last executing test programs: 3m13.651752718s ago: executing program 0 (id=5815): r0 = syz_open_dev$swradio(&(0x7f0000000dc0), 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000e00)={0x1, 0x5, 0x1}) 2m36.646605275s ago: executing program 0 (id=5815): r0 = syz_open_dev$swradio(&(0x7f0000000dc0), 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000e00)={0x1, 0x5, 0x1}) 1m45.586755726s ago: executing program 0 (id=5815): r0 = syz_open_dev$swradio(&(0x7f0000000dc0), 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000e00)={0x1, 0x5, 0x1}) 1m19.537247548s ago: executing program 0 (id=5815): r0 = syz_open_dev$swradio(&(0x7f0000000dc0), 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000e00)={0x1, 0x5, 0x1}) 47.436620721s ago: executing program 0 (id=5815): r0 = syz_open_dev$swradio(&(0x7f0000000dc0), 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000e00)={0x1, 0x5, 0x1}) 24.126878313s ago: executing program 0 (id=5815): r0 = syz_open_dev$swradio(&(0x7f0000000dc0), 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000e00)={0x1, 0x5, 0x1}) 6.609811744s ago: executing program 2 (id=6660): timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) bind$nfc_llcp(r0, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab91e8ff0055e1c0d48bd63ffdb93bd43a847a1597c8ef03bc5be42200"}, 0x60) 6.237900416s ago: executing program 2 (id=6663): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}, @NFT_MSG_DELSET={0x20, 0xb, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0) 5.940559608s ago: executing program 2 (id=6665): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='fd\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r0, 0x0) 5.189298829s ago: executing program 1 (id=6666): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fb000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x83, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa"], 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getrlimit(0xf, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000380)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpuset.mems\x00', 0x2, 0x0) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r5, &(0x7f0000000080)={0x0, 0xfe}, 0x8) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'veth0_macvtap\x00', 0x2}) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x2, 0x0, @loopback}, 0x1c) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f00000000c0)=@framed={{0x46, 0xa, 0x0, 0x0, 0x20000000, 0x79, 0x10, 0x98}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a80)={r6, 0xe0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000800)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x8, 0x0, 0x0}}, 0x10) 3.925460869s ago: executing program 1 (id=6667): bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000400)={@cgroup, 0xffffffffffffffff, 0x24, 0x0, 0x0, @prog_id=0xffffffffffffffff}, 0x20) 3.857275187s ago: executing program 2 (id=6668): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ed50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r2, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x4e24, 0x0, @mcast2, 0x7}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000a20000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb00"/400], 0x190) syz_emit_ethernet(0x4e, &(0x7f0000001600)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000202", 0x18, 0x6, 0x0, @remote, @mcast2, {[], @mld={0x0, 0x0, 0x0, 0x0, 0x3, @dev={0xfe, 0x80, '\x00', 0x22}}}}}}}, 0x0) 3.794801421s ago: executing program 1 (id=6669): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() sched_setscheduler(r1, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r2 = io_uring_setup(0x666, &(0x7f00000002c0)={0x0, 0x0, 0x2}) connect$inet(0xffffffffffffffff, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000004580)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') creat(&(0x7f0000000100)='./bus\x00', 0x0) r3 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0) r4 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2008002) sendfile(r3, r4, 0x0, 0x80000001) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000240)=@reiserfs_2={0x4b, 0x2, {0xb}}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) socket$nl_generic(0x10, 0x3, 0x10) dup2(0xffffffffffffffff, 0xffffffffffffffff) 1.852053927s ago: executing program 3 (id=6670): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x8}]}]}, 0x60}}, 0x0) 1.601606507s ago: executing program 3 (id=6672): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0x3a}, @IFLA_GSO_MAX_SEGS={0x8}]}, 0x44}}, 0x0) 1.532472718s ago: executing program 1 (id=6673): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macsec0\x00'}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) prctl$PR_MCE_KILL(0x43, 0x0, 0x0) 1.524129248s ago: executing program 2 (id=6674): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) fcntl$setlease(r0, 0x400, 0x0) setxattr$system_posix_acl(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x0) r3 = dup(r2) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r3, 0xc0245720, &(0x7f0000000040)) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000023000/0x2000)=nil, 0x2000, 0x2, 0x10, r3, 0x3000) r7 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_mptcp(0x2, 0x1, 0x106) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x38, r8, 0x205, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private}]}]}, 0x38}}, 0x0) preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/116, 0x74}], 0x1, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe80000000000000000000", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f00003ef000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000000380)="0f201766b9e309000066b83f46151e66ba1cc889580f302ef4ba6100ed0f0966b90602000066b80100000066ba000000000f300f20c06635000000400f22c066adbaa100ecf9", 0x25}], 0x1, 0x0, 0x0, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r4, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r10, &(0x7f0000000000)={0x27}, 0x74) 1.418080977s ago: executing program 4 (id=6675): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}, @NFT_MSG_DELSET={0x20, 0xb, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0) 1.329491107s ago: executing program 3 (id=6676): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fanotify_init(0x0, 0x0) r3 = dup(r0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r3, r4, 0x100000000, 0x0) fanotify_mark(r2, 0x1, 0x1, r3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) 1.268184261s ago: executing program 4 (id=6677): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000300)) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x81) 1.205643285s ago: executing program 1 (id=6678): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='fd\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fstat(r0, 0x0) 970.561968ms ago: executing program 4 (id=6679): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x98, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x59, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @val, @val={0x3, 0x1}, @val={0x4, 0x6}, @void, @void, @val={0x25, 0x3}, @val={0x2a, 0x1}, @void, @val={0x2d, 0x1a}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SMPS_MODE={0x5}]}, 0x98}}, 0x0) 844.012617ms ago: executing program 4 (id=6680): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, 0x0, 0x0) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000200)=0x41c16f48c89e823e, 0x4) 392.246278ms ago: executing program 2 (id=6681): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001840)={r0, r2, 0x25, 0x0, @val=@netfilter}, 0x40) syz_emit_ethernet(0xe, &(0x7f0000001540)={@empty, @link_local, @void}, 0x0) 350.383439ms ago: executing program 3 (id=6682): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r0 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x101001) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000300)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000140)="aaef12c9e843", 0x0, 0x0, 0x0, 0x0, 0x0}) 268.415928ms ago: executing program 4 (id=6683): clock_adjtime(0x0, &(0x7f0000005480)={0x7f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}) 248.95349ms ago: executing program 1 (id=6684): unshare(0x2a020400) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r0, &(0x7f00000001c0)={0x2}, 0x12) 174.631264ms ago: executing program 3 (id=6685): creat(&(0x7f0000000280)='./file0\x00', 0x0) write(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fchdir(0xffffffffffffffff) fchownat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) 172.819438ms ago: executing program 4 (id=6686): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0x3a}, @IFLA_GSO_MAX_SEGS={0x8}]}, 0x44}}, 0x0) 0s ago: executing program 3 (id=6687): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}, @NFT_MSG_DELSET={0x20, 0xb, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}}, 0x0) kernel console output (not intermixed with test programs): 377.261188][T15309] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1377.281444][T15309] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1377.305262][T15309] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1377.313207][T15309] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1377.321374][T15309] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1377.621199][ T29] audit: type=1804 audit(2000000137.842:1300): pid=21941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.6085" name="/root/syzkaller.YnjLld/6/bus" dev="sda1" ino=2162 res=1 errno=0 [ 1377.657206][ T29] audit: type=1804 audit(2000000137.842:1301): pid=21941 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.6085" name="/root/syzkaller.YnjLld/6/bus" dev="sda1" ino=2162 res=1 errno=0 [ 1377.764372][T17292] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1377.888163][T21789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1378.105553][T17292] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1378.402613][T17292] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1378.761962][T17292] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1379.235729][ T29] audit: type=1400 audit(2000000139.462:1302): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="#!" requested=w pid=21964 comm="syz.3.6088" [ 1379.402023][T21811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1379.408346][T12029] Bluetooth: hci2: command tx timeout [ 1379.473326][T21789] veth0_vlan: entered promiscuous mode [ 1379.591868][T17292] bridge_slave_1: left allmulticast mode [ 1379.608295][T17292] bridge_slave_1: left promiscuous mode [ 1379.619098][T17292] bridge0: port 2(bridge_slave_1) entered disabled state [ 1379.649408][T17292] bridge_slave_0: left allmulticast mode [ 1379.655276][T17292] bridge_slave_0: left promiscuous mode [ 1379.670216][T17292] bridge0: port 1(bridge_slave_0) entered disabled state [ 1381.179800][T17292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1381.216427][T17292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1381.249782][T17292] bond0 (unregistering): Released all slaves [ 1381.391369][T21789] veth1_vlan: entered promiscuous mode [ 1381.492320][T12029] Bluetooth: hci2: command tx timeout [ 1381.517236][T21932] chnl_net:caif_netlink_parms(): no params data found [ 1382.361716][T21811] veth0_vlan: entered promiscuous mode [ 1382.439608][T17292] hsr_slave_0: left promiscuous mode [ 1382.467822][T17292] hsr_slave_1: left promiscuous mode [ 1382.508092][T17292] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1382.532201][T17292] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1382.553450][T17292] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1382.578023][T17292] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1382.661170][T17292] veth1_macvtap: left promiscuous mode [ 1382.672598][T17292] veth0_macvtap: left promiscuous mode [ 1382.683281][T17292] veth1_vlan: left promiscuous mode [ 1382.691278][T17292] veth0_vlan: left promiscuous mode [ 1383.552770][T12029] Bluetooth: hci2: command tx timeout [ 1384.419648][T17292] team0 (unregistering): Port device team_slave_1 removed [ 1384.504266][T17292] team0 (unregistering): Port device team_slave_0 removed [ 1385.630895][T12029] Bluetooth: hci2: command tx timeout [ 1385.986130][T21789] veth0_macvtap: entered promiscuous mode [ 1386.011632][T21789] veth1_macvtap: entered promiscuous mode [ 1386.103916][T21932] bridge0: port 1(bridge_slave_0) entered blocking state [ 1386.111126][T21932] bridge0: port 1(bridge_slave_0) entered disabled state [ 1386.152457][T21932] bridge_slave_0: entered allmulticast mode [ 1386.160233][T21932] bridge_slave_0: entered promiscuous mode [ 1386.191114][T21932] bridge0: port 2(bridge_slave_1) entered blocking state [ 1386.201820][T21932] bridge0: port 2(bridge_slave_1) entered disabled state [ 1386.209156][T21932] bridge_slave_1: entered allmulticast mode [ 1386.238337][T21932] bridge_slave_1: entered promiscuous mode [ 1386.280577][T21811] veth1_vlan: entered promiscuous mode [ 