.666380][T11510] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 737.051068][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 737.291703][ T9] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 737.318857][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.414350][ T9] usb 3-1: config 0 descriptor?? [ 738.033416][ T9] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 738.457287][ T9] usb 3-1: USB disconnect, device number 26 [ 738.616295][ T29] audit: type=1400 audit(1720196080.704:1118): avc: denied { write } for pid=11530 comm="syz.4.1581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 738.666520][ T4750] dhcpcd (4750) used greatest stack depth: 21328 bytes left [ 739.036659][T11497] udevd[11497]: failed to send result of seq 15768 to main daemon: Connection refused [ 739.091724][ T9] usb 2-1: USB disconnect, device number 24 [ 739.432265][T10155] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 739.662709][T10155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 739.700224][T10155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 739.737258][T10155] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 739.794857][T10155] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 739.828352][T10155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.844363][T11547] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9) [ 739.851783][T11547] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 739.887094][T10155] usb 3-1: config 0 descriptor?? [ 739.900955][T11547] vhci_hcd vhci_hcd.0: Device attached [ 739.914109][T11542] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 740.140374][ T9] vhci_hcd: vhci_device speed not set [ 740.229125][ T9] usb 11-1: new full-speed USB device number 2 using vhci_hcd [ 740.337269][T11549] vhci_hcd: connection reset by peer [ 740.369042][T11559] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1589'. [ 740.377693][ T2482] vhci_hcd: stop threads [ 740.387045][ T2482] vhci_hcd: release socket [ 740.405640][ T2482] vhci_hcd: disconnect device [ 740.417677][T10155] plantronics 0003:047F:FFFF.000F: unknown main item tag 0xd [ 740.449848][T10155] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 740.495792][T10155] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 740.569343][T11561] bond1: entered promiscuous mode [ 740.574760][T11561] bond1: entered allmulticast mode [ 740.585516][T11561] 8021q: adding VLAN 0 to HW filter on device bond1 [ 740.877283][ T4551] usb 3-1: USB disconnect, device number 27 [ 741.850943][ T1111] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.384256][ T1111] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.778363][ T1111] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.048605][T11596] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11596 comm=syz.0.1601 [ 744.142458][ T1111] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.540420][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 744.553724][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 744.563992][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 744.575005][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 744.584882][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 744.715337][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 744.765709][ T29] audit: type=1400 audit(1720196086.834:1119): avc: denied { read } for pid=11600 comm="syz.2.1603" lport=37263 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 744.817931][T11584] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 745.033689][ T29] audit: type=1400 audit(1720196087.124:1120): avc: denied { read } for pid=11577 comm="syz.4.1595" name="/" dev="configfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 745.124537][ T29] audit: type=1400 audit(1720196087.214:1121): avc: denied { open } for pid=11577 comm="syz.4.1595" path="/" dev="configfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 745.338658][T11602] ip6gretap0 speed is unknown, defaulting to 1000 [ 745.357080][ T1111] bridge_slave_1: left allmulticast mode [ 745.385470][ T1111] bridge_slave_1: left promiscuous mode [ 745.445426][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state [ 745.453781][ T9] vhci_hcd: vhci_device speed not set [ 745.761842][ T1111] bridge_slave_0: left allmulticast mode [ 745.767577][ T1111] bridge_slave_0: left promiscuous mode [ 745.807801][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.150239][ T29] audit: type=1400 audit(1720196088.254:1122): avc: denied { execute } for pid=11613 comm="syz.3.1607" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=31389 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 746.439147][T11622] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1609'. [ 746.789533][T10512] Bluetooth: hci0: command tx timeout [ 746.836384][ T29] audit: type=1400 audit(1720196088.934:1123): avc: denied { listen } for pid=11629 comm="syz.3.1613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 746.866495][ T29] audit: type=1400 audit(1720196088.964:1124): avc: denied { write } for pid=11629 comm="syz.3.1613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 747.373517][ T29] audit: type=1400 audit(1720196089.474:1125): avc: denied { watch } for pid=11633 comm="syz.3.1614" path="/22/net_prio.prioidx" dev="tmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 747.445281][ T29] audit: type=1400 audit(1720196089.474:1126): avc: denied { watch_sb watch_reads } for pid=11633 comm="syz.3.1614" path="/22/net_prio.prioidx" dev="tmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 748.712756][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 748.747679][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 748.762118][ T1111] bond0 (unregistering): Released all slaves [ 748.938799][T10512] Bluetooth: hci0: command tx timeout [ 749.071873][ T5152] ip6gretap0 speed is unknown, defaulting to 1000 [ 749.899002][ T29] audit: type=1400 audit(1720196091.244:1127): avc: denied { ioctl } for pid=11639 comm="syz.3.1616" path="socket:[31503]" dev="sockfs" ino=31503 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 750.028559][ T29] audit: type=1400 audit(1720196091.244:1128): avc: denied { write } for pid=11639 comm="syz.3.1616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 750.506542][ T29] audit: type=1326 audit(1720196092.584:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11650 comm="syz.3.1620" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff50c175bd9 code=0x0 [ 750.603590][T10512] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 751.028573][T10512] Bluetooth: hci0: command tx timeout [ 751.436451][T11602] chnl_net:caif_netlink_parms(): no params data found [ 751.513293][ T1111] hsr_slave_0: left promiscuous mode [ 751.579287][ T1111] hsr_slave_1: left promiscuous mode [ 751.622760][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 751.648857][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 751.681901][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 751.705268][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 751.856919][ T1111] veth1_macvtap: left promiscuous mode [ 751.874972][ T1111] veth0_macvtap: left promiscuous mode [ 751.889112][ T1111] veth1_vlan: left promiscuous mode [ 751.901377][ T1111] veth0_vlan: left promiscuous mode [ 753.128505][T10512] Bluetooth: hci0: command tx timeout [ 753.388850][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 753.395607][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 755.331547][ T29] audit: type=1400 audit(1720196097.414:1130): avc: denied { mount } for pid=11686 comm="syz.4.1629" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 755.553619][ T29] audit: type=1400 audit(1720196097.424:1131): avc: denied { remount } for pid=11686 comm="syz.4.1629" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 756.025195][ T29] audit: type=1400 audit(1720196098.124:1132): avc: denied { unmount } for pid=6433 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 756.148548][ T4551] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 756.285836][ T29] audit: type=1326 audit(1720196098.384:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11701 comm="syz.4.1633" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8ced75bd9 code=0x0 [ 756.378863][ T4551] usb 1-1: Using ep0 maxpacket: 8 [ 756.409931][ T4551] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 756.425551][ T4551] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 756.464604][T11705] Process accounting resumed [ 756.469846][ T4551] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 756.509773][ T4551] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 756.528392][ T4551] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 756.577366][ T4551] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 756.600706][ T4551] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.859237][ T4551] usb 1-1: usb_control_msg returned -32 [ 756.871684][ T4551] usbtmc 1-1:16.0: can't read capabilities [ 757.004035][ T1111] team0 (unregistering): Port device team_slave_1 removed [ 757.179359][T10512] Bluetooth: hci0: command 0x0401 tx timeout [ 757.253531][ T1111] team0 (unregistering): Port device team_slave_0 removed [ 757.980442][ T5137] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 758.222289][ T5137] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 758.284386][ T5137] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 758.295777][ T5137] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 758.308110][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.437105][T11713] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 760.224938][ T1797] usb 4-1: USB disconnect, device number 28 [ 760.956624][ T5143] usb 1-1: USB disconnect, device number 28 [ 763.340626][T10512] Bluetooth: hci0: command 0x0401 tx timeout [ 763.613323][T11602] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.465878][T11602] bridge0: port 1(bridge_slave_0) entered disabled state [ 764.518541][T11602] bridge_slave_0: entered allmulticast mode [ 764.543281][T11602] bridge_slave_0: entered promiscuous mode [ 764.587330][T11602] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.616259][T11602] bridge0: port 2(bridge_slave_1) entered disabled state [ 764.639255][T11602] bridge_slave_1: entered allmulticast mode [ 764.668554][T11602] bridge_slave_1: entered promiscuous mode [ 764.903849][T11602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 764.959558][T11602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 765.179485][T11602] team0: Port device team_slave_0 added [ 765.214486][T11602] team0: Port device team_slave_1 added [ 765.366757][T11602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 765.376339][T11602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 765.403403][T11602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 765.425269][T11602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 765.432794][T11602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 765.466688][T11602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 765.489310][ T4551] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 765.682395][T11602] hsr_slave_0: entered promiscuous mode [ 765.686159][ T29] audit: type=1400 audit(1720196107.784:1134): avc: denied { create } for pid=11783 comm="syz.2.1656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 765.713659][ T4551] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 765.719516][T11784] delete_channel: no stack [ 765.732787][ T4551] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 765.749708][T11602] hsr_slave_1: entered promiscuous mode [ 765.812088][ T4551] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 765.856868][ T4551] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 765.870519][ T29] audit: type=1400 audit(1720196107.954:1135): avc: denied { bind } for pid=11783 comm="syz.2.1656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 765.916498][ T4551] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 765.936808][ T4551] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 765.950734][ T4551] usb 5-1: Manufacturer: syz [ 765.966018][ T4551] usb 5-1: config 0 descriptor?? [ 766.555477][ T4551] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 766.588003][ T4551] appleir 0003:05AC:8243.0010: No inputs registered, leaving [ 766.632123][ T4551] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 766.940307][T10512] Bluetooth: hci0: command 0x0401 tx timeout [ 767.834618][T11602] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 767.870316][T11602] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 767.917695][T11602] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 767.953760][T11602] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 769.332835][ T4551] usb 5-1: USB disconnect, device number 27 [ 770.029135][T11602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 770.270290][T11602] 8021q: adding VLAN 0 to HW filter on device team0 [ 770.401876][T11799] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 770.460701][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.468295][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 770.582889][ T5137] bridge0: port 2(bridge_slave_1) entered blocking state [ 770.590269][ T5137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 770.644224][T11824] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1666'. [ 770.978102][ T29] audit: type=1400 audit(1720196113.034:1136): avc: denied { read } for pid=11804 comm="syz.3.1662" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 771.125969][ T29] audit: type=1400 audit(1720196113.074:1137): avc: denied { open } for pid=11804 comm="syz.3.1662" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 771.408600][ T4551] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 771.648888][ T4551] usb 