1386.386626][T21932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1386.441317][T21932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1386.615150][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1386.650168][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1386.670087][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1386.681858][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1386.720089][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1386.760069][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1386.770113][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1386.800090][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1386.810451][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1386.827049][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1386.843242][T21789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1386.917610][T21932] team0: Port device team_slave_0 added [ 1387.005718][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.039255][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.050767][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.063637][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.074393][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.088541][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.104316][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.115245][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.125735][T21789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1387.137644][T21789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1387.154638][T21789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1387.173493][T21932] team0: Port device team_slave_1 added [ 1387.215681][T21789] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1387.237775][T21789] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1387.266039][T21789] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1387.288337][T21789] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1387.458658][T21932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1387.500191][T21932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1387.537137][T21932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1387.591595][T21932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1387.598919][T21932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1387.732849][T21932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1387.822983][T17292] IPVS: stop unused estimator thread 0... [ 1387.905173][T21811] veth0_macvtap: entered promiscuous mode [ 1388.042374][T21932] hsr_slave_0: entered promiscuous mode [ 1388.049077][T21932] hsr_slave_1: entered promiscuous mode [ 1388.174935][T21811] veth1_macvtap: entered promiscuous mode [ 1388.379180][T17423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1388.403492][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1388.429044][T17423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1388.436550][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.449653][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1388.461075][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.471281][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1388.483032][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.522126][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1388.535505][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.551231][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1388.570751][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.620471][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1388.650691][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.699097][T21811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1388.771132][T22036] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1388.791930][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.829457][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.849298][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.906900][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1388.926251][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1388.966588][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.003592][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1389.017766][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.037659][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1389.052734][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.093363][T21811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1389.109130][T21811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1389.154400][T21811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1389.224385][T21811] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.241190][ T2437] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1389.261033][T21811] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.270119][ T2437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1389.278908][T21811] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.288871][T21811] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.632243][ T29] audit: type=1326 audit(2000000149.899:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22039 comm="syz.2.6112" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd3c4b75b99 code=0x0 [ 1389.762536][T14023] usb 5-1: new low-speed USB device number 66 using dummy_hcd [ 1389.851486][ T2456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1389.859838][ T2456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1389.962052][T14023] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1389.990994][T14023] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 1390.016290][T14023] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 1390.044414][T14023] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1390.069799][T14023] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1390.077930][T17423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1390.090271][T14023] usb 5-1: Product: ⾍傚⺖ꪒ킞밉錠륅䮐ʲ둭懼脎ꁗ䧩䗙辑䖏匥៑؟죜಻ꢙ龐葅꘯뎟꛸গ⢕ⷶ頋䍉䈧醺鏙柩ᶇ귺ⲁˬ뀏먻刉ᄉ跁딳鄼촦薉Ḩ犖䊝雐굺淙뉳폟ꎿ緞튿탅㇫됭옫㦘䷐똦秄辄ݒ랔侳瞡湆ꁷ뀫샅䰧닒䨒䋪昦帩ꢛ䘬旹暫뢼Ѹ紜㳺찫陉贏﮹岛⭣ᩨ됶컈侫ꏜ [ 1390.146562][T17423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1390.173014][T14023] usb 5-1: Manufacturer: Џ [ 1390.177916][T14023] usb 5-1: SerialNumber: х [ 1390.213431][T22038] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1390.222799][T22038] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1390.368914][T22055] netlink: 'syz.3.6115': attribute type 11 has an invalid length. [ 1390.385174][T22055] netlink: 210876 bytes leftover after parsing attributes in process `syz.3.6115'. [ 1390.501006][T14023] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 1390.548572][T14023] usb 5-1: USB disconnect, device number 66 [ 1390.877530][ T2437] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1390.938180][T21932] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1390.967427][T21932] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1391.004308][T21932] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1391.098398][ T2437] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1391.152550][T21932] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1391.254425][ T2437] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1391.526249][ T2437] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1392.765725][T21932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1392.933110][T15309] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1392.954586][ T2437] bridge_slave_1: left allmulticast mode [ 1392.955331][T15309] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1392.990588][T15309] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1392.998329][ T2437] bridge_slave_1: left promiscuous mode [ 1393.004215][ T2437] bridge0: port 2(bridge_slave_1) entered disabled state [ 1393.014690][T15309] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1393.037290][T15309] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1393.045120][T15309] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1393.054918][ T29] audit: type=1804 audit(2000000153.335:1304): pid=22082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.6125" name="/root/syzkaller.YnjLld/29/bus" dev="sda1" ino=2167 res=1 errno=0 [ 1393.117814][ T2437] bridge_slave_0: left allmulticast mode [ 1393.123610][ T2437] bridge_slave_0: left promiscuous mode [ 1393.130749][ T2437] bridge0: port 1(bridge_slave_0) entered disabled state [ 1393.158902][ T29] audit: type=1804 audit(2000000153.355:1305): pid=22082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.6125" name="/root/syzkaller.YnjLld/29/bus" dev="sda1" ino=2167 res=1 errno=0 [ 1393.394884][ T29] audit: type=1326 audit(2000000153.657:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22086 comm="syz.4.6127" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa054375b99 code=0x0 [ 1395.135817][ T2437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1395.152337][ T2437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1395.162414][T15309] Bluetooth: hci0: command tx timeout [ 1395.193475][ T2437] bond0 (unregistering): Released all slaves [ 1395.305491][T21932] 8021q: adding VLAN 0 to HW filter on device team0 [ 1395.501304][T13994] bridge0: port 1(bridge_slave_0) entered blocking state [ 1395.508527][T13994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1395.542790][T13994] bridge0: port 2(bridge_slave_1) entered blocking state [ 1395.550077][T13994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1396.431610][ T2437] hsr_slave_0: left promiscuous mode [ 1396.456360][ T2437] hsr_slave_1: left promiscuous mode [ 1396.478779][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1396.506953][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1396.582951][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1396.590451][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1396.757093][ T2437] veth1_macvtap: left promiscuous mode [ 1396.780519][ T2437] veth0_macvtap: left promiscuous mode [ 1396.786375][ T2437] veth1_vlan: left promiscuous mode [ 1396.809376][ T2437] veth0_vlan: left promiscuous mode [ 1397.227944][T15309] Bluetooth: hci0: command tx timeout [ 1397.740086][T12029] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1397.765178][T12029] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1397.781670][T12029] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1397.806778][T12029] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1397.814979][T12029] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1397.822727][T12029] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1398.181057][T13984] usb 3-1: new full-speed USB device number 29 using dummy_hcd [ 1398.380862][T13984] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1398.421137][T13984] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1398.454141][T13984] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1398.463718][T13984] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1398.495030][T13984] usb 3-1: SerialNumber: syz [ 1398.504523][T13984] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 1398.513691][T13984] usb-storage 3-1:1.0: USB Mass Storage device detected [ 1398.569966][T13984] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1398.579407][T13984] scsi host1: usb-storage 3-1:1.0 [ 1398.820774][T11021] usb 3-1: USB disconnect, device number 29 [ 1399.242477][ T2437] team0 (unregistering): Port device team_slave_1 removed [ 1399.295230][T12029] Bluetooth: hci0: command tx timeout [ 1399.412826][ T2437] team0 (unregistering): Port device team_slave_0 removed [ 1399.937375][T12029] Bluetooth: hci4: command tx timeout [ 1401.362176][T12029] Bluetooth: hci0: command tx timeout [ 1401.863957][T22078] chnl_net:caif_netlink_parms(): no params data found [ 1401.995456][T12029] Bluetooth: hci4: command tx timeout [ 1402.306134][T22181] openvswitch: netlink: IP tunnel attribute has 2 unknown bytes. [ 1402.359496][T22078] bridge0: port 1(bridge_slave_0) entered blocking state [ 1402.402916][T22078] bridge0: port 1(bridge_slave_0) entered disabled state [ 1402.411212][T22078] bridge_slave_0: entered allmulticast mode [ 1402.436087][T22078] bridge_slave_0: entered promiscuous mode [ 1402.480656][T22078] bridge0: port 2(bridge_slave_1) entered blocking state [ 1402.492221][T22078] bridge0: port 2(bridge_slave_1) entered disabled state [ 1402.499663][T22078] bridge_slave_1: entered allmulticast mode [ 1402.517345][T22078] bridge_slave_1: entered promiscuous mode [ 1402.756384][T22187] input: syz1 as /devices/virtual/input/input59 [ 1402.806584][T21932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1402.845784][T22078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1402.875596][T22078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1403.139728][T22078] team0: Port device team_slave_0 added [ 1403.173018][T22147] chnl_net:caif_netlink_parms(): no params data found [ 1403.199234][T22078] team0: Port device team_slave_1 added [ 1403.362055][ T2437] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1403.634121][ T2437] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1403.670653][T22078] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1403.686561][T22078] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1403.744621][T22078] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1403.759760][T22078] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1403.768087][T22078] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1403.836567][T22078] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1403.969650][ T2437] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1404.062780][T12029] Bluetooth: hci4: command tx timeout [ 1404.168809][ T2437] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1404.432964][T22078] hsr_slave_0: entered promiscuous mode [ 1404.458805][T22078] hsr_slave_1: entered promiscuous mode [ 1404.505170][T22078] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1404.524482][T22078] Cannot create hsr debugfs directory [ 1404.815760][T22147] bridge0: port 1(bridge_slave_0) entered blocking state [ 1404.831743][T22147] bridge0: port 1(bridge_slave_0) entered disabled state [ 1404.853148][T22147] bridge_slave_0: entered allmulticast mode [ 1404.889022][T22147] bridge_slave_0: entered promiscuous mode [ 1404.931600][T22147] bridge0: port 2(bridge_slave_1) entered blocking state [ 1404.947065][T22147] bridge0: port 2(bridge_slave_1) entered disabled state [ 1404.955449][T22147] bridge_slave_1: entered allmulticast mode [ 1404.978660][T22147] bridge_slave_1: entered promiscuous mode [ 1404.989624][ T29] audit: type=1800 audit(2000000165.365:1307): pid=22219 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.6168" name="bus" dev="sda1" ino=2162 res=0 errno=0 [ 1405.056600][ T29] audit: type=1800 audit(2000000165.365:1308): pid=22219 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.6168" name="bus" dev="sda1" ino=2162 res=0 errno=0 [ 1405.220188][T22147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1405.240892][T22147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1405.418144][ T2437] bridge_slave_1: left allmulticast mode [ 1405.424878][ T2437] bridge_slave_1: left promiscuous mode [ 1405.434651][ T2437] bridge0: port 2(bridge_slave_1) entered disabled state [ 1405.449303][ T2437] bridge_slave_0: left allmulticast mode [ 1405.462189][ T2437] bridge_slave_0: left promiscuous mode [ 1405.471425][ T2437] bridge0: port 1(bridge_slave_0) entered disabled state [ 1406.140105][T12029] Bluetooth: hci4: command tx timeout [ 1406.667394][ T2437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1406.690600][ T2437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1406.712276][ T2437] bond0 (unregistering): Released all slaves [ 1406.774555][T22147] team0: Port device team_slave_0 added [ 1406.829006][T22147] team0: Port device team_slave_1 added [ 1406.946000][T21932] veth0_vlan: entered promiscuous mode [ 1407.133508][T22147] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1407.146495][T22147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1407.177731][T22147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1407.257988][T21932] veth1_vlan: entered promiscuous mode [ 1407.267978][T22147] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1407.276284][T22147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1407.347487][T22147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1407.707583][ T2437] hsr_slave_0: left promiscuous mode [ 1407.720585][ T2437] hsr_slave_1: left promiscuous mode [ 1407.726835][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1407.744768][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1407.760850][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1407.772163][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1407.836285][ T2437] veth1_macvtap: left promiscuous mode [ 1407.842824][ T2437] veth0_macvtap: left promiscuous mode [ 1407.848687][ T2437] veth1_vlan: left promiscuous mode [ 1407.860148][ T2437] veth0_vlan: left promiscuous mode [ 1409.739177][T22260] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 1409.745786][T22260] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1409.828113][T22260] vhci_hcd vhci_hcd.0: Device attached [ 1409.954180][T22267] tmpfs: Cannot retroactively limit inodes [ 1410.723154][T22261] vhci_hcd: connection closed [ 1410.743090][T13915] vhci_hcd: stop threads [ 1410.753662][T13915] vhci_hcd: release socket [ 1410.776950][T13915] vhci_hcd: disconnect device [ 1410.823886][T13994] vhci_hcd: vhci_device speed not set [ 1410.831952][ T2437] team0 (unregistering): Port device team_slave_1 removed [ 1410.994671][ T2437] team0 (unregistering): Port device team_slave_0 removed [ 1411.548442][T20834] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1411.757083][T20834] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1411.779058][T20834] usb 4-1: language id specifier not provided by device, defaulting to English [ 1411.849951][T20834] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1411.866609][T20834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1411.874920][T20834] usb 4-1: Product: syz [ 1411.880263][T20834] usb 4-1: Manufacturer: 墓奖抙㤲೭紟寴間嘥龭迺ꢸ纫稞薃튅플ິ脒Ĩ㊍籨揾₝䟌ꚟ扢덡恠鈫򉐡 [ 1411.919303][T20834] usb 4-1: SerialNumber: syz [ 1411.946834][T20834] usb 4-1: bad CDC descriptors [ 1412.235896][T20834] usb 4-1: USB disconnect, device number 45 [ 1413.205986][T22147] hsr_slave_0: entered promiscuous mode [ 1413.250354][T22147] hsr_slave_1: entered promiscuous mode [ 1413.262572][T22147] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1413.278977][T22147] Cannot create hsr debugfs directory [ 1413.923259][T21932] veth0_macvtap: entered promiscuous mode [ 1414.090592][T21932] veth1_macvtap: entered promiscuous mode [ 1414.357246][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.387148][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.416195][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.487359][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.522273][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.551758][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.585208][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.608386][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.618779][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.646286][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.693478][T21932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1414.794251][T15309] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1414.808347][T15309] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1414.818925][T15309] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1414.841362][T15309] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1414.851101][T15309] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1414.859083][T15309] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1415.042286][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1415.070052][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.089873][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1415.119309][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.164761][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1415.189459][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.199562][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1415.213303][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.223380][T21932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1415.233903][T21932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1415.269544][T21932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1415.284430][T21932] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.293756][T21932] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.308152][T21932] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.338119][T21932] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.680614][ T2437] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1416.052058][ T2437] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1416.207802][T22078] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1416.366131][ T2437] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1416.412904][T22078] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1416.433938][T22078] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1416.625164][ T2437] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1416.671482][T22078] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1416.960961][T15309] Bluetooth: hci5: command tx timeout [ 1416.981081][T12029] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1417.005165][T12029] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1417.029845][T12029] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1417.042883][T12029] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1417.052086][T12029] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1417.061499][T12029] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1417.189112][T17423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1417.196974][T17423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1417.448336][ T2437] bridge_slave_1: left allmulticast mode [ 1417.454065][ T2437] bridge_slave_1: left promiscuous mode [ 1417.517043][ T2437] bridge0: port 2(bridge_slave_1) entered disabled state [ 1417.617978][ T2437] bridge_slave_0: left allmulticast mode [ 1417.624179][ T2437] bridge_slave_0: left promiscuous mode [ 1417.666732][ T2437] bridge0: port 1(bridge_slave_0) entered disabled state [ 1418.787816][ T2437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1418.824410][ T2437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1418.843399][ T2437] bond0 (unregistering): Released all slaves [ 1418.903278][T13915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1418.969896][T13915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1419.021428][T12029] Bluetooth: hci5: command tx timeout [ 1419.179576][T12029] Bluetooth: hci3: command tx timeout [ 1419.875492][ T2437] hsr_slave_0: left promiscuous mode [ 1419.886186][ T2437] hsr_slave_1: left promiscuous mode [ 1419.905321][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1419.912907][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1419.935031][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1419.942733][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1420.002811][ T2437] veth1_macvtap: left promiscuous mode [ 1420.010504][ T2437] veth0_macvtap: left promiscuous mode [ 1420.024822][ T2437] veth1_vlan: left promiscuous mode [ 1420.030943][ T2437] veth0_vlan: left promiscuous mode [ 1421.089569][T12029] Bluetooth: hci5: command tx timeout [ 1421.139196][ T5142] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1421.249403][T12029] Bluetooth: hci3: command tx timeout [ 1421.348134][ T5142] usb 2-1: Using ep0 maxpacket: 8 [ 1421.356518][ T5142] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1421.365476][ T5142] usb 2-1: config 0 has no interface number 0 [ 1421.378047][ T5142] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1421.397920][ T5142] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1421.407192][ T5142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1421.430050][ T5142] usb 2-1: config 0 descriptor?? [ 1421.442398][ T5142] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1421.876252][ T2437] team0 (unregistering): Port device team_slave_1 removed [ 1422.109741][ T2437] team0 (unregistering): Port device team_slave_0 removed [ 1422.237111][T22314] sg_write: data in/out 830110031/371 bytes for SCSI command 0x0-- guessing data in; [ 1422.237111][T22314] program syz.1.6207 not setting count and/or reply_len properly [ 1422.341977][T13994] usb 2-1: USB disconnect, device number 42 [ 1422.351034][T13994] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected [ 1423.179169][T12029] Bluetooth: hci5: command tx timeout [ 1423.241917][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.248880][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.319011][T12029] Bluetooth: hci3: command tx timeout [ 1424.058696][T22147] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1424.175825][T22147] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1424.194576][T22292] chnl_net:caif_netlink_parms(): no params data found [ 1424.260726][T22147] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1424.326619][T22147] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1424.670415][T22078] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1425.137738][T22078] 8021q: adding VLAN 0 to HW filter on device team0 [ 1425.229275][T22292] bridge0: port 1(bridge_slave_0) entered blocking state [ 1425.246027][T22292] bridge0: port 1(bridge_slave_0) entered disabled state [ 1425.260363][T22292] bridge_slave_0: entered allmulticast mode [ 1425.284116][T22292] bridge_slave_0: entered promiscuous mode [ 1425.330700][T22296] chnl_net:caif_netlink_parms(): no params data found [ 1425.390046][T12029] Bluetooth: hci3: command tx timeout [ 1425.422703][T22292] bridge0: port 2(bridge_slave_1) entered blocking state [ 1425.469287][T22292] bridge0: port 2(bridge_slave_1) entered disabled state [ 1425.477016][T22292] bridge_slave_1: entered allmulticast mode [ 1425.500757][T22292] bridge_slave_1: entered promiscuous mode [ 1425.510625][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state [ 1425.517937][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1425.774996][T14023] bridge0: port 2(bridge_slave_1) entered blocking state [ 1425.782231][T14023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1425.889377][T22292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1425.943022][T22292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1426.095810][T13994] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1426.313831][T13994] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1426.347969][T13994] usb 2-1: language id specifier not provided by device, defaulting to English [ 1426.387510][T13994] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1426.427231][ T2437] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1426.439008][T13994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1426.449145][T13994] usb 2-1: Product: syz [ 1426.463772][T13994] usb 2-1: Manufacturer: 墓奖抙㤲೭紟寴間嘥龭迺ꢸ纫稞薃튅플ິ脒Ĩ㊍籨揾₝䟌ꚟ扢덡恠鈫򉐡 [ 1426.484234][T22296] bridge0: port 1(bridge_slave_0) entered blocking state [ 1426.484679][T13994] usb 2-1: SerialNumber: syz [ 1426.520373][T13994] usb 2-1: bad CDC descriptors [ 1426.522647][T22296] bridge0: port 1(bridge_slave_0) entered disabled state [ 1426.538623][T22296] bridge_slave_0: entered allmulticast mode [ 1426.575762][T22296] bridge_slave_0: entered promiscuous mode [ 1426.585373][T22296] bridge0: port 2(bridge_slave_1) entered blocking state [ 1426.593629][T22296] bridge0: port 2(bridge_slave_1) entered disabled state [ 1426.624401][T22296] bridge_slave_1: entered allmulticast mode [ 1426.632796][T22296] bridge_slave_1: entered promiscuous mode [ 1426.745707][T22292] team0: Port device team_slave_0 added [ 1426.841642][ T2437] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1426.870359][T20834] usb 2-1: USB disconnect, device number 43 [ 1426.978444][T22292] team0: Port device team_slave_1 added [ 1427.095162][ T2437] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1427.168340][T22296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1427.287175][T22292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1427.295024][T22292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1427.325154][T22292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1427.378300][T22296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1427.459819][ T2437] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1427.508440][T22292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1427.524605][T22292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1427.567112][T22292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1427.903710][T22296] team0: Port device team_slave_0 added [ 1427.923550][T22296] team0: Port device team_slave_1 added [ 1428.043396][T22292] hsr_slave_0: entered promiscuous mode [ 1428.068353][T22292] hsr_slave_1: entered promiscuous mode [ 1428.090433][T22292] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1428.108062][T22292] Cannot create hsr debugfs directory [ 1429.354296][T22296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1429.361562][T22296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1429.426191][T22296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1429.455118][T22296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1429.471961][T22296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1429.535131][T22296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1429.687519][T22147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1429.906388][T22296] hsr_slave_0: entered promiscuous mode [ 1429.937617][T22296] hsr_slave_1: entered promiscuous mode [ 1429.990751][T22296] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1429.998377][T22296] Cannot create hsr debugfs directory [ 1430.064142][T22078] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1430.107169][ T2437] bridge_slave_1: left allmulticast mode [ 1430.129254][ T2437] bridge_slave_1: left promiscuous mode [ 1430.145483][ T2437] bridge0: port 2(bridge_slave_1) entered disabled state [ 1430.197972][ T2437] bridge_slave_0: left allmulticast mode [ 1430.217253][ T2437] bridge_slave_0: left promiscuous mode [ 1430.256236][ T2437] bridge0: port 1(bridge_slave_0) entered disabled state [ 1431.407830][ T29] audit: type=1804 audit(2000000191.797:1309): pid=22366 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.6220" name="/root/syzkaller.Nqdslk/18/bus" dev="sda1" ino=2170 res=1 errno=0 [ 1432.602049][T11021] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 1432.639289][T11021] hid-generic 0000:0000:0000.001D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1432.662873][T22370] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1432.740571][ T2437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1432.796763][ T2437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1432.840447][ T2437] bond0 (unregistering): Released all slaves [ 1432.850311][ T29] audit: type=1326 audit(2000000193.364:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22369 comm="syz.1.6222" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71c7375b99 code=0x0 [ 1433.014074][T22147] 8021q: adding VLAN 0 to HW filter on device team0 [ 1433.263969][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 1433.271298][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1433.439011][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 1433.446316][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1434.157574][ T2437] hsr_slave_0: left promiscuous mode [ 1434.231751][ T2437] hsr_slave_1: left promiscuous mode [ 1434.262739][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1434.270253][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1434.304131][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1434.311640][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1434.411032][ T2437] veth1_macvtap: left promiscuous mode [ 1434.422160][ T2437] veth0_macvtap: left promiscuous mode [ 1434.432084][ T2437] veth1_vlan: left promiscuous mode [ 1434.437559][ T2437] veth0_vlan: left promiscuous mode [ 1434.525472][T22382] loop7: detected capacity change from 0 to 16384 [ 1434.771072][T22382] I/O error, dev loop7, sector 512 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 1434.790975][T22383] I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1434.812171][T22383] Buffer I/O error on dev loop7, logical block 1, async page read [ 1434.852446][T22383] Dev loop7: unable to read RDB block 8 [ 1434.859732][T22383] loop7: unable to read partition table [ 1434.883410][T22383] loop7: partition table beyond EOD, truncated [ 1434.893386][T22383] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 1435.987882][T22389] Falling back ldisc for ttyS3. [ 1436.526865][ T2437] team0 (unregistering): Port device team_slave_1 removed [ 1436.694515][ T2437] team0 (unregistering): Port device team_slave_0 removed [ 1436.755185][T22404] TCP: TCP_TX_DELAY enabled [ 1438.598744][T22078] veth0_vlan: entered promiscuous mode [ 1438.961145][T22078] veth1_vlan: entered promiscuous mode [ 1439.312447][T22078] veth0_macvtap: entered promiscuous mode [ 1439.329977][T22078] veth1_macvtap: entered promiscuous mode [ 1439.346277][T22409] x_tables: duplicate underflow at hook 3 [ 1439.474299][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1439.513273][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.541328][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1439.563462][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.593038][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1439.619953][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.643590][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1439.660628][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.694561][T22078] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1439.775979][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1439.819137][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.871863][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1439.889529][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.921773][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1439.941586][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1439.961528][T22078] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1439.991551][T22078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1440.009656][T22078] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1440.070425][T22416] sp0: Synchronizing with TNC [ 1440.092363][T22078] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1440.114098][T22418] sp0: Found TNC [ 1440.117716][T22078] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1440.150802][T22078] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1440.170863][T22078] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1440.283052][T22147] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1440.692931][T17292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1440.712803][T17292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1440.853313][T22292] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1440.858818][ T2437] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1440.883130][T22292] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1440.914166][ T2437] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1440.971297][T22292] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1441.039526][T22292] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1441.319720][T22296] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1441.471926][T22296] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1441.556793][ T5145] IPVS: starting estimator thread 0... [ 1441.567426][T22296] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1441.614651][T22147] veth0_vlan: entered promiscuous mode [ 1441.645779][T22438] IPVS: using max 24 ests per chain, 57600 per kthread [ 1441.649962][T22296] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1441.952256][ T2437] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.089951][T22147] veth1_vlan: entered promiscuous mode [ 1442.186918][ T2437] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.315775][ T2437] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.554235][ T2437] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1442.638068][T22147] veth0_macvtap: entered promiscuous mode [ 1442.692748][T22147] veth1_macvtap: entered promiscuous mode [ 1442.812347][T22443] Bluetooth: MGMT ver 1.22 [ 1442.836618][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1442.861724][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1442.890688][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1442.911299][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1442.936886][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1442.968420][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1442.989859][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1443.020797][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1443.080197][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1443.100801][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1443.147262][T22147] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1443.176494][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1443.206276][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1443.227418][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1443.263091][T15309] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1443.275598][T15309] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1443.285795][T15309] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1443.294875][T15309] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1443.304384][T15309] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1443.311946][T15309] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1443.327282][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1443.348557][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1443.443149][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1443.489389][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1443.504614][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1443.525004][T22147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1443.556020][T22147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1443.600926][T22147] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1443.769056][T22147] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.777911][T22147] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.820213][T22147] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1443.858470][T22147] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1444.108273][ T2437] bridge_slave_1: left allmulticast mode [ 1444.113997][ T2437] bridge_slave_1: left promiscuous mode [ 1444.157312][ T2437] bridge0: port 2(bridge_slave_1) entered disabled state [ 1444.178334][ T2437] bridge_slave_0: left allmulticast mode [ 1444.184060][ T2437] bridge_slave_0: left promiscuous mode [ 1444.197318][ T2437] bridge0: port 1(bridge_slave_0) entered disabled state [ 1445.393705][T15309] Bluetooth: hci0: command tx timeout [ 1445.402075][ T2437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1445.415608][ T2437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1445.428633][ T2437] bond0 (unregistering): Released all slaves [ 1445.657228][T22292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1445.769909][ T29] audit: type=1804 audit(2000000206.320:1311): pid=22462 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.6252" name="/root/syzkaller.Nqdslk/50/bus" dev="sda1" ino=2170 res=1 errno=0 [ 1446.359877][T22292] 8021q: adding VLAN 0 to HW filter on device team0 [ 