1-1: Using ep0 maxpacket: 8 [ 771.687314][ T4551] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 771.768462][ T4551] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 771.848573][ T4551] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 771.884866][T11602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 771.909899][ T4551] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 771.955187][ T4551] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 772.024268][ T4551] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 772.291677][ T4551] usb 1-1: usb_control_msg returned -32 [ 772.311924][T11602] veth0_vlan: entered promiscuous mode [ 772.328800][ T4551] usbtmc 1-1:16.0: can't read capabilities [ 772.408358][T11602] veth1_vlan: entered promiscuous mode [ 772.414953][ T4551] usb 1-1: USB disconnect, device number 29 [ 772.636987][T11602] veth0_macvtap: entered promiscuous mode [ 772.675023][T11602] veth1_macvtap: entered promiscuous mode [ 772.803284][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 772.848462][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 772.917782][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 772.965184][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.002458][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.066908][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.368282][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.386855][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.484846][T11844] atomic_op ffff88807f1ed198 conn xmit_atomic 0000000000000000 [ 774.077062][T11602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 774.162354][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.192687][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.202784][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.216392][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.227246][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.238298][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.256381][T11602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.268211][T11602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.303203][T11602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 774.391620][T11602] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 774.407054][T11602] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 774.425864][T11602] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 774.436413][T11602] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.186510][T10512] Bluetooth: hci0: command tx timeout [ 775.853231][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 775.912443][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 776.003866][ T2482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 776.300646][ T2482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 776.427161][T11864] nbd4: detected capacity change from 0 to 8388607 [ 776.810502][T11864] block nbd4: shutting down sockets [ 777.110024][T11869] kernel read not supported for file /eth0 (pid: 11869 comm: syz.0.1677) [ 777.120381][ T29] audit: type=1800 audit(1720196119.224:1138): pid=11869 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1677" name="eth0" dev="mqueue" ino=32447 res=0 errno=0 [ 777.144275][T11869] program syz.0.1677 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 777.731432][ T29] audit: type=1400 audit(1720196119.824:1139): avc: denied { connect } for pid=11872 comm="syz.3.1680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 778.282646][ T4551] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 778.486564][ T4551] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 778.547946][ T4551] usb 1-1: config 1 has no interface number 0 [ 778.695927][ T4551] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 778.709755][ T4551] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 778.721827][ T4551] usb 1-1: config 1 interface 1 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 778.767843][ T4551] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 778.806925][ T4551] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.842664][ T4551] usb 1-1: Product: syz [ 778.861139][ T4551] usb 1-1: Manufacturer: syz [ 778.866951][T10512] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 778.879032][ T4551] usb 1-1: SerialNumber: syz [ 779.762477][T11876] netlink: 'syz.0.1682': attribute type 8 has an invalid length. [ 779.809008][T11876] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1682'. [ 779.921394][ T4551] cdc_ncm 1-1:1.1: bind() failure [ 780.519138][ T1797] usb 1-1: USB disconnect, device number 30 [ 783.388784][T11938] nbd0: detected capacity change from 0 to 8388607 [ 784.438721][ T1797] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 785.633959][ T1797] usb 2-1: Using ep0 maxpacket: 32 [ 785.672782][ T1797] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 785.702145][ T1797] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 785.729292][ T1797] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 785.765501][ T1797] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 785.788095][ T1797] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.811453][ T1797] usb 2-1: Product: syz [ 785.815708][ T1797] usb 2-1: Manufacturer: syz [ 785.832695][ T1797] usb 2-1: SerialNumber: syz [ 785.851214][T10512] block nbd0: Receive control failed (result -104) [ 785.933902][T10512] Bluetooth: hci4: unexpected event 0x06 length: 17 > 3 [ 786.032842][T10512] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 786.047670][T10512] Bluetooth: Wrong link type (-22) [ 786.053160][T10512] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 786.060097][T10512] Bluetooth: Wrong link type (-22) [ 786.065329][T10512] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 786.071978][T10512] Bluetooth: Wrong link type (-22) [ 786.077666][T10512] Bluetooth: hci4: link tx timeout [ 786.083592][T10512] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 786.133706][ T1797] usb 2-1: 0:2 : does not exist [ 786.455966][ T1797] usb 2-1: USB disconnect, device number 25 [ 786.516667][T11965] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 786.527174][T11965] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 786.737830][ T29] audit: type=1326 audit(1720196128.834:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11968 comm="syz.4.1707" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8ced75bd9 code=0x0 [ 787.978579][ T53] Bluetooth: hci4: command tx timeout [ 788.946956][T10512] Bluetooth: hci0: unexpected event 0x06 length: 17 > 3 [ 789.805185][T10512] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 789.827308][T10512] Bluetooth: Wrong link type (-22) [ 789.833320][T10512] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 789.840472][T10512] Bluetooth: Wrong link type (-22) [ 789.845725][T10512] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 789.852376][T10512] Bluetooth: Wrong link type (-22) [ 789.858093][T10512] Bluetooth: hci0: link tx timeout [ 789.865671][T10512] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 789.963129][T12015] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 789.978692][T12015] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 790.456416][ T29] audit: type=1326 audit(1720196132.554:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12024 comm="syz.4.1722" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8ced75bd9 code=0x0 [ 790.498798][T10512] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 790.538721][T10512] Bluetooth: hci4: command 0x0406 tx timeout [ 791.108523][T10512] Bluetooth: hci0: command tx timeout [ 792.517920][ T53] Bluetooth: hci2: unexpected event 0x06 length: 17 > 3 [ 793.179088][ T53] Bluetooth: hci0: command tx timeout [ 793.408603][ T29] audit: type=1400 audit(1720196134.874:1142): avc: denied { mount } for pid=12049 comm="syz.4.1729" name="/" dev="hugetlbfs" ino=33816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 793.469572][ T53] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 793.500740][ T29] audit: type=1400 audit(1720196135.504:1143): avc: denied { unmount } for pid=6433 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 793.551306][T12052] sctp: [Deprecated]: syz.1.1732 (pid 12052) Use of int in maxseg socket option. [ 793.551306][T12052] Use struct sctp_assoc_value instead [ 793.568173][T12056] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 793.637447][T12056] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 794.324858][ T5143] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 794.543917][T10512] Bluetooth: hci2: command 0x0406 tx timeout [ 794.551520][T12070] fuse: Bad value for 'fd' [ 794.561398][ T5143] usb 2-1: config index 0 descriptor too short (expected 123, got 122) [ 794.598667][ T5143] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 794.650536][ T5143] usb 2-1: too many endpoints for config 1 interface 1 altsetting 41: 221, using maximum allowed: 30 [ 794.712504][ T5143] usb 2-1: config 1 interface 1 altsetting 41 has 0 endpoint descriptors, different from the interface descriptor's value: 221 [ 794.739389][T12065] netlink: 'syz.3.1734': attribute type 10 has an invalid length. [ 794.767585][ T5143] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 794.791386][ T5143] usb 2-1: config 1 interface 1 has no altsetting 0 [ 794.802222][ T5143] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 794.812357][ T5143] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 794.843749][ T5143] usb 2-1: Product: syz [ 794.906995][T12065] team0: Port device netdevsim0 added [ 794.931503][ T5100] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 794.945314][ T5100] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 794.958017][ T5100] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 794.969995][ T5100] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 794.978705][ T5100] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 794.986428][ T5100] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 795.108111][T12073] netlink: 'syz.3.1734': attribute type 10 has an invalid length. [ 795.151943][ T5143] usb 2-1: Manufacturer: Љ [ 795.160195][ T5143] usb 2-1: SerialNumber: syz [ 795.181390][T12052] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 795.233416][T12073] team0: Port device netdevsim0 removed [ 795.253846][T12073] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 795.488618][ T5152] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 795.504829][ T5143] usb 2-1: selecting invalid altsetting 0 [ 795.524402][ T5143] usb 2-1: selecting invalid altsetting 0 [ 795.537236][ T5143] cdc_ncm 2-1:1.0: bind() failure [ 795.576957][ T5143] usb 2-1: selecting invalid altsetting 0 [ 795.585660][ T5143] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -22 [ 795.585838][T10512] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 795.628562][ T5143] usb 2-1: selecting invalid altsetting 0 [ 795.634404][ T5143] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -22 [ 795.651083][ T5143] usb 2-1: selecting invalid altsetting 0 [ 795.657292][ T5143] usbtest 2-1:1.1: probe with driver usbtest failed with error -22 [ 795.676215][ T5152] usb 5-1: device descriptor read/64, error -71 [ 795.712389][ T5143] usb 2-1: USB disconnect, device number 26 [ 795.782273][T12065] syz.3.1734 (12065) used greatest stack depth: 21248 bytes left [ 795.975699][ T5152] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 796.025029][T12080] chnl_net:caif_netlink_parms(): no params data found [ 796.470711][ T5152] usb 5-1: device descriptor read/64, error -71 [ 796.503196][T10512] Bluetooth: hci4: command 0x0406 tx timeout [ 796.609695][ T5152] usb usb5-port1: attempt power cycle [ 796.788975][ T53] Bluetooth: hci2: SCO packet for unknown connection handle 201 [ 796.789495][ T53] Bluetooth: hci2: ISO packet for unknown connection handle 571 [ 797.083531][ T5152] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 797.099051][ T53] Bluetooth: hci3: command tx timeout [ 797.159113][ T5152] usb 5-1: device descriptor read/8, error -71 [ 797.246672][T12080] bridge0: port 1(bridge_slave_0) entered blocking state [ 797.300680][T12080] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.346467][T12080] bridge_slave_0: entered allmulticast mode [ 797.398699][T12080] bridge_slave_0: entered promiscuous mode [ 797.447154][T12080] bridge0: port 2(bridge_slave_1) entered blocking state [ 797.454706][T12080] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.462167][ T5152] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 797.470529][T12080] bridge_slave_1: entered allmulticast mode [ 797.483455][T12080] bridge_slave_1: entered promiscuous mode [ 797.509513][ T5152] usb 5-1: device descriptor read/8, error -71 [ 797.606354][T12080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 797.639510][ T5152] usb usb5-port1: unable to enumerate USB device [ 797.652538][T12080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 797.721645][ T53] Bluetooth: hci0: unexpected event 0x06 length: 17 > 3 [ 797.818298][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 797.832591][ T53] Bluetooth: Wrong link type (-22) [ 797.837824][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 797.844525][ T53] Bluetooth: Wrong link type (-22) [ 797.850827][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 797.857628][ T53] Bluetooth: Wrong link type (-22) [ 797.927816][T12080] team0: Port device team_slave_0 added [ 797.957270][T12111] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 798.031387][T12111] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 798.043486][T12080] team0: Port device team_slave_1 added [ 798.204709][T12080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 798.237071][T12080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 798.288813][T12080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 798.339553][T12080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 798.353995][T12080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 798.557627][T12080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 799.179388][ T53] Bluetooth: hci3: command tx timeout [ 799.206651][T12080] hsr_slave_0: entered promiscuous mode [ 799.231510][ T53] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 799.269244][T12080] hsr_slave_1: entered promiscuous mode [ 799.292712][T12080] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 799.315106][T12080] Cannot create hsr debugfs directory [ 799.459483][T12140] sctp: [Deprecated]: syz.1.1753 (pid 12140) Use of int in maxseg socket option. [ 799.459483][T12140] Use struct sctp_assoc_value instead [ 799.744799][ T53] Bluetooth: hci0: command tx timeout [ 799.868690][ T25] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 800.181781][ T25] usb 2-1: config index 0 descriptor too short (expected 123, got 122) [ 800.238577][ T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 800.288544][ T25] usb 2-1: too many endpoints for config 1 interface 1 altsetting 41: 221, using maximum allowed: 30 [ 800.348052][ T25] usb 2-1: config 1 interface 1 altsetting 41 has 0 endpoint descriptors, different from the interface descriptor's value: 221 [ 800.428718][ T25] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 800.482803][ T25] usb 2-1: config 1 interface 1 has no altsetting 0 [ 800.537947][ T25] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 800.587026][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 800.648278][ T25] usb 2-1: Product: syz [ 800.652793][ T25] usb 2-1: Manufacturer: Љ [ 800.657361][ T25] usb 2-1: SerialNumber: syz [ 800.679268][T12080] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 800.704406][T12141] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 801.086190][ T29] audit: type=1400 audit(1720196143.184:1144): avc: denied { setopt } for pid=12148 comm="syz.2.1756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 801.258693][ T53] Bluetooth: hci3: command tx timeout [ 801.684962][T12080] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 801.733590][ T25] usb 2-1: selecting invalid altsetting 0 [ 801.733641][ T25] usb 2-1: selecting invalid altsetting 0 [ 801.733735][ T25] cdc_ncm 2-1:1.0: bind() failure [ 801.749554][T12155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1756'. [ 801.758711][ T25] usb 2-1: selecting invalid altsetting 0 [ 801.822686][T12155] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.823687][T12155] bridge0: port 1(bridge_slave_0) entered disabled state [ 801.859294][ T25] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -22 [ 801.859803][ T25] usb 2-1: selecting invalid altsetting 0 [ 801.859848][ T25] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -22 [ 801.861023][ T25] usb 2-1: selecting invalid altsetting 0 [ 801.861063][ T25] usbtest 2-1:1.1: probe with driver usbtest failed with error -22 [ 801.896015][ T25] usb 2-1: USB disconnect, device number 27 [ 802.019607][T12080] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 802.257699][T12080] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 802.621805][ T53] Bluetooth: hci2: unexpected event 0x06 length: 17 > 3 [ 802.728854][ T53] Bluetooth: hci2: ACL packet for unknown connection handle 200 [ 802.984380][T10512] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 802.996310][T10512] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 803.015423][T10512] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 803.026027][T10512] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 803.042478][T10512] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 803.050330][T10512] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 803.070422][T12161] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 803.079691][T12161] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 803.262075][ T2482] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 803.307323][T12080] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 803.343062][T10512] Bluetooth: hci3: command tx timeout [ 803.362691][T12080] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 803.565966][ T2482] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 803.759330][T12080] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 803.840865][T12080] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 803.963477][ T2482] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.336172][ T2482] bond0: (slave netdevsim0): Releasing backup interface [ 804.351016][T10512] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 804.377073][ T2482] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 804.530652][T12176] nbd2: detected capacity change from 0 to 8388607 [ 804.699079][ T53] Bluetooth: hci2: command 0x0406 tx timeout [ 805.098752][ T53] Bluetooth: hci5: command tx timeout [ 805.304246][ T2482] bridge_slave_1: left allmulticast mode [ 805.325646][ T2482] bridge_slave_1: left promiscuous mode [ 805.335899][ T2482] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.382602][ T2482] bridge_slave_0: left allmulticast mode [ 806.646466][ T2482] bridge_slave_0: left promiscuous mode [ 806.682773][ T2482] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.786119][ T53] Bluetooth: hci4: unexpected event 0x06 length: 17 > 3 [ 806.909031][ T53] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 807.239076][ T53] Bluetooth: hci5: command tx timeout [ 807.511704][T10512] block nbd2: Receive control failed (result -104) [ 808.067510][ T2482] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 808.084681][ T2482] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 808.099712][ T2482] bond0 (unregistering): Released all slaves [ 808.327806][T12205] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 808.354094][T12205] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 808.595310][T12080] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.729529][T12162] chnl_net:caif_netlink_parms(): no params data found [ 808.851879][ T2482] hsr_slave_0: left promiscuous mode [ 808.867546][T10512] Bluetooth: hci4: command 0x0406 tx timeout [ 808.903288][ T2482] hsr_slave_1: left promiscuous mode [ 808.912315][ T2482] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 808.942390][ T2482] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 808.971384][ T2482] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 808.988689][ T2482] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 809.033493][ T2482] veth1_macvtap: left promiscuous mode [ 809.039347][ T2482] veth0_macvtap: left promiscuous mode [ 809.045294][ T2482] veth1_vlan: left promiscuous mode [ 809.050788][ T2482] veth0_vlan: left promiscuous mode [ 809.258687][T10512] Bluetooth: hci5: command tx timeout [ 809.718849][T10512] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 810.706282][ T2482] team0 (unregistering): Port device team_slave_1 removed [ 810.892640][ T2482] team0 (unregistering): Port device team_slave_0 removed [ 811.338841][T10512] Bluetooth: hci5: command tx timeout [ 811.874003][T12216] netlink: 'syz.3.1773': attribute type 10 has an invalid length. [ 811.903589][T12216] bond0: (slave netdevsim0): Releasing backup interface [ 811.917352][T12216] team0: Port device netdevsim0 added [ 811.925765][T12223] netlink: 'syz.3.1773': attribute type 10 has an invalid length. [ 811.947810][T12223] team0: Port device netdevsim0 removed [ 811.975714][T12223] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 811.985374][T12232] netlink: 'syz.1.1776': attribute type 10 has an invalid length. [ 812.015786][T12232] team0: Port device netdevsim0 added [ 812.146291][T12080] 8021q: adding VLAN 0 to HW filter on device team0 [ 812.384919][T10155] bridge0: port 1(bridge_slave_0) entered blocking state [ 812.392277][T10155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 813.522261][ T99] block nbd0: Possible stuck request ffff888020788000: control (read@0,4096B). Runtime 30 seconds [ 813.642989][T10155] bridge0: port 2(bridge_slave_1) entered blocking state [ 813.650327][T10155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 814.483712][T12162] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.537315][T12162] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.570844][T12162] bridge_slave_0: entered allmulticast mode [ 814.614194][T12162] bridge_slave_0: entered promiscuous mode [ 814.806388][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.812995][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.856220][T12080] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 814.926334][T12162] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.962085][T12162] bridge0: port 2(bridge_slave_1) entered disabled state [ 815.005637][T12162] bridge_slave_1: entered allmulticast mode [ 815.023912][T12162] bridge_slave_1: entered promiscuous mode [ 815.226425][T12162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 815.269935][T12162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 815.448277][T12162] team0: Port device team_slave_0 added [ 815.463589][T12162] team0: Port device team_slave_1 added [ 815.638342][T12162] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 815.647672][T12162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 815.692549][ T53] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 815.694726][T12162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 815.706861][ T53] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 815.722411][T12162] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 815.730417][ T53] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 815.741198][ T53] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 815.749851][ T53] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 815.757674][ T53] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 815.770964][T12162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 815.808767][T12162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 816.015386][T12162] hsr_slave_0: entered promiscuous mode [ 816.049252][T12162] hsr_slave_1: entered promiscuous mode [ 816.056294][T12162] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 816.074963][T12162] Cannot create hsr debugfs directory [ 816.142957][T12080] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 817.689257][ T5137] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 817.901743][T10512] Bluetooth: hci6: command tx timeout [ 817.908717][ T29] audit: type=1107 audit(1720196159.994:1145): pid=12295 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¡' [ 818.946741][ T5137] usb 4-1: Using ep0 maxpacket: 32 [ 819.007866][ T5137] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 819.018144][ T5137] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 819.036264][ T5137] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 819.050909][ T5137] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 819.075328][T12080] veth0_vlan: entered promiscuous mode [ 819.089715][ T5137] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 819.102682][ T5137] usb 4-1: Product: syz [ 819.112440][ T5137] usb 4-1: Manufacturer: syz [ 819.129895][ T5137] usb 4-1: SerialNumber: syz [ 819.284268][T12080] veth1_vlan: entered promiscuous mode [ 819.301602][T12272] chnl_net:caif_netlink_parms(): no params data found [ 819.390816][ T5137] usb 4-1: 0:2 : does not exist [ 819.437814][ T5137] usb 4-1: USB disconnect, device number 29 [ 819.671837][T12272] bridge0: port 1(bridge_slave_0) entered blocking state [ 819.679792][T12272] bridge0: port 1(bridge_slave_0) entered disabled state [ 819.687323][T12272] bridge_slave_0: entered allmulticast mode [ 819.696449][T12272] bridge_slave_0: entered promiscuous mode [ 819.717330][T12272] bridge0: port 2(bridge_slave_1) entered blocking state [ 819.725512][T12272] bridge0: port 2(bridge_slave_1) entered disabled state [ 819.735150][T12272] bridge_slave_1: entered allmulticast mode [ 819.743065][T12272] bridge_slave_1: entered promiscuous mode [ 819.856484][T12272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 819.964562][T12272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 819.979997][T10512] Bluetooth: hci6: command tx timeout [ 820.083446][T12162] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 820.115611][T12162] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 820.207232][T12080] veth0_macvtap: entered promiscuous mode [ 820.239483][T12162] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 820.303206][T12272] team0: Port device team_slave_0 added [ 820.330260][T12162] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 820.373386][T12272] team0: Port device team_slave_1 added [ 820.920745][T12080] veth1_macvtap: entered promiscuous mode [ 821.078958][T12272] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 821.086047][T12272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 821.284195][T12272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 821.393125][T12272] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 821.418116][T12272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 821.488364][T12272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 821.523420][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 821.543895][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 821.558058][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 821.591429][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 821.607003][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 821.627064][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 821.656865][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 821.667613][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 821.706828][T12080] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 