1446.503778][T22296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1446.558691][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 1446.565984][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1446.634654][T14023] bridge0: port 2(bridge_slave_1) entered blocking state [ 1446.641981][T14023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1446.754193][T22464] overlayfs: missing 'lowerdir' [ 1446.831105][ T2427] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1446.849639][ T2427] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1446.887306][T22444] chnl_net:caif_netlink_parms(): no params data found [ 1446.957238][T22464] geneve0: entered promiscuous mode [ 1446.988075][T22464] geneve0: left promiscuous mode [ 1447.043513][T22296] 8021q: adding VLAN 0 to HW filter on device team0 [ 1447.382419][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 1447.389845][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1447.476583][T15309] Bluetooth: hci0: command tx timeout [ 1447.561343][ T2427] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1447.574025][ T2437] hsr_slave_0: left promiscuous mode [ 1447.595853][ T2427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1447.624862][ T2437] hsr_slave_1: left promiscuous mode [ 1447.646177][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1447.653871][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1447.696266][ T2437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1447.703783][ T2437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1447.804964][ T2437] veth1_macvtap: left promiscuous mode [ 1447.812162][ T2437] veth0_macvtap: left promiscuous mode [ 1447.895553][ T2437] veth1_vlan: left promiscuous mode [ 1447.901092][ T2437] veth0_vlan: left promiscuous mode [ 1449.544533][T15309] Bluetooth: hci0: command tx timeout [ 1449.647331][ T2437] team0 (unregistering): Port device team_slave_1 removed [ 1449.850442][ T2437] team0 (unregistering): Port device team_slave_0 removed [ 1451.356944][T20834] bridge0: port 2(bridge_slave_1) entered blocking state [ 1451.364159][T20834] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1451.563513][T22296] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1451.574259][T22296] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1451.614023][T15309] Bluetooth: hci0: command tx timeout [ 1451.846436][T22444] bridge0: port 1(bridge_slave_0) entered blocking state [ 1451.873401][T22444] bridge0: port 1(bridge_slave_0) entered disabled state [ 1451.891388][T22444] bridge_slave_0: entered allmulticast mode [ 1451.921952][T22444] bridge_slave_0: entered promiscuous mode [ 1451.999380][T22444] bridge0: port 2(bridge_slave_1) entered blocking state [ 1452.033606][T22444] bridge0: port 2(bridge_slave_1) entered disabled state [ 1452.041003][T22444] bridge_slave_1: entered allmulticast mode [ 1452.107357][T22444] bridge_slave_1: entered promiscuous mode [ 1452.352132][T22444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1452.399729][T22444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1452.680876][T22483] mkiss: ax0: crc mode is auto. [ 1452.704090][T22444] team0: Port device team_slave_0 added [ 1452.735878][T22444] team0: Port device team_slave_1 added [ 1452.941264][T22444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1452.970565][T22444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1453.048220][T22444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1453.090257][T22444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1453.097281][T22444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1453.157077][T22444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1453.395339][T22296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1453.490605][T22444] hsr_slave_0: entered promiscuous mode [ 1453.518685][T22444] hsr_slave_1: entered promiscuous mode [ 1453.564402][T22444] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1453.572034][T22444] Cannot create hsr debugfs directory [ 1453.656391][T22292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1454.403308][ T29] audit: type=1804 audit(2000000214.917:1312): pid=22503 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.6260" name="/root/syzkaller.Nqdslk/54/bus" dev="sda1" ino=2176 res=1 errno=0 [ 1455.012628][T22296] veth0_vlan: entered promiscuous mode [ 1455.209092][T22296] veth1_vlan: entered promiscuous mode [ 1455.264063][T22292] veth0_vlan: entered promiscuous mode [ 1455.309045][T22292] veth1_vlan: entered promiscuous mode [ 1455.567611][ T29] audit: type=1804 audit(2000000216.137:1313): pid=22521 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6268" name="/root/syzkaller.9d24Ba/9/bus/file0" dev="overlay" ino=2182 res=1 errno=0 [ 1455.640356][T22296] veth0_macvtap: entered promiscuous mode [ 1455.686184][T22517] mkiss: ax0: crc mode is auto. [ 1455.772837][T22296] veth1_macvtap: entered promiscuous mode [ 1455.818147][T22292] veth0_macvtap: entered promiscuous mode [ 1455.905590][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1455.931591][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1455.951873][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1455.968479][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.051815][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1456.061075][T22525] netlink: 'syz.1.6270': attribute type 1 has an invalid length. [ 1456.070791][T22525] netlink: 'syz.1.6270': attribute type 3 has an invalid length. [ 1456.078624][T22525] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6270'. [ 1456.087829][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.087919][T22525] NCSI netlink: No device for ifindex 0 [ 1456.134148][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1456.161455][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.212751][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1456.223596][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.245297][T22296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1456.294784][T22292] veth1_macvtap: entered promiscuous mode [ 1456.461760][T15309] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1456.471711][T15309] Bluetooth: hci4: Injecting HCI hardware error event [ 1456.490180][T12029] Bluetooth: hci4: hardware error 0x00 [ 1456.595206][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1456.621846][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.648753][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1456.659661][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.670110][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1456.698314][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.777287][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1456.817567][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.844639][T22296] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1456.857263][T22296] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.889214][T22296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1456.943602][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1456.969559][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1456.980382][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1456.991230][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.001542][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1457.012306][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.024834][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1457.036016][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.047252][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1457.058130][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.070151][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1457.081890][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.095900][T22292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1457.103565][T22535] netlink: 'syz.1.6274': attribute type 3 has an invalid length. [ 1457.129971][T22296] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1457.175863][T22296] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1457.224283][T22296] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1457.233028][T22296] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1457.298739][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1457.325987][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.358212][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1457.369559][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.379718][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1457.393911][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.403997][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1457.416075][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.432026][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1457.443454][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.454935][T22292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1457.491846][T22292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1457.555391][T22292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1457.585082][ T29] audit: type=1804 audit(2000000218.203:1314): pid=22542 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6277" name="/root/syzkaller.9d24Ba/13/bus/file0" dev="overlay" ino=2167 res=1 errno=0 [ 1457.675509][T22444] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1457.717027][T22444] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1457.749214][T22444] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1457.805500][T22444] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1457.878992][T22292] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1457.918934][T22292] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1457.947211][T22292] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1457.973298][T22292] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1458.180104][T22547] netlink: 'syz.4.6279': attribute type 1 has an invalid length. [ 1458.205374][T22547] netlink: 'syz.4.6279': attribute type 3 has an invalid length. [ 1458.228215][T22547] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6279'. [ 1458.236590][ T2437] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1458.245556][T22547] NCSI netlink: No device for ifindex 0 [ 1458.272295][ T2437] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1458.481184][ T2427] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1458.553960][ T2427] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1458.658747][T13915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1458.693300][T13915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1458.836908][T22444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1458.925673][T12029] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1458.947298][T13915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1458.991489][T13915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1459.016514][T22444] 8021q: adding VLAN 0 to HW filter on device team0 [ 1459.081553][T22561] netlink: 'syz.3.6285': attribute type 3 has an invalid length. [ 1459.101799][ T5090] bridge0: port 1(bridge_slave_0) entered blocking state [ 1459.109103][ T5090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1459.184771][ T5090] bridge0: port 2(bridge_slave_1) entered blocking state [ 1459.192041][ T5090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1459.318492][T12029] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1459.327852][T12029] Bluetooth: hci2: Injecting HCI hardware error event [ 1459.339759][T12029] Bluetooth: hci2: hardware error 0x00 [ 1459.517368][T22444] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1461.072698][T22597] netlink: 'syz.1.6296': attribute type 3 has an invalid length. [ 1461.167552][T22444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1461.615154][T12029] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1462.299608][T22444] veth0_vlan: entered promiscuous mode [ 1462.349188][T22444] veth1_vlan: entered promiscuous mode [ 1462.367495][ T5142] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0 [ 1462.402105][T22608] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1462.409363][T22444] veth0_macvtap: entered promiscuous mode [ 1462.427854][ T5142] hid-generic 0000:0000:0000.001E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 1462.469877][T22444] veth1_macvtap: entered promiscuous mode [ 1462.510890][T22612] nbd: socks must be embedded in a SOCK_ITEM attr [ 1462.539769][ T29] audit: type=1326 audit(2000000223.200:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22606 comm="syz.1.6300" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71c7375b99 code=0x0 [ 1462.601287][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.654528][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.684299][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.703581][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.730571][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.730703][T22617] netlink: 'syz.4.6303': attribute type 1 has an invalid length. [ 1462.784603][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.792822][T22617] netlink: 'syz.4.6303': attribute type 3 has an invalid length. [ 1462.830116][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.832377][T22617] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6303'. [ 