821.993098][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 822.034422][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 822.058201][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 822.075854][T10512] Bluetooth: hci6: command tx timeout [ 822.187922][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 822.208819][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 822.246461][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 822.267027][T12080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 822.303526][T12080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 822.326631][T12080] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 822.644638][T12272] hsr_slave_0: entered promiscuous mode [ 822.727349][T12272] hsr_slave_1: entered promiscuous mode [ 822.811037][T12272] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 822.928770][T12272] Cannot create hsr debugfs directory [ 823.029227][T12080] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.070179][T12080] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.097000][T12080] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.129412][T12080] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.608610][ T5137] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 823.676230][T12272] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 823.810693][ T5137] usb 2-1: Using ep0 maxpacket: 32 [ 823.850142][ T5137] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 823.869230][ T5137] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 823.880079][T12272] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 823.881237][ T5137] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 823.911339][ T5137] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 823.927626][ T5137] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 823.945545][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 823.956806][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 823.970345][ T5137] usb 2-1: Product: syz [ 823.983603][ T5137] usb 2-1: Manufacturer: syz [ 823.988330][ T5137] usb 2-1: SerialNumber: syz [ 823.995626][T12162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 824.104074][T12272] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 824.139670][T10512] Bluetooth: hci6: command tx timeout [ 824.241044][ T5137] usb 2-1: 0:2 : does not exist [ 824.289634][T12272] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 824.308238][ T5137] usb 2-1: USB disconnect, device number 28 [ 824.389688][ T6546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 824.407152][ T6546] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 824.422948][T12162] 8021q: adding VLAN 0 to HW filter on device team0 [ 824.483971][T10155] bridge0: port 1(bridge_slave_0) entered blocking state [ 824.491315][T10155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 824.560504][T10917] bridge0: port 2(bridge_slave_1) entered blocking state [ 824.567861][T10917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 824.689462][ T1797] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 824.893702][T12272] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 824.943175][T12272] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 825.006685][T12272] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 825.075477][T12272] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 825.148527][ T1797] usb 4-1: Using ep0 maxpacket: 32 [ 825.156966][ T1797] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 825.188478][ T1797] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 825.198706][ T1797] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 825.212159][ T1797] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 825.231787][ T1797] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 825.278733][ T1797] usb 4-1: Product: syz [ 825.282978][ T1797] usb 4-1: Manufacturer: syz [ 825.318819][ T1797] usb 4-1: SerialNumber: syz [ 826.424875][ T1797] usb 4-1: 0:2 : does not exist [ 826.503404][ T1797] usb 4-1: USB disconnect, device number 30 [ 826.595951][T12272] 8021q: adding VLAN 0 to HW filter on device bond0 [ 826.752977][T12272] 8021q: adding VLAN 0 to HW filter on device team0 [ 826.827702][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 826.835091][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 827.026235][T12162] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 827.066063][T10155] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.073402][T10155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 828.914738][T12272] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 830.496536][T12162] veth0_vlan: entered promiscuous mode [ 830.649047][T12162] veth1_vlan: entered promiscuous mode [ 830.675300][T12272] veth0_vlan: entered promiscuous mode [ 830.757799][T12272] veth1_vlan: entered promiscuous mode [ 830.838636][T10155] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 830.870089][T12162] veth0_macvtap: entered promiscuous mode [ 830.936777][T12162] veth1_macvtap: entered promiscuous mode [ 830.947918][T12272] veth0_macvtap: entered promiscuous mode [ 830.968673][T10917] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 831.006238][T12272] veth1_macvtap: entered promiscuous mode [ 831.036949][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.047639][T10155] usb 1-1: Using ep0 maxpacket: 32 [ 831.076374][T10155] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 831.085813][T10155] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 831.102610][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.114373][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.125015][T10155] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 831.134535][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.145642][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.156756][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.168123][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.181636][T10155] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 831.191355][T10917] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 831.191757][T10155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.211964][T10917] usb 2-1: config 1 has no interface number 0 [ 831.218205][T10917] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 831.220685][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.241223][T10155] usb 1-1: Product: syz [ 831.245454][T10155] usb 1-1: Manufacturer: syz [ 831.250271][T10155] usb 1-1: SerialNumber: syz [ 831.255205][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.273852][T10917] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 831.300760][T10917] usb 2-1: config 1 interface 1 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 831.315904][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.338045][T10917] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 831.347153][T12162] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 831.385642][T10917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.416934][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.424510][T10917] usb 2-1: Product: syz [ 831.444709][T10917] usb 2-1: Manufacturer: syz [ 831.452510][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.458690][T10917] usb 2-1: SerialNumber: syz [ 831.471011][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.494304][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.528327][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.556505][T10155] usb 1-1: 0:2 : does not exist [ 831.571285][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.602051][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.626054][T10155] usb 1-1: USB disconnect, device number 31 [ 831.646191][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.688528][T12162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 831.706584][T12162] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 831.731971][T12162] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 831.756992][T12162] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.798463][T12162] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.807336][T12162] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.838703][T12162] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 831.954140][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 831.995676][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.026208][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 832.068513][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.081223][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 832.096423][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.106514][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 832.117154][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.128895][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 832.141385][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.151423][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 832.163353][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.178119][T12272] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 832.287639][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 832.316625][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.332289][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 832.343493][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.353993][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 832.377885][T12414] netlink: 'syz.1.1818': attribute type 8 has an invalid length. [ 832.396388][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.406867][T12414] netlink: 'syz.1.1818': attribute type 7 has an invalid length. [ 832.434490][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 832.449227][T12414] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1818'. [ 832.488661][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.514924][T10917] cdc_ncm 2-1:1.1: bind() failure [ 832.550821][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 832.566112][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.577259][T12272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 832.655722][T12272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 832.686001][T12272] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 832.791976][ T4551] usb 2-1: USB disconnect, device number 29 [ 832.855850][T12272] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 832.899216][T12272] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 832.917642][T12272] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 832.926831][T12272] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 833.165278][T10917] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 833.290823][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 833.329247][T10512] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 833.341997][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.378638][T10917] usb 1-1: Using ep0 maxpacket: 32 [ 833.392421][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 833.395133][T10917] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 833.400916][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.490068][T10917] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 833.521663][T10917] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 833.553539][T10917] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 833.589857][T10917] usb 1-1: Product: syz [ 833.594096][T10917] usb 1-1: Manufacturer: syz [ 833.602895][ T2482] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 833.647735][ T2482] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 833.669700][T10917] hub 1-1:4.0: USB hub found [ 833.811392][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 833.828814][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 834.019907][T10917] hub 1-1:4.0: 2 ports detected [ 834.234878][T10917] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 834.245864][T10917] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 834.291472][T10917] usb 1-1: USB disconnect, device number 32 [ 834.356308][T10512] Bluetooth: hci6: unexpected event 0x06 length: 17 > 3 [ 834.498183][T10512] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 834.756029][ T99] block nbd2: Possible stuck request ffff888020c10000: control (read@0,4096B). Runtime 30 seconds [ 834.758500][T10512] Bluetooth: Wrong link type (-22) [ 834.776310][T10512] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 834.787414][T10512] Bluetooth: Wrong link type (-22) [ 834.792932][T10512] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 834.799817][T10512] Bluetooth: Wrong link type (-22) [ 835.669237][T12454] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 835.718309][T12454] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 836.531589][T10512] Bluetooth: hci6: command tx timeout [ 837.349339][T12426] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 837.508630][T10917] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 837.564511][T12426] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 837.578563][T12426] usb 4-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 837.608774][T12426] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 837.628556][T12426] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 837.656377][T12426] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 837.667093][T12426] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 837.680573][T12426] usb 4-1: Product: syz [ 837.684901][T12426] usb 4-1: Manufacturer: syz [ 837.697835][T12426] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 837.723475][T10917] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 837.735608][T10917] usb 3-1: config 1 has no interface number 0 [ 837.748665][T10917] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 