1462.868275][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.884252][T22617] NCSI netlink: No device for ifindex 0 [ 1462.904883][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.939441][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.968480][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.994566][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.021472][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1463.066929][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.097465][T22444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1464.320653][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1464.430981][T14023] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1464.480912][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1464.520607][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1464.563335][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1464.589937][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1464.608245][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1464.638964][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1464.781972][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1464.857695][T14023] usb 5-1: Using ep0 maxpacket: 16 [ 1464.869684][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1464.881628][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1464.893463][T14023] usb 5-1: config index 0 descriptor too short (expected 182, got 150) [ 1464.907616][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1464.907653][T13984] usb 4-1: new low-speed USB device number 46 using dummy_hcd [ 1464.918680][T14023] usb 5-1: config 1 has an invalid descriptor of length 170, skipping remainder of the config [ 1464.936243][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1465.149157][T13984] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1465.194654][T13984] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1465.246296][T13984] usb 4-1: too many endpoints for config 1 interface 1 altsetting 0: 222, using maximum allowed: 30 [ 1465.450670][T22444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1465.503431][T13984] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 1465.523498][T22444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1465.533663][T13984] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 222 [ 1465.662438][T14023] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1465.671493][T14023] usb 5-1: config 1 has no interface number 1 [ 1465.677777][T14023] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1465.704017][T22444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1465.728183][T14023] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1465.741775][T13984] usb 4-1: string descriptor 0 read error: -22 [ 1465.742963][T22444] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1465.758992][T13984] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1465.775328][T22444] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1465.786271][T13984] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1465.794784][T14023] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1465.811305][T14023] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1465.820662][T22444] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1465.840224][T14023] usb 5-1: Product: syz [ 1465.842407][T13984] usb 4-1: 0:2 : does not exist [ 1465.844570][T22444] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1465.860045][T22643] nbd: socks must be embedded in a SOCK_ITEM attr [ 1465.869823][T14023] usb 5-1: Manufacturer: syz [ 1465.874697][T14023] usb 5-1: SerialNumber: syz [ 1466.164578][ T5142] usb 4-1: USB disconnect, device number 46 [ 1466.244908][T13915] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1466.292484][T13915] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1466.381771][T22649] netlink: 'syz.1.6317': attribute type 1 has an invalid length. [ 1466.397404][T22649] netlink: 'syz.1.6317': attribute type 3 has an invalid length. [ 1466.409095][T13915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1466.412696][T22649] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6317'. [ 1466.444523][T22649] NCSI netlink: No device for ifindex 0 [ 1466.456192][T22624] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups) [ 1466.459736][T13915] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1466.714161][T14023] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 1466.725261][T14023] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 1466.732708][T14023] usb 5-1: 2:1 : sample bitwidth 63 in over sample bytes 1 [ 1466.774519][T14023] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1467.190250][T14023] usb 5-1: USB disconnect, device number 67 [ 1468.134439][ T2456] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.333837][ T2456] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.486946][ T2456] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.649864][ T2456] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1468.875830][T22665] nbd: socks must be embedded in a SOCK_ITEM attr [ 1468.970595][ T2456] bridge_slave_1: left allmulticast mode [ 1469.019963][ T2456] bridge_slave_1: left promiscuous mode [ 1469.025825][ T2456] bridge0: port 2(bridge_slave_1) entered disabled state [ 1469.073019][ T2456] bridge_slave_0: left allmulticast mode [ 1469.099301][ T2456] bridge_slave_0: left promiscuous mode [ 1469.110018][ T2456] bridge0: port 1(bridge_slave_0) entered disabled state [ 1470.671518][T15309] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1470.686674][T15309] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1470.697350][T15309] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1470.708875][T15309] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1470.717134][T15309] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1470.726541][T15309] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1471.359316][T22702] nbd: socks must be embedded in a SOCK_ITEM attr [ 1472.078534][ T2456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1472.153598][ T2456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1472.165318][ T2456] bond0 (unregistering): Released all slaves [ 1472.588696][T22731] nbd: socks must be embedded in a SOCK_ITEM attr [ 1472.746425][T15309] Bluetooth: hci0: command tx timeout [ 1472.824332][T22729] loop7: detected capacity change from 0 to 16384 [ 1473.260890][T22741] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1473.292842][ T2456] hsr_slave_0: left promiscuous mode [ 1473.297802][T22729] I/O error, dev loop7, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1473.313538][T22741] Buffer I/O error on dev loop7, logical block 0, async page read [ 1473.321720][T22741] ldm_validate_partition_table(): Disk read failed. [ 1473.371212][T22741] Dev loop7: unable to read RDB block 0 [ 1473.408879][T22729] Buffer I/O error on dev loop7, logical block 32, async page read [ 1473.434758][T22741] loop7: unable to read partition table [ 1473.474473][ T2456] hsr_slave_1: left promiscuous mode [ 1473.541277][T22741] loop7: partition table beyond EOD, truncated [ 1473.579728][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1473.589820][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1473.599859][T22741] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 1473.631801][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1473.639325][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1473.785251][ T2456] veth1_macvtap: left promiscuous mode [ 1473.808205][ T2456] veth0_macvtap: left promiscuous mode [ 1473.829757][ T2456] veth1_vlan: left promiscuous mode [ 1473.849401][ T2456] veth0_vlan: left promiscuous mode [ 1473.914615][T12029] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1473.931624][T12029] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1473.945153][T12029] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1473.968037][T12029] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1473.987609][T12029] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1473.997967][T12029] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1474.839707][T15309] Bluetooth: hci0: command tx timeout [ 1475.347624][T22783] overlayfs: failed to get index nlink (file1/bus, err=-61) [ 1475.914593][ T2456] team0 (unregistering): Port device team_slave_1 removed [ 1476.031453][ T2456] team0 (unregistering): Port device team_slave_0 removed [ 1476.097870][T15309] Bluetooth: hci2: command tx timeout [ 1476.881280][T15309] Bluetooth: hci0: command tx timeout [ 1478.073846][T22757] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6358'. [ 1478.113791][T22757] bridge_slave_1: left allmulticast mode [ 1478.119780][T22757] bridge_slave_1: left promiscuous mode [ 1478.144360][T22757] bridge0: port 2(bridge_slave_1) entered disabled state [ 1478.154297][T15309] Bluetooth: hci2: command tx timeout [ 1478.176257][T22757] bridge_slave_0: left allmulticast mode [ 1478.181973][T22757] bridge_slave_0: left promiscuous mode [ 1478.213976][T22757] bridge0: port 1(bridge_slave_0) entered disabled state [ 1478.949632][T15309] Bluetooth: hci0: command tx timeout [ 1479.286214][T22811] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6379'. [ 1480.140276][T22692] chnl_net:caif_netlink_parms(): no params data found [ 1480.184895][T22761] chnl_net:caif_netlink_parms(): no params data found [ 1480.223277][T15309] Bluetooth: hci2: command tx timeout [ 1480.275793][ T29] audit: type=1804 audit(2000000241.042:1316): pid=22826 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6382" name="/root/syzkaller.9d24Ba/43/cgroup.controllers" dev="sda1" ino=2176 res=1 errno=0 [ 1480.841437][ T2456] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.026514][T22692] bridge0: port 1(bridge_slave_0) entered blocking state [ 1481.046106][T22692] bridge0: port 1(bridge_slave_0) entered disabled state [ 1481.075428][T22692] bridge_slave_0: entered allmulticast mode [ 1481.118186][T22692] bridge_slave_0: entered promiscuous mode [ 1481.134755][T22692] bridge0: port 2(bridge_slave_1) entered blocking state [ 1481.159203][T22692] bridge0: port 2(bridge_slave_1) entered disabled state [ 1481.185654][T22692] bridge_slave_1: entered allmulticast mode [ 1481.208246][T22692] bridge_slave_1: entered promiscuous mode [ 1481.262882][ T2456] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.346758][T22851] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6390'. [ 1481.673364][ T2456] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.735007][T22761] bridge0: port 1(bridge_slave_0) entered blocking state [ 1481.746943][ T29] audit: type=1804 audit(2000000242.531:1317): pid=22859 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6394" name="/root/syzkaller.9d24Ba/50/cgroup.controllers" dev="sda1" ino=2180 res=1 errno=0 [ 1481.749224][T22761] bridge0: port 1(bridge_slave_0) entered disabled state [ 1481.843374][T22761] bridge_slave_0: entered allmulticast mode [ 1481.857655][T22761] bridge_slave_0: entered promiscuous mode [ 1481.881466][T22761] bridge0: port 2(bridge_slave_1) entered blocking state [ 1481.904607][T22761] bridge0: port 2(bridge_slave_1) entered disabled state [ 1481.924485][T22761] bridge_slave_1: entered allmulticast mode [ 1481.945971][T22761] bridge_slave_1: entered promiscuous mode [ 1481.958645][T22692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1482.060920][ T2456] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1482.157414][T22692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1482.291460][T15309] Bluetooth: hci2: command tx timeout [ 1482.414297][T22692] team0: Port device team_slave_0 added [ 1482.461835][T22761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1482.506502][T22692] team0: Port device team_slave_1 added [ 1482.576380][T22761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1482.580852][T22877] xt_ecn: cannot match TCP bits for non-tcp packets [ 1482.655905][T22876] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6402'. [ 1482.766834][T22761] team0: Port device team_slave_0 added [ 1482.778596][T22692] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1482.786551][T22692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1482.838161][T22692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1482.870434][T22692] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1482.887463][T22692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1482.957961][T22692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1482.989447][T22761] team0: Port device team_slave_1 added [ 1483.187724][T22761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1483.194715][T22761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1483.298838][T22761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1483.405783][T22761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1483.412795][T22761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1483.512760][T22761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1483.580715][T22692] hsr_slave_0: entered promiscuous mode [ 1483.598279][T22692] hsr_slave_1: entered promiscuous mode [ 1483.609411][T22692] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1483.617357][T22692] Cannot