837.769240][T10917] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 837.780768][T10917] usb 3-1: config 1 interface 1 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 837.807836][T10917] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 837.817360][T10917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 837.852024][T10917] usb 3-1: Product: syz [ 837.867790][T10917] usb 3-1: Manufacturer: syz [ 837.877490][T10917] usb 3-1: SerialNumber: syz [ 837.982744][ T5137] usb 4-1: USB disconnect, device number 31 [ 838.760765][T12472] netlink: 'syz.2.1831': attribute type 8 has an invalid length. [ 838.828896][T12472] netlink: 'syz.2.1831': attribute type 7 has an invalid length. [ 838.891494][T12472] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1831'. [ 838.913404][T10917] cdc_ncm 3-1:1.1: bind() failure [ 839.181586][T12426] usb 3-1: USB disconnect, device number 28 [ 839.848848][ T29] audit: type=1326 audit(1720196181.944:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 840.412107][ T29] audit: type=1326 audit(1720196182.474:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 840.541826][ T29] audit: type=1326 audit(1720196182.484:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 840.588820][ T29] audit: type=1326 audit(1720196182.484:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 840.652533][ T29] audit: type=1326 audit(1720196182.484:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 840.698047][ T29] audit: type=1326 audit(1720196182.484:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 840.778620][T10512] Bluetooth: hci6: unexpected event 0x06 length: 17 > 3 [ 840.915626][ T29] audit: type=1326 audit(1720196182.484:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 841.423567][ T29] audit: type=1326 audit(1720196182.484:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 841.746269][T10512] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 841.754206][T10512] Bluetooth: Wrong link type (-22) [ 841.763963][T10512] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 841.771207][T10512] Bluetooth: Wrong link type (-22) [ 841.776742][T10512] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 841.783646][T10512] Bluetooth: Wrong link type (-22) [ 841.840950][ T29] audit: type=1326 audit(1720196182.484:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 841.904109][T12514] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 841.920223][T12514] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 841.968819][ T29] audit: type=1326 audit(1720196182.494:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12489 comm="syz.1.1837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb82d75bd9 code=0x7fc00000 [ 842.904669][T10512] Bluetooth: hci6: command tx timeout [ 843.621313][ T99] block nbd0: Possible stuck request ffff888020788000: control (read@0,4096B). Runtime 60 seconds [ 844.308823][T12426] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 844.498462][T12426] usb 1-1: Using ep0 maxpacket: 32 [ 844.526696][T12426] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 844.560782][T12426] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 844.596669][T12426] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 844.625444][T12426] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 844.651857][T12426] usb 1-1: Product: syz [ 844.668553][T12426] usb 1-1: Manufacturer: syz [ 844.700424][T12426] hub 1-1:4.0: USB hub found [ 845.058613][T12426] hub 1-1:4.0: 2 ports detected [ 845.422175][T12426] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 845.447049][T12426] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 845.521058][T12426] usb 1-1: USB disconnect, device number 33 [ 845.622365][T10512] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 845.705347][T10512] Bluetooth: hci4: unexpected event 0x06 length: 17 > 3 [ 845.788116][T10512] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 845.977023][T12570] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 845.988552][T12570] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 846.592953][ T29] kauditd_printk_skb: 57 callbacks suppressed [ 846.593004][ T29] audit: type=1400 audit(1720196188.684:1213): avc: denied { getopt } for pid=12571 comm="syz.0.1859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 847.755059][T10512] Bluetooth: hci4: command 0x0406 tx timeout [ 848.808764][ T25] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 849.011311][ T25] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 849.041711][ T25] usb 1-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 849.053008][ T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 849.062267][ T25] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 849.083480][ T25] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 849.095051][ T25] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 849.103601][ T25] usb 1-1: Product: syz [ 849.108147][ T25] usb 1-1: Manufacturer: syz [ 849.132959][ T25] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 849.393485][ T25] usb 1-1: USB disconnect, device number 34 [ 850.328712][ T25] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 850.568545][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 850.581553][ T25] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 850.644910][ T25] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 850.711943][ T25] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 850.949041][T10512] Bluetooth: hci5: unexpected event 0x06 length: 17 > 3 [ 851.022456][ T25] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 851.038047][ T25] usb 2-1: Product: syz [ 851.042990][ T25] usb 2-1: Manufacturer: syz [ 851.064344][ T25] hub 2-1:4.0: USB hub found [ 851.809076][T10512] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 851.815714][T10512] Bluetooth: Wrong link type (-22) [ 851.829180][T10512] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 851.835921][T10512] Bluetooth: Wrong link type (-22) [ 851.841440][T10512] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 851.848033][T10512] Bluetooth: Wrong link type (-22) [ 851.853607][T10512] Bluetooth: hci5: link tx timeout [ 851.860676][T10512] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 852.002110][T12624] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 852.018257][T12624] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 852.174059][ T25] hub 2-1:4.0: 2 ports detected [ 852.535228][T12631] netlink: 'syz.2.1873': attribute type 9 has an invalid length. [ 853.018825][ T53] Bluetooth: hci5: command tx timeout [ 853.270505][ T25] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 853.285553][ T25] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 853.332705][ T25] usb 2-1: USB disconnect, device number 30 [ 855.102289][T10512] Bluetooth: hci5: command 0x0406 tx timeout [ 855.828560][ T29] audit: type=1400 audit(1720196197.924:1214): avc: denied { unmount } for pid=11602 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 855.968599][T10917] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 856.221484][T10917] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 856.298280][T10917] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 856.367043][T10917] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 856.443248][T10917] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 856.483567][T10917] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 856.538266][T10917] usb 5-1: Product: syz [ 856.564708][T10917] usb 5-1: Manufacturer: syz [ 856.649034][T10917] cdc_wdm 5-1:1.0: skipping garbage [ 856.684102][T10917] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 856.932562][ T25] usb 5-1: USB disconnect, device number 32 [ 859.238476][T10155] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 859.338525][ T5136] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 859.468510][T10155] usb 5-1: Using ep0 maxpacket: 32 [ 859.499889][T10155] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 859.535373][T10155] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 859.545616][ T5136] usb 1-1: Using ep0 maxpacket: 32 [ 859.574376][ T5136] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 859.612500][T10155] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 859.634881][ T5136] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 859.679744][T10155] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 859.723628][T10155] usb 5-1: Product: syz [ 859.738107][ T5136] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 859.758167][T10155] usb 5-1: Manufacturer: syz [ 859.786646][ T5136] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 859.828011][T10155] hub 5-1:4.0: USB hub found [ 859.844745][ T5136] usb 1-1: Product: syz [ 859.867468][ T5136] usb 1-1: Manufacturer: syz [ 859.919724][ T5136] usb 1-1: SerialNumber: syz [ 859.971974][ T5136] appletouch 1-1:1.0: Could not find int-in endpoint [ 860.014978][ T5136] appletouch 1-1:1.0: probe with driver appletouch failed with error -5 [ 860.088984][ T5136] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 860.258931][ T5135] usb 1-1: USB disconnect, device number 35 [ 860.328706][T10155] hub 5-1:4.0: 2 ports detected [ 860.620900][T10155] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 860.645742][T10155] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 860.718078][T10155] usb 5-1: USB disconnect, device number 33 [ 863.089329][T12703] netlink: 'syz.1.1894': attribute type 10 has an invalid length. [ 864.540513][ T5136] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 864.758636][ T5136] usb 1-1: Using ep0 maxpacket: 32 [ 864.794852][ T5136] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 864.854525][ T5136] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 864.926288][ T5136] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 864.961738][ T5136] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 864.980474][ T5136] usb 1-1: Product: syz [ 864.989333][ T5136] usb 1-1: Manufacturer: syz [ 865.013477][ T5136] usb 1-1: SerialNumber: syz [ 865.046299][T10512] Bluetooth: hci6: unexpected event 0x06 length: 17 > 3 [ 865.067443][ T5136] appletouch 1-1:1.0: Could not find int-in endpoint [ 865.107190][ T5136] appletouch 1-1:1.0: probe with driver appletouch failed with error -5 [ 865.147267][ T5136] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 865.165775][T10512] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 865.173677][T10512] Bluetooth: Wrong link type (-22) [ 865.180535][T10512] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 865.187125][T10512] Bluetooth: Wrong link type (-22) [ 865.192596][T10512] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 865.200619][T10512] Bluetooth: Wrong link type (-22) [ 865.206104][T10512] Bluetooth: hci6: link tx timeout [ 865.212990][T10512] Bluetooth: hci6: killing stalled connection 11:aa:aa:aa:aa:aa [ 865.304322][ T5136] usb 1-1: USB disconnect, device number 36 [ 865.340112][ T99] block nbd2: Possible stuck request ffff888020c10000: control (read@0,4096B). Runtime 60 seconds [ 865.390556][T12746] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 865.399775][T12746] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 865.556210][T12752] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "©b¸_v-f`‹‚" [ 867.098505][ T53] Bluetooth: hci6: command tx timeout [ 868.305770][T10512] Bluetooth: hci0: command tx timeout [ 869.198676][ T5100] Bluetooth: hci6: command 0x0406 tx timeout [ 869.446009][ T5100] Bluetooth: hci5: unexpected event 0x06 length: 17 > 3 [ 869.933497][T10917] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 869.953357][ T9] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 870.226521][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 870.237382][ T5100] Bluetooth: Wrong link type (-22) [ 870.245950][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 870.257674][ T5100] Bluetooth: Wrong link type (-22) [ 870.264550][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 870.271326][T12794] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 870.274024][ T5100] Bluetooth: Wrong link type (-22) [ 870.305793][T12794] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 870.398504][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 870.409460][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 870.426800][ T9] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 870.457274][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 870.467721][ T9] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 870.483777][ T9] usb 1-1: Product: syz [ 870.488323][T10917] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 870.497385][T10917] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 870.518043][ T9] usb 1-1: Manufacturer: syz [ 870.527538][ T9] usb 1-1: SerialNumber: syz [ 870.537721][T10917] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 870.576921][ T9] appletouch 1-1:1.0: Could not find int-in endpoint [ 870.591801][T10917] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 870.608685][ T9] appletouch 1-1:1.0: probe with driver appletouch failed with error -5 [ 870.620248][T10917] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 870.649535][ T9] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 870.657026][T10917] usb 4-1: Product: syz [ 870.667349][T10917] usb 4-1: Manufacturer: syz [ 870.692325][T10917] cdc_wdm 4-1:1.0: skipping garbage [ 870.706246][T10917] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 871.051393][T10917] usb 1-1: USB disconnect, device number 37 [ 871.498863][ T5100] Bluetooth: hci5: command 0x0406 tx timeout [ 871.944100][T10917] usb 4-1: USB disconnect, device number 32 [ 872.822092][T12426] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 872.850480][ T5100] Bluetooth: hci0: unexpected event 0x06 length: 17 > 3 [ 872.926502][ T5100] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 873.134761][T12821] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 873.147964][T12821] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 873.148562][T12426] usb 1-1: Using ep0 maxpacket: 32 [ 873.176740][T12426] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 873.191019][T12426] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 873.209433][T12426] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 873.236313][T12426] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 873.265713][T12426] usb 1-1: Product: syz [ 873.281202][T12426] usb 1-1: Manufacturer: syz [ 873.314247][T12426] hub 1-1:4.0: USB hub found [ 873.693652][ T99] block nbd0: Possible stuck request ffff888020788000: control (read@0,4096B). Runtime 90 seconds [ 874.478516][ T5100] Bluetooth: hci5: SCO packet for unknown connection handle 201 [ 874.478644][ T5100] Bluetooth: hci5: ISO packet for unknown connection handle 571 [ 874.725402][ T5100] Bluetooth: hci5: unexpected event 0x06 length: 17 > 3 [ 874.858627][ T5100] Bluetooth: hci0: command tx timeout [ 875.179090][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 875.185929][ T5100] Bluetooth: Wrong link type (-22) [ 875.191720][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 875.938572][ T5100] Bluetooth: Wrong link type (-22) [ 875.944348][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 875.954341][ T5100] Bluetooth: Wrong link type (-22) [ 876.249427][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 876.257596][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 876.435667][T12839] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 876.454081][T12839] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 876.797368][ T5100] Bluetooth: hci5: command 0x0406 tx timeout [ 877.541446][T12426] hub 1-1:4.0: 2 ports detected [ 877.716819][T12426] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 877.755624][T12426] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 877.869784][T12426] usb 1-1: USB disconnect, device number 38 [ 879.659034][ T5100] Bluetooth: hci4: SCO packet for unknown connection handle 201 [ 879.659143][ T5100] Bluetooth: hci4: ISO packet for unknown connection handle 571 [ 880.079222][ T5100] Bluetooth: hci5: unexpected event 0x06 length: 17 > 3 [ 880.899408][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 880.913114][ T5100] Bluetooth: Wrong link type (-22) [ 880.918525][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 880.925093][ T5100] Bluetooth: Wrong link type (-22) [ 880.930426][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 880.937096][ T5100] Bluetooth: Wrong link type (-22) [ 881.031387][T12884] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 881.044758][T12884] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 881.389146][ T5100] Bluetooth: hci3: unexpected event 0x06 length: 17 > 3 [ 881.535002][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 881.548997][ T5100] Bluetooth: Wrong link type (-22) [ 881.556457][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 881.564094][ T5100] Bluetooth: Wrong link type (-22) [ 881.572985][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 881.580156][ T5100] Bluetooth: Wrong link type (-22) [ 881.587888][ T5100] Bluetooth: hci3: link tx timeout [ 881.596301][ T5100] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 881.656623][T12891] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 881.666577][T12891] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 881.820663][T12893] bond0: (slave bond_slave_1): Releasing backup interface [ 882.138621][ T5100] Bluetooth: hci5: command 0x0406 tx timeout [ 882.371188][ T53] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 882.398820][ T53] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 882.425172][ T53] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 882.444916][ T53] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 882.456012][ T53] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 882.470472][ T53] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 883.438532][ T53] Bluetooth: hci3: command tx timeout [ 883.516366][ T6546] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 884.005327][ T6546] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 885.206091][T10512] Bluetooth: hci6: command tx timeout [ 885.498606][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 885.940813][ T6546] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.031780][ T53] Bluetooth: hci3: unexpected event 0x06 length: 17 > 3 [ 886.104990][ T53] Bluetooth: hci5: unexpected event 0x06 length: 17 > 3 [ 886.118781][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 886.133752][ T53] Bluetooth: Wrong link type (-22) [ 886.140173][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 886.147793][ T53] Bluetooth: Wrong link type (-22) [ 886.153285][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 886.160146][ T53] Bluetooth: Wrong link type (-22) [ 886.248676][ T5136] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 886.327712][ T6546] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.384312][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 886.391277][ T53] Bluetooth: Wrong link type (-22) [ 886.399744][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 886.406457][ T53] Bluetooth: Wrong link type (-22) [ 886.411763][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 886.418474][ T53] Bluetooth: Wrong link type (-22) [ 886.466532][ T5136] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 886.492166][T12926] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 886.508567][T12926] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 886.548979][ T5136] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 886.603038][ T5136] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 886.655496][ T5136] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 886.692967][ T5136] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 886.713380][ T5136] usb 2-1: Product: syz [ 886.717791][ T5136] usb 2-1: Manufacturer: syz [ 886.741424][ T5136] cdc_wdm 2-1:1.0: skipping garbage [ 886.747926][ T5136] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 887.014524][ T5136] usb 2-1: USB disconnect, device number 31 [ 887.328245][ T53] Bluetooth: hci6: command tx timeout [ 887.769901][ T6546] bridge_slave_1: left allmulticast mode [ 887.775622][ T6546] bridge_slave_1: left promiscuous mode [ 887.819136][ T6546] bridge0: port 2(bridge_slave_1) entered disabled state [ 888.088826][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 888.138581][ T53] Bluetooth: hci5: command 0x0406 tx timeout [ 888.195040][ T6546] bridge_slave_0: left allmulticast mode [ 888.218821][ T6546] bridge_slave_0: left promiscuous mode [ 888.228790][ T6546] bridge0: port 1(bridge_slave_0) entered disabled state [ 889.397437][ T53] Bluetooth: hci6: command tx timeout [ 891.376550][ T53] Bluetooth: hci5: unexpected event 0x06 length: 17 > 3 [ 891.418514][ T53] Bluetooth: hci6: command tx timeout [ 891.770609][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 891.777151][ T53] Bluetooth: Wrong link type (-22) [ 891.782626][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 891.789290][ T53] Bluetooth: Wrong link type (-22) [ 891.794517][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 891.801274][ T53] Bluetooth: Wrong link type (-22) [ 892.017778][ T53] Bluetooth: hci4: unexpected event 0x06 length: 17 > 3 [ 892.176283][ T53] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 892.834387][T12976] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "©b¸_v-f`‹‚" [ 893.418839][ T53] Bluetooth: hci5: command 0x0406 tx timeout [ 893.569705][ T6546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 893.635650][ T6546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 893.696802][ T6546] bond0 (unregistering): Released all slaves [ 893.748779][ T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 893.843544][T12968] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 893.872861][T12968] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 893.980168][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 894.151390][ T53] Bluetooth: hci4: command 0x0406 tx timeout [ 894.646768][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 894.735235][ T9] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 894.798864][T12896] chnl_net:caif_netlink_parms(): no params data found [ 894.807417][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 895.148504][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 895.156622][ T9] usb 1-1: Product: syz [ 895.193276][ T9] usb 1-1: Manufacturer: syz [ 895.418801][ T99] block nbd2: Possible stuck request ffff888020c10000: control (read@0,4096B). Runtime 90 seconds [ 895.519278][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 895.531225][ T9] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 895.779231][T10155] usb 1-1: USB disconnect, device number 39 [ 897.984907][ T6546] hsr_slave_0: left promiscuous mode [ 898.086598][T13025] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "©b¸_v-f`‹‚" [ 898.372113][ T6546] hsr_slave_1: left promiscuous mode [ 898.405284][ T6546] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 898.426080][ T6546] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 898.443489][ T53] Bluetooth: hci0: unexpected event 0x06 length: 17 > 3 [ 898.452248][ T6546] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 898.473964][ T6546] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 898.703330][ T53] Bluetooth: hci4: unexpected event 0x06 length: 17 > 3 [ 898.718606][ T53] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 898.789016][ T6546] veth1_macvtap: left promiscuous mode [ 898.794722][ T6546] veth0_macvtap: left promiscuous mode [ 898.801024][ T6546] veth1_vlan: left promiscuous mode [ 898.808830][ T6546] veth0_vlan: left promiscuous mode [ 898.867911][ T53] Bluetooth: hci4: ACL packet for unknown connection handle 200 [ 900.002778][ T6546] team0 (unregistering): Port device team_slave_1 removed [ 900.079096][ T6546] team0 (unregistering): Port device team_slave_0 removed [ 900.462876][ T53] Bluetooth: hci0: command tx timeout [ 900.792978][ T53] Bluetooth: hci4: command 0x0406 tx timeout [ 900.915700][T12896] bridge0: port 1(bridge_slave_0) entered blocking state [ 900.923572][T12896] bridge0: port 1(bridge_slave_0) entered disabled state [ 900.931564][T12896] bridge_slave_0: entered allmulticast mode [ 900.963127][T12896] bridge_slave_0: entered promiscuous mode [ 900.992844][T13033] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 901.022966][T13033] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 901.132427][T12896] bridge0: port 2(bridge_slave_1) entered blocking state [ 901.216932][T12896] bridge0: port 2(bridge_slave_1) entered disabled state [ 901.237579][T12896] bridge_slave_1: entered allmulticast mode [ 901.261748][T12896] bridge_slave_1: entered promiscuous mode [ 902.548681][ T5137] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 902.833118][T12896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 902.904382][T12896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 902.947193][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 903.076966][ T5137] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 903.089940][ T5137] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 903.119747][ T5137] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 903.161833][ T5137] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 903.178304][ T5137] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 903.201458][ T5137] usb 2-1: Product: syz [ 903.205758][ T5137] usb 2-1: Manufacturer: syz [ 903.244990][ T5137] cdc_wdm 2-1:1.0: skipping garbage [ 903.258062][ T5137] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 903.303366][T12896] team0: Port device team_slave_0 added [ 903.389667][T12896] team0: Port device team_slave_1 added [ 903.510523][ T5137] usb 2-1: USB disconnect, device number 32 [ 903.695940][T12896] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 903.719999][T12896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 903.738822][ T99] block nbd0: Possible stuck request ffff888020788000: control (read@0,4096B). Runtime 120 seconds [ 903.777831][T12896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 903.804505][T12896] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 903.812115][T12896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 903.838678][T12896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 903.924306][ T53] Bluetooth: hci5: unexpected event 0x06 length: 17 > 3 [ 904.073126][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 904.086937][ T53] Bluetooth: Wrong link type (-22) [ 904.092305][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 904.099149][ T53] Bluetooth: Wrong link type (-22) [ 904.104380][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 904.112464][ T53] Bluetooth: Wrong link type (-22) [ 904.166080][T12896] hsr_slave_0: entered promiscuous mode [ 904.232414][T12896] hsr_slave_1: entered promiscuous mode [ 904.251880][T12896] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 904.260216][T12896] Cannot create hsr debugfs directory [ 904.268276][T13070] netdevsim netdevsim4: Direct firmware load for ng failed with error -2 [ 904.282985][T13070] netdevsim netdevsim4: Falling back to sysfs fallback for: ng [ 904.772270][ T53] Bluetooth: hci0: unexpected event 0x06 length: 17 > 3 [ 904.880545][ T53] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 905.107955][T13074] netdevsim netdevsim1: Direct firmware load for ng failed with error -2 [ 905.121894][T13074] netdevsim netdevsim1: Falling back to sysfs fallback for: ng [ 905.978689][ T53] Bluetooth: hci5: command 0x0406 tx timeout [ 907.180246][ T53] Bluetooth: hci0: command tx timeout [ 907.758862][T12896] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 907.797084][ T53] Bluetooth: hci3: unexpected event 0x06 length: 17 > 3 [ 907.844966][T12896] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 908.270582][T12896] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 908.277420][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 908.284181][ T53] Bluetooth: Wrong link type (-22) [ 908.289879][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 908.296395][ T53] Bluetooth: Wrong link type (-22) [ 908.302341][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 908.310321][ T53] Bluetooth: Wrong link type (-22) [ 908.358226][T12896] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 908.504959][T13099] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 908.523224][T13099] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 909.019999][T12896] 8021q: adding VLAN 0 to HW filter on device bond0 [ 909.086552][T12896] 8021q: adding VLAN 0 to HW filter on device team0 [ 909.152920][ T5135] bridge0: port 1(bridge_slave_0) entered blocking state [ 909.160265][ T5135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 909.192456][T10155] bridge0: port 2(bridge_slave_1) entered blocking state [ 909.199853][T10155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 909.868644][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 910.533993][ T53] Bluetooth: hci3: unexpected event 0x06 length: 17 > 3 [ 910.767653][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 910.781154][T13128] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 910.781263][T13128] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 910.857452][ T53] Bluetooth: Wrong link type (-22) [ 910.864413][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 910.874766][ T53] Bluetooth: Wrong link type (-22) [ 910.880438][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 910.887213][ T53] Bluetooth: Wrong link type (-22) [ 911.393633][T12896] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 911.645730][T12896] veth0_vlan: entered promiscuous mode [ 912.052980][T12896] veth1_vlan: entered promiscuous mode [ 912.605255][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 913.324149][T12896] veth0_macvtap: entered promiscuous mode [ 913.387961][ T53] Bluetooth: hci3: unexpected event 0x06 length: 17 > 3 [ 913.417550][T12896] veth1_macvtap: entered promiscuous mode [ 913.820022][ T53] Bluetooth: Unknown BR/EDR signaling command 0x10 [ 913.826636][ T53] Bluetooth: Wrong link type (-22) [ 913.832401][ T53] Bluetooth: Unknown BR/EDR signaling command 0x0d [ 913.840203][ T53] Bluetooth: Wrong link type (-22) [ 913.845554][ T53] Bluetooth: Unknown BR/EDR signaling command 0x11 [ 913.854485][ T53] Bluetooth: Wrong link type (-22) [ 913.873234][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.886774][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 913.898867][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.910253][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 913.921117][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.933110][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 913.947532][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.960851][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 913.973308][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 913.993802][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.007210][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 914.018066][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.033699][T12896] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 914.074263][T13152] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 914.087407][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 914.099182][T13152] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 914.128497][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 914.408607][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.337385][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.378984][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.416436][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.426526][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 915.460125][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.472009][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.485901][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.496506][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.506404][T12896] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 915.517225][T12896] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 915.616361][T12896] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 915.755282][T12896] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.804086][T12896] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.816596][T12896] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.836579][T12896] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 916.886880][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 916.949414][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 917.197949][ T1087] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 917.218467][T10155] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 917.328496][ T1087] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 917.408661][T10155] usb 1-1: Using ep0 maxpacket: 32 [ 917.440779][T10155] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 917.478474][T10155] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 917.526425][T10155] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 917.587320][T10155] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 917.598121][T10155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 917.612286][T10155] usb 1-1: Product: syz [ 917.616527][T10155] usb 1-1: Manufacturer: syz [ 917.621489][T10155] usb 1-1: SerialNumber: syz [ 918.431964][ T25] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 918.578745][T10155] usb 1-1: 0:2 : does not exist [ 919.016528][ T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 919.027016][T10155] usb 1-1: USB disconnect, device number 40 [ 919.274482][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 919.758663][ T25] usb 5-1: config 1 has no interface number 0 [ 919.764899][ T25] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 919.785501][T10512] Bluetooth: hci3: unexpected event 0x06 length: 17 > 3 [ 919.812021][ T25] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 919.832744][ T25] usb 5-1: config 1 interface 1 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 919.847382][ T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 919.875781][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 919.887628][ T25] usb 5-1: Product: syz [ 919.896676][ T25] usb 5-1: Manufacturer: syz [ 919.908624][ T25] usb 5-1: SerialNumber: syz [ 919.913447][T10512] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 920.054044][T13204] netdevsim netdevsim0: Direct firmware load for ng failed with error -2 [ 920.063482][T13204] netdevsim netdevsim0: Falling back to sysfs fallback for: ng [ 921.587305][T13188] netlink: 'syz.4.2041': attribute type 8 has an invalid length. [ 921.718593][T13188] netlink: 'syz.4.2041': attribute type 7 has an invalid length. [ 921.818517][T10512] Bluetooth: hci3: command 0x0406 tx timeout [ 921.991080][T13188] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2041'. [ 922.006065][ T25] cdc_ncm 5-1:1.1: bind() failure [ 922.398914][ T29] audit: type=1107 audit(1720196264.314:1215): pid=13211 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¡' [ 922.468686][T10917] usb 5-1: USB disconnect, device number 34 [ 923.342710][ T5137] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 923.553738][ T5137] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 923.602032][ T5137] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 923.664901][ T5137] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 923.751444][ T5137] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 923.768444][ T5137] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 923.788535][ T5137] usb 1-1: Product: syz [ 923.798472][ T5137] usb 1-1: Manufacturer: syz [ 923.897850][ T5137] cdc_wdm 1-1:1.0: skipping garbage [ 923.915116][ T5137] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 924.240136][T10917] usb 1-1: USB disconnect, device number 41 [ 924.662377][ T61] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.925187][ T61] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.137473][ T61] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.508666][ T99] block nbd2: Possible stuck request ffff888020c10000: control (read@0,4096B). Runtime 120 seconds [ 925.670738][ T61] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.770721][ T53] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 925.787536][ T53] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 925.797139][ T53] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 925.810241][ T53] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 925.822679][ T53] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 925.832303][ T53] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 926.670658][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 926.691047][ T61] bridge_slave_1: left allmulticast mode [ 926.714027][ T61] bridge_slave_1: left promiscuous mode [ 926.729287][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 926.766420][ T61] bridge_slave_0: left allmulticast mode [ 926.787290][ T61] bridge_slave_0: left promiscuous mode [ 926.811087][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 927.928697][ T53] Bluetooth: hci6: command tx timeout [ 928.478529][T10155] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 928.798553][T10155] usb 2-1: Using ep0 maxpacket: 32 [ 928.828877][T10155] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 928.841299][T10155] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 928.854054][T10155] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 928.863707][T10155] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 928.901675][T10155] usb 2-1: Product: syz [ 928.905932][T10155] usb 2-1: Manufacturer: syz [ 928.944378][T10155] hub 2-1:4.0: USB hub found [ 929.498599][ T53] Bluetooth: hci5: command 0x0406 tx timeout [ 930.196061][T10512] Bluetooth: hci6: command tx timeout [ 930.860423][T10155] hub 2-1:4.0: 2 ports detected [ 931.101161][T10155] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 931.110584][T10155] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 931.170844][T10155] usb 2-1: USB disconnect, device number 33 [ 931.610958][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 931.651639][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 931.693608][ T61] bond0 (unregistering): Released all slaves [ 932.218549][ T53] Bluetooth: hci6: command tx timeout [ 933.470440][T13324] fuse: Bad value for 'fd' [ 933.519478][ T61] hsr_slave_0: left promiscuous mode [ 933.590507][ T61] hsr_slave_1: left promiscuous mode [ 933.669156][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 933.708847][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 933.719056][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 933.731621][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 933.732199][ T53] Bluetooth: hci3: unexpected event for opcode 0x0407 [ 933.774257][ T29] audit: type=1400 audit(1720196275.864:1216): avc: denied { accept } for pid=13330 comm="syz.0.2080" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 933.822825][ T99] block nbd0: Possible stuck request ffff888020788000: control (read@0,4096B). Runtime 150 seconds [ 933.878523][ T29] audit: type=1400 audit(1720196275.964:1217): avc: denied { mount } for pid=13330 comm="syz.0.2080" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 933.899309][T13337] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 933.967777][ T61] veth1_macvtap: left promiscuous mode [ 933.975496][ T61] veth0_macvtap: left promiscuous mode [ 934.002062][ T61] veth1_vlan: left promiscuous mode [ 934.007597][ T61] veth0_vlan: left promiscuous mode [ 934.366039][ T53] Bluetooth: hci6: command tx timeout [ 934.830905][ T25] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 934.883579][ T29] audit: type=1400 audit(1720196276.984:1218): avc: denied { unmount } for pid=12080 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 935.631685][ T25] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 935.658480][ T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 935.705153][ T25] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 935.777706][ T25] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 935.818893][ T25] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 936.499771][ T25] usb 2-1: Product: syz [ 936.504104][ T25] usb 2-1: Manufacturer: syz [ 936.574420][ T25] cdc_wdm 2-1:1.0: skipping garbage [ 936.596107][ T25] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 936.851791][T12426] usb 2-1: USB disconnect, device number 34 [ 937.119581][T13373] fuse: Bad value for 'fd' [ 937.664310][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 937.670881][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.740451][ T53] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 937.754147][ T53] Bluetooth: hci3: Injecting HCI hardware error event [ 937.764041][T10512] Bluetooth: hci3: hardware error 0x00 [ 939.065980][ T30] INFO: task syz.0.1695:11932 blocked for more than 143 seconds. [ 939.074400][ T30] Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 939.082217][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 939.091334][ T30] task:syz.0.1695 state:D stack:22592 pid:11932 tgid:11930 ppid:5085 flags:0x00004006 [ 939.101869][ T30] Call Trace: [ 939.105226][ T30] [ 939.108229][ T30] __schedule+0xf15/0x5d00 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 939.150706][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 939.156432][ T30] ? hlock_class+0x4e/0x130 [ 939.198588][ T30] ? __pfx___schedule+0x10/0x10 [ 939.218503][ T30] ? schedule+0x298/0x350 [ 939.222938][ T30] ? __pfx_lock_release+0x10/0x10 [ 939.268400][ T30] schedule+0xe7/0x350 [ 939.272569][ T30] io_schedule+0xbf/0x130 [ 939.299486][ T30] folio_wait_bit_common+0x3d8/0x9b0 [ 939.304998][ T30] ? folio_wait_bit_common+0x13c/0x9b0 [ 939.337508][ T30] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 939.819252][T10512] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 939.962692][ T30] ? __pfx_mark_lock+0x10/0x10 [ 940.014270][ T30] ? __pfx_wake_page_function+0x10/0x10 [ 940.228586][ T30] ? __filemap_get_folio+0x2a1/0xae0 [ 940.233963][ T30] do_read_cache_folio+0x2e2/0x540 [ 940.259605][ T30] ? __pfx_blkdev_read_folio+0x10/0x10 [ 940.265174][ T30] read_part_sector+0xd3/0x410 [ 940.272637][ T30] adfspart_check_POWERTEC+0x8f/0x710 [ 940.278776][ T30] ? __pfx_adfspart_check_POWERTEC+0x10/0x10 [ 940.284878][ T30] ? __pfx_adfspart_check_POWERTEC+0x10/0x10 [ 940.291142][ T30] bdev_disk_changed+0x71f/0x14f0 [ 940.296272][ T30] ? __pfx_bdev_disk_changed+0x10/0x10 [ 940.302358][ T30] blkdev_get_whole+0x187/0x290 [ 940.307340][ T30] bdev_open+0x2c7/0xe50 [ 940.311947][ T30] ? iput+0x5c/0x80 [ 940.315869][ T30] blkdev_open+0x17b/0x1f0 [ 940.320525][ T30] do_dentry_open+0x91f/0x15f0 [ 940.325401][ T30] ? __pfx_blkdev_open+0x10/0x10 [ 940.335545][ T30] vfs_open+0x82/0x3f0 [ 940.340450][ T30] ? may_open+0x1f2/0x400 [ 940.344849][ T30] path_openat+0x21fc/0x2e50 [ 940.350227][ T30] ? __pfx_path_openat+0x10/0x10 [ 940.355241][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 940.363939][ T30] ? find_held_lock+0x2d/0x110 [ 940.368896][ T30] do_filp_open+0x1dc/0x430 [ 940.373458][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 940.378704][ T30] ? find_held_lock+0x2d/0x110 [ 940.383551][ T30] ? _raw_spin_unlock+0x28/0x50 [ 940.388566][ T30] ? alloc_fd+0x2d7/0x6c0 [ 940.392960][ T30] do_sys_openat2+0x17a/0x1e0 [ 940.397727][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 940.403032][ T30] __x64_sys_openat+0x175/0x210 [ 940.407941][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 940.413405][ T30] do_syscall_64+0xcd/0x250 [ 940.417963][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.423981][ T30] RIP: 0033:0x7fb3b3774610 [ 940.428525][ T30] RSP: 002b:00007fb3b456eb80 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 940.437004][ T30] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3b3774610 [ 940.447729][ T30] RDX: 0000000000000000 RSI: 00007fb3b456ec20 RDI: 00000000ffffff9c [ 940.455884][ T30] RBP: 00007fb3b456ec20 R08: 0000000000000000 R09: 002364626e2f7665 [ 940.466383][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 940.474601][ T30] R13: 000000000000006e R14: 00007fb3b3904038 R15: 00007ffe06c28b18 [ 940.483139][ T30] [ 940.486241][ T30] INFO: task syz.0.1695:11938 blocked for more than 144 seconds. [ 940.495053][ T30] Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 940.502978][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 940.511878][ T30] task:syz.0.1695 state:D stack:27600 pid:11938 tgid:11930 ppid:5085 flags:0x00004004 [ 940.522167][ T30] Call Trace: [ 940.525488][ T30] [ 940.530671][ T30] __schedule+0xf15/0x5d00 [ 940.535149][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 940.540477][ T30] ? __pfx___schedule+0x10/0x10 [ 940.545599][ T30] ? schedule+0x298/0x350 [ 940.552023][ T30] ? __pfx_lock_release+0x10/0x10 [ 940.557131][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 940.561904][ T30] ? __mutex_trylock_common+0x78/0x250 [ 940.569601][ T30] schedule+0xe7/0x350 [ 940.573738][ T30] schedule_preempt_disabled+0x13/0x30 [ 940.579386][ T30] __mutex_lock+0x5b8/0x9c0 [ 940.583948][ T30] ? bdev_release+0x166/0x6f0 [ 940.588999][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 940.594173][ T30] ? bdev_release+0x166/0x6f0 [ 940.599505][ T30] ? bdev_release+0x166/0x6f0 [ 940.604317][ T30] bdev_release+0x166/0x6f0 [ 940.608913][ T30] ? task_work_run+0x126/0x250 [ 940.613722][ T30] ? evm_file_release+0xd6/0x1d0 [ 940.619015][ T30] ? __pfx_blkdev_release+0x10/0x10 [ 940.624273][ T30] blkdev_release+0x15/0x20 [ 940.628906][ T30] __fput+0x408/0xbb0 [ 940.632940][ T30] task_work_run+0x14e/0x250 [ 940.637575][ T30] ? __pfx_task_work_run+0x10/0x10 [ 940.643350][ T30] syscall_exit_to_user_mode+0x275/0x2a0 [ 940.649342][ T30] do_syscall_64+0xda/0x250 [ 940.653916][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 940.662559][ T30] RIP: 0033:0x7fb3b3775bd9 [ 940.671294][ T30] RSP: 002b:00007fb3b454e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 940.680137][ T30] RAX: 0000000000000000 RBX: 00007fb3b3904110 RCX: 00007fb3b3775bd9 [ 940.688417][ T30] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000005 [ 940.696435][ T30] RBP: 00007fb3b37e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 940.704515][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 940.712798][ T30] R13: 000000000000006e R14: 00007fb3b3904110 R15: 00007ffe06c28b18 [ 940.721066][ T30] [ 940.724150][ T30] [ 940.724150][ T30] Showing all locks held in the system: [ 940.811645][ T30] 1 lock held by khungtaskd/30: [ 940.816615][ T30] #0: ffffffff8dbb1620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 940.858950][ T30] 5 locks held by kworker/u8:4/61: [ 940.864226][ T30] #0: ffff8880162d3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 940.901990][ T30] #1: ffffc900015c7d80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 940.936954][ T30] #2: ffffffff8f733450 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xbf0 [ 940.963449][ T30] #3: ffffffff8f7486e8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x8c/0xae0 [ 940.976630][ T30] #4: ffffffff8dbbcdb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x1a4/0x3b0 [ 940.987316][ T30] 2 locks held by getty/4840: [ 940.992152][ T30] #0: ffff88802f5d80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 941.002145][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 [ 941.012533][ T30] 3 locks held by kworker/1:3/5135: [ 941.017776][ T30] #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 941.028438][ T30] #1: ffffc90003f4fd80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 941.039038][ T30] #2: ffffffff8f7486e8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0x51/0xc0 [ 941.048312][ T30] 1 lock held by syz.0.1695/11932: [ 941.053509][ T30] #0: ffff8880206854c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0x41a/0xe50 [ 941.063191][ T30] 1 lock held by syz.0.1695/11938: [ 941.068703][ T30] #0: ffff8880206854c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x166/0x6f0 [ 941.084757][ T30] 1 lock held by syz.2.1763/12176: [ 941.090024][ T30] #0: ffff8880207a14c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x166/0x6f0 [ 941.099920][ T30] 1 lock held by syz.2.1763/12181: [ 941.105072][ T30] #0: ffff8880207a14c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0x41a/0xe50 [ 941.114536][ T30] 1 lock held by syz-executor/13252: [ 941.119983][ T30] #0: ffffffff8f7486e8 (rtnl_mutex){+.+.}-{3:3}, at: __rtnl_newlink+0x65a/0x1960 [ 941.138602][ T30] 1 lock held by syz.3.2093/13372: [ 941.143789][ T30] #0: ffffffff8f7486e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 941.158426][ T30] 1 lock held by syz.4.2095/13380: [ 941.163594][ T30] #0: ffffffff8f7486e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 941.185188][ T30] 3 locks held by syz.1.2098/13391: [ 941.197493][ T30] #0: ffff888061b24d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x26/0x90 [ 941.207447][ T30] #1: ffff888061b24078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x339/0x1100 [ 941.217480][ T30] #2: ffffffff8dbbcdb8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: exp_funnel_lock+0x1a4/0x3b0 [ 941.228650][ T30] [ 941.231032][ T30] ============================================= [ 941.231032][ T30] [ 941.240748][ T30] NMI backtrace for cpu 1 [ 941.245131][ T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 941.255083][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 941.265274][ T30] Call Trace: [ 941.268622][ T30] [ 941.271689][ T30] dump_stack_lvl+0x116/0x1f0 [ 941.276445][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 941.281478][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 941.287628][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 941.293688][ T30] watchdog+0xf86/0x1240 [ 941.297976][ T30] ? __pfx_watchdog+0x10/0x10 [ 941.302683][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 941.307940][ T30] ? __kthread_parkme+0x148/0x220 [ 941.313009][ T30] ? __pfx_watchdog+0x10/0x10 [ 941.317797][ T30] kthread+0x2c1/0x3a0 [ 941.321910][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 941.327148][ T30] ? __pfx_kthread+0x10/0x10 [ 941.331770][ T30] ret_from_fork+0x45/0x80 [ 941.336251][ T30] ? __pfx_kthread+0x10/0x10 [ 941.340962][ T30] ret_from_fork_asm+0x1a/0x30 [ 941.345775][ T30] [ 941.351570][ T30] Sending NMI from CPU 1 to CPUs 0: [ 941.356847][ C0] NMI backtrace for cpu 0 [ 941.356874][ C0] CPU: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 941.356904][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 941.356921][ C0] Workqueue: bat_events batadv_nc_worker [ 941.356950][ C0] RIP: 0010:__lock_acquire+0xcbf/0x3b30 [ 941.356994][ C0] Code: e0 0d 44 09 e8 98 29 d8 8b 5c 24 68 31 d8 8b 5c 24 48 89 c2 29 c1 c1 c2 06 31 ca 01 d8 29 d3 89 d9 89 d3 01 c2 c1 c3 08 31 cb <89> d9 29 d8 01 d3 c1 c1 10 89 de 31 c8 89 c1 29 c2 01 d8 c1 c9 0d [ 941.357020][ C0] RSP: 0018:ffffc90000107950 EFLAGS: 00000086 [ 941.357040][ C0] RAX: 00000000e92e492f RBX: 00000000922e4a05 RCX: 00000000ca3a82b9 [ 941.357058][ C0] RDX: 00000000a5865df7 RSI: 0000000000000008 RDI: ffffffff942690e8 [ 941.357075][ C0] RBP: ffffffff942be0d0 R08: 0000000000000000 R09: fffffbfff284ce58 [ 941.357093][ C0] R10: ffffffff942672c7 R11: 0000000000000002 R12: ffffed1002e5e8db [ 941.357110][ C0] R13: 0000000000000021 R14: ffff8880172f4730 R15: 0000000000000004 [ 941.357127][ C0] FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 941.357153][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 941.357171][ C0] CR2: 0000001b302f0ff8 CR3: 000000002f76c000 CR4: 00000000003506f0 [ 941.357189][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 941.357205][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 941.357221][ C0] Call Trace: [ 941.357231][ C0] [ 941.357240][ C0] ? show_regs+0x8c/0xa0 [ 941.357278][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 941.357318][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 941.357354][ C0] ? nmi_handle+0x1a9/0x5c0 [ 941.357393][ C0] ? __lock_acquire+0xcbf/0x3b30 [ 941.357433][ C0] ? default_do_nmi+0x6a/0x160 [ 941.357461][ C0] ? exc_nmi+0x170/0x1e0 [ 941.357483][ C0] ? end_repeat_nmi+0xf/0x53 [ 941.357511][ C0] ? __lock_acquire+0xcbf/0x3b30 [ 941.357549][ C0] ? __lock_acquire+0xcbf/0x3b30 [ 941.357588][ C0] ? __lock_acquire+0xcbf/0x3b30 [ 941.357626][ C0] [ 941.357634][ C0] [ 941.357646][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 941.357689][ C0] ? __pfx_register_lock_class+0x10/0x10 [ 941.357731][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 941.357771][ C0] lock_acquire+0x1b1/0x560 [ 941.357811][ C0] ? batadv_nc_worker+0x168/0x10f0 [ 941.357836][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 941.357875][ C0] ? batadv_nc_worker+0x8e9/0x10f0 [ 941.357899][ C0] ? __pfx_lock_release+0x10/0x10 [ 941.357939][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 941.357979][ C0] batadv_nc_worker+0x16e/0x10f0 [ 941.358003][ C0] ? batadv_nc_worker+0x168/0x10f0 [ 941.358030][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 941.358054][ C0] ? __pfx_lock_release+0x10/0x10 [ 941.358097][ C0] process_one_work+0x9c5/0x1b40 [ 941.358127][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 941.358152][ C0] ? __pfx_process_one_work+0x10/0x10 [ 941.358181][ C0] ? assign_work+0x1a0/0x250 [ 941.358221][ C0] worker_thread+0x6c8/0xf30 [ 941.358251][ C0] ? __pfx_worker_thread+0x10/0x10 [ 941.358276][ C0] kthread+0x2c1/0x3a0 [ 941.358308][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 941.358336][ C0] ? __pfx_kthread+0x10/0x10 [ 941.358370][ C0] ret_from_fork+0x45/0x80 [ 941.358420][ C0] ? __pfx_kthread+0x10/0x10 [ 941.358455][ C0] ret_from_fork_asm+0x1a/0x30 [ 941.358505][ C0] [ 941.393210][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 941.393233][ T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 941.393273][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 941.393294][ T30] Call Trace: [ 941.393306][ T30] [ 941.393320][ T30] dump_stack_lvl+0x3d/0x1f0 [ 941.393377][ T30] panic+0x6f5/0x7a0 [ 941.393429][ T30] ? __pfx_panic+0x10/0x10 [ 941.393481][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 941.393518][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 941.393568][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 941.393605][ T30] ? watchdog+0xd3d/0x1240 [ 941.393639][ T30] ? watchdog+0xd30/0x1240 [ 941.393676][ T30] watchdog+0xd4e/0x1240 [ 941.393713][ T30] ? __pfx_watchdog+0x10/0x10 [ 941.393748][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 941.393792][ T30] ? __kthread_parkme+0x148/0x220 [ 941.393836][ T30] ? __pfx_watchdog+0x10/0x10 [ 941.393872][ T30] kthread+0x2c1/0x3a0 [ 941.393913][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 941.393950][ T30] ? __pfx_kthread+0x10/0x10 [ 941.393993][ T30] ret_from_fork+0x45/0x80 [ 941.394043][ T30] ? __pfx_kthread+0x10/0x10 [ 941.394086][ T30] ret_from_fork_asm+0x1a/0x30 [ 941.394142][ T30] [ 941.394651][ T30] Kernel Offset: disabled [ 941.821598][ T30] Rebooting in 86400 seconds..