create hsr debugfs directory [ 1483.671031][ T2456] bridge_slave_1: left allmulticast mode [ 1483.676989][ T2456] bridge_slave_1: left promiscuous mode [ 1483.682847][ T2456] bridge0: port 2(bridge_slave_1) entered disabled state [ 1483.754181][ T2456] bridge_slave_0: left allmulticast mode [ 1483.758991][T22899] xt_ecn: cannot match TCP bits for non-tcp packets [ 1483.760066][ T2456] bridge_slave_0: left promiscuous mode [ 1483.790598][ T2456] bridge0: port 1(bridge_slave_0) entered disabled state [ 1484.363006][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.371462][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.061553][ T2456] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1485.120668][ T2456] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1485.168577][ T2456] bond0 (unregistering): Released all slaves [ 1485.337413][T22900] netlink: 'syz.3.6413': attribute type 7 has an invalid length. [ 1485.402134][T22914] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6420'. [ 1485.516147][T22761] hsr_slave_0: entered promiscuous mode [ 1485.534169][T22761] hsr_slave_1: entered promiscuous mode [ 1485.553599][T22761] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1485.561250][T22761] Cannot create hsr debugfs directory [ 1485.595863][ T29] audit: type=1804 audit(2000000246.401:1318): pid=22918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6423" name="/root/syzkaller.9d24Ba/65/cgroup.controllers" dev="sda1" ino=2180 res=1 errno=0 [ 1485.790724][ T29] audit: type=1400 audit(2000000246.582:1319): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="#!" object="_" requested=w pid=22919 comm="syz.2.6421" daddr=fe80::aa dest=20002 netif=wpan0 [ 1486.497728][ T2456] hsr_slave_0: left promiscuous mode [ 1486.527110][ T2456] hsr_slave_1: left promiscuous mode [ 1486.630445][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1486.650589][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1486.672524][ T2456] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1486.697958][ T2456] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1486.791048][ T2456] veth1_macvtap: left promiscuous mode [ 1486.802467][ T2456] veth0_macvtap: left promiscuous mode [ 1486.813605][ T2456] veth1_vlan: left promiscuous mode [ 1486.822582][ T2456] veth0_vlan: left promiscuous mode [ 1487.364834][T22945] sock: sock_set_timeout: `syz.2.6435' (pid 22945) tries to set negative timeout [ 1487.636949][ T29] audit: type=1326 audit(2000000248.441:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22948 comm="syz.4.6437" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc66975b99 code=0x0 [ 1487.682684][ T29] audit: type=1326 audit(2000000248.481:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22950 comm="syz.2.6438" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a9e575b99 code=0x0 [ 1489.075325][ T2456] team0 (unregistering): Port device team_slave_1 removed [ 1489.296276][ T2456] team0 (unregistering): Port device team_slave_0 removed [ 1491.117261][T22975] sock: sock_set_timeout: `syz.2.6447' (pid 22975) tries to set negative timeout [ 1491.779120][ T29] audit: type=1326 audit(2000000252.611:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22986 comm="syz.3.6452" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8426f75b99 code=0x0 [ 1492.109787][ T2456] IPVS: stop unused estimator thread 0... [ 1492.494417][ T29] audit: type=1326 audit(2000000253.315:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22999 comm="syz.4.6457" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc66975b99 code=0x0 [ 1492.666939][T22692] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1492.686223][T22692] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1492.753046][T22692] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1492.781346][T22692] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1493.223079][T22692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1493.412593][T22692] 8021q: adding VLAN 0 to HW filter on device team0 [ 1493.492977][T14023] bridge0: port 1(bridge_slave_0) entered blocking state [ 1493.500353][T14023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1493.620272][T22761] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1493.745646][T14023] bridge0: port 2(bridge_slave_1) entered blocking state [ 1493.752871][T14023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1493.847237][T22761] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1493.925794][T22761] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1493.981548][T22761] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1494.565633][T22761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1494.716550][T22761] 8021q: adding VLAN 0 to HW filter on device team0 [ 1494.793125][T13984] bridge0: port 1(bridge_slave_0) entered blocking state [ 1494.800433][T13984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1494.875550][T13984] bridge0: port 2(bridge_slave_1) entered blocking state [ 1494.883094][T13984] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1495.337493][T22692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1495.578109][T22692] veth0_vlan: entered promiscuous mode [ 1495.644323][T22692] veth1_vlan: entered promiscuous mode [ 1495.871084][T22692] veth0_macvtap: entered promiscuous mode [ 1495.948145][T22692] veth1_macvtap: entered promiscuous mode [ 1496.008644][T23032] tipc: Started in network mode [ 1496.050432][T23032] tipc: Node identity 002e00000000003a0000400000000001, cluster identity 4711 [ 1496.126717][T23032] tipc: Enabling of bearer rejected, failed to enable media [ 1496.274999][T22761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1496.303634][T23039] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6469'. [ 1496.377287][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.401622][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.424279][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.451596][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.474010][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.511319][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.551030][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.604368][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.629705][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.660523][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.681724][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.729917][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.764236][T22692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1496.869687][ T45] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1496.873077][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1496.916773][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.957861][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1496.968650][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.001388][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1497.025187][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.056750][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1497.083238][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.108563][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1497.132362][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.141034][ T45] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1497.163357][T22692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1497.179109][T22692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.197653][ T45] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1497.229537][T22692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1497.250437][ T45] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1497.273512][T22692] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1497.306207][T22692] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1497.316006][ T45] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1497.327736][T22692] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1497.332558][ T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1497.360483][T22692] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1497.381295][ T45] usb 3-1: config 0 descriptor?? [ 1497.479380][T22761] veth0_vlan: entered promiscuous mode [ 1497.520495][T22761] veth1_vlan: entered promiscuous mode [ 1497.630061][T23062] tipc: Started in network mode [ 1497.635102][T23062] tipc: Node identity 002e00000000003a0000400000000001, cluster identity 4711 [ 1497.705082][T23062] tipc: Enabling of bearer rejected, failed to enable media [ 1497.794631][T23064] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6480'. [ 1497.858107][T22761] veth0_macvtap: entered promiscuous mode [ 1497.889536][ T45] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving [ 1497.941588][ T45] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1497.971513][T22761] veth1_macvtap: entered promiscuous mode [ 1498.046648][ T2456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1498.111603][ T2456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1498.119191][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1498.119221][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.119237][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1498.119256][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.129784][ T29] audit: type=1326 audit(2000000258.980:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23065 comm="syz.4.6481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc66975b99 code=0x0 [ 1498.191396][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1498.202377][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.215344][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1498.229504][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.253281][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1498.283608][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.332305][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1498.383003][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.401955][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1498.431305][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.494781][T22761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1498.573679][T17292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1498.604379][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.622850][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.641626][T14023] usb 3-1: USB disconnect, device number 30 [ 1498.642003][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.658510][T17292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1498.659608][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.756243][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.816476][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.880151][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.916475][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.948635][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.998646][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1499.030722][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1499.074537][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1499.098829][T22761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1499.124562][T22761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1499.137735][T22761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1499.206407][T22761] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.227668][T22761] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.247774][T22761] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.281567][T22761] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.339525][T14023] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 1499.587983][T14023] usb 4-1: Using ep0 maxpacket: 8 [ 1499.596443][T14023] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1499.605181][T14023] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1499.645762][T14023] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1499.700402][T14023] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1499.753476][T14023] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1499.841848][T14023] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1499.877111][T14023] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1499.898506][ T2456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1499.952542][ T2456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1500.174660][T13915] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1500.175499][T14023] usb 4-1: usb_control_msg returned -32 [ 1500.222962][T14023] usbtmc 4-1:16.0: can't read capabilities [ 1500.547641][T13915] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1500.711953][ T2473] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1500.733393][ T2473] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1500.821574][T13915] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1501.008856][T13915] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1501.358337][T13915] bridge_slave_1: left allmulticast mode [ 1501.380419][T13915] bridge_slave_1: left promiscuous mode [ 1501.398688][T13915] bridge0: port 2(bridge_slave_1) entered disabled state [ 1501.466609][T13915] bridge_slave_0: left allmulticast mode [ 1501.493093][T13915] bridge_slave_0: left promiscuous mode [ 1501.509600][T13915] bridge0: port 1(bridge_slave_0) entered disabled state [ 1502.081813][T12029] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1502.114527][T12029] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1502.124095][T11021] usb 4-1: USB disconnect, device number 47 [ 1502.165751][T12029] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1502.174888][T12029] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1502.188542][T12029] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1502.199725][T12029] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1502.942624][T13915] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1502.956533][T13915] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1502.969368][T13915] bond0 (unregistering): Released all slaves [ 1502.998430][T23097] tipc: Enabling of bearer rejected, failed to enable media [ 1503.035037][T23101] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6491'. [ 1503.282805][T14023] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1503.521763][T14023] usb 3-1: Using ep0 maxpacket: 32 [ 1503.710660][T14023] usb 3-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 1503.771993][T14023] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1503.935442][T14023] usb 3-1: config 0 descriptor?? [ 1503.997999][T14023] gspca_main: xirlink-cit-2.14.0 probing 0545:8080 [ 1504.077947][T14023] input: xirlink-cit as /devices/platform/dummy_hcd.2/usb3/3-1/input/input61 [ 1504.270186][T12029] Bluetooth: hci0: command tx timeout [ 1505.588805][T13915] hsr_slave_0: left promiscuous mode [ 1505.619128][T13915] hsr_slave_1: left promiscuous mode [ 1505.635839][T13915] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1505.653307][T13915] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1505.681250][T13915] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1505.694755][T13915] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1506.342707][T12029] Bluetooth: hci0: command tx timeout [ 1506.531037][T13915] veth1_macvtap: left promiscuous mode [ 1506.537122][T13915] veth0_macvtap: left promiscuous mode [ 1506.544552][T13915] veth1_vlan: left promiscuous mode [ 1506.550198][T13915] veth0_vlan: left promiscuous mode [ 1508.422932][T12029] Bluetooth: hci0: command tx timeout [ 1508.671538][T13915] team0 (unregistering): Port device team_slave_1 removed [ 1508.835391][T13915] team0 (unregistering): Port device team_slave_0 removed [ 1510.306859][T23109] vlan0: entered promiscuous mode [ 1510.312467][T23109] syz_tun: entered promiscuous mode [ 1510.397663][T23109] team0: Port device vlan0 added [ 1510.495084][T12029] Bluetooth: hci0: command tx timeout [ 1510.605939][T14023] usb 3-1: USB disconnect, device number 31 [ 1510.945348][T23098] chnl_net:caif_netlink_parms(): no params data found [ 1511.422532][T23098] bridge0: port 1(bridge_slave_0) entered blocking state [ 1511.450156][T23098] bridge0: port 1(bridge_slave_0) entered disabled state [ 1511.509405][T23098] bridge_slave_0: entered allmulticast mode [ 1511.528633][T23098] bridge_slave_0: entered promiscuous mode [ 1511.561777][T23098] bridge0: port 2(bridge_slave_1) entered blocking state [ 1511.587780][T23098] bridge0: port 2(bridge_slave_1) entered disabled state [ 1511.611323][T23098] bridge_slave_1: entered allmulticast mode [ 1511.629297][T23098] bridge_slave_1: entered promiscuous mode [ 1511.766166][T23182] tipc: Enabling of bearer rejected, failed to enable media [ 1511.823326][T23098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1511.887029][T23098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1512.074344][T23098] team0: Port device team_slave_0 added [ 1512.110375][T23098] team0: Port device team_slave_1 added [ 1513.135959][T23098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1513.142974][T23098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1513.310418][T23098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1513.430122][T23098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1513.450170][T23098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1513.538625][T23098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1513.734380][T23208] CUSE: unknown device info "" [ 1513.739408][T23208] CUSE: unknown device info "appraise_type" [ 1513.766580][T23098] hsr_slave_0: entered promiscuous mode [ 1513.795072][T23098] hsr_slave_1: entered promiscuous mode [ 1513.873546][T23208] CUSE: DEVNAME unspecified [ 1514.640442][ T5143] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1514.859923][ T5143] usb 5-1: Using ep0 maxpacket: 8 [ 1514.872716][ T5143] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1514.897578][ T5143] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1514.937543][ T5143] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1514.958514][ T5143] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1515.000685][ T5143] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1515.064200][ T5143] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1515.107699][ T5143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1515.149658][T23233] netlink: 'syz.2.6535': attribute type 4 has an invalid length. [ 1515.405633][ T5143] usb 5-1: usb_control_msg returned -32 [ 1515.429565][ T5143] usbtmc 5-1:16.0: can't read capabilities [ 1515.458974][T23234] netlink: 'syz.2.6535': attribute type 4 has an invalid length. [ 1515.638952][T23098] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1515.693725][T23098] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1515.751843][T23098] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1515.793704][T23098] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1516.081556][T23098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1516.145555][T23246] CUSE: unknown device info "" [ 1516.156618][T23246] CUSE: unknown device info "appraise_type" [ 1516.172707][T23246] CUSE: DEVNAME unspecified [ 1516.224626][T23098] 8021q: adding VLAN 0 to HW filter on device team0 [ 1516.279660][T23077] bridge0: port 1(bridge_slave_0) entered blocking state [ 1516.287082][T23077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1516.316402][T13993] bridge0: port 2(bridge_slave_1) entered blocking state [ 1516.323555][T13993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1516.391906][ T29] audit: type=1326 audit(2000000277.320:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23242 comm="syz.3.6540" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8426f75b99 code=0x0 [ 1517.182678][T23098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1517.409739][T11021] usb 5-1: USB disconnect, device number 68 [ 1517.665003][T23098] veth0_vlan: entered promiscuous mode [ 1517.811426][T23098] veth1_vlan: entered promiscuous mode [ 1518.164918][T23098] veth0_macvtap: entered promiscuous mode [ 1518.260865][T23098] veth1_macvtap: entered promiscuous mode [ 1518.454980][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1518.466438][T23282] CUSE: unknown device info "" [ 1518.481024][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1518.496465][T23282] CUSE: unknown device info "appraise_type" [ 1518.496844][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1518.547421][T23282] CUSE: DEVNAME unspecified [ 1518.568733][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1518.604368][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1518.617439][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1518.642357][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1518.672363][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1518.708813][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1518.755518][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1519.561926][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1519.807705][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1519.839576][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1519.863934][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1519.927064][T23098] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1520.058456][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.070393][ T136] kworker/u8:5 (136) used greatest stack depth: 17680 bytes left [ 1520.156488][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.207407][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.258079][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.295903][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.339029][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.381154][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.418307][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.458882][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.505505][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.539885][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.578984][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.589266][T23098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1520.599950][T23098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1520.624187][T23098] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1520.698916][T23098] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1520.741759][T23098] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1520.771352][T23098] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1520.795314][T23098] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1520.844879][T23308] netlink: 103 bytes leftover after parsing attributes in process `syz.1.6562'. [ 1520.874998][T23307] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 1521.092274][T17292] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1521.124242][T17292] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1521.924660][ T29] audit: type=1800 audit(2000000282.140:1326): pid=23315 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.6566" name="file1" dev="sda1" ino=2167 res=0 errno=0 [ 1522.475537][T17293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1522.487510][T17293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1522.705634][T23327] CUSE: unknown device info "" [ 1522.739360][T23327] CUSE: unknown device info "appraise_type" [ 1522.777706][T23327] CUSE: DEVNAME unspecified [ 1522.791092][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:172.20.20.170]:2. Sending cookies. [ 1523.408881][T17292] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1523.776327][T17292] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1524.041928][T17292] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1524.269266][T17292] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1524.612845][T17292] bridge_slave_1: left allmulticast mode [ 1524.627121][T17292] bridge_slave_1: left promiscuous mode [ 1524.671988][T17292] bridge0: port 2(bridge_slave_1) entered disabled state [ 1524.703964][T17292] bridge_slave_0: left allmulticast mode [ 1524.715030][T17292] bridge_slave_0: left promiscuous mode [ 1524.731919][T17292] bridge0: port 1(bridge_slave_0) entered disabled state [ 1525.075064][T23077] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1525.179796][T23351] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 1525.287208][T23077] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1525.310093][T23077] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1525.363424][T23077] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 1525.399097][T23077] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1525.427228][T23353] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1525.447621][T23077] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1525.463859][T23077] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1525.524403][T23077] usb 3-1: Product: syz [ 1525.534534][T23077] usb 3-1: Manufacturer: syz [ 1525.554779][T23077] usb 3-1: SerialNumber: syz [ 1525.573124][T23077] usb 3-1: config 0 descriptor?? [ 1525.620749][T23077] garmin_gps 3-1:0.0: Garmin GPS usb/tty converter detected [ 1525.637759][T23077] garmin_gps ttyUSB0: failed to submit interrupt urb: -90 [ 1525.654778][T23077] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -90 [ 1525.911248][ T784] usb 3-1: USB disconnect, device number 32 [ 1525.919391][ T784] garmin_gps 3-1:0.0: device disconnected [ 1525.956702][T15309] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1525.983891][T15309] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1525.994022][T15309] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1526.004764][T15309] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1526.026273][T15309] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1526.033838][T15309] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1526.891413][T17292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1526.966897][T17292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1527.015690][T17292] bond0 (unregistering): Released all slaves [ 1527.291892][T23385] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1528.133633][T12029] Bluetooth: hci0: command tx timeout [ 1529.382248][T23399] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 1529.489069][T17292] hsr_slave_0: left promiscuous mode [ 1529.512162][T17292] hsr_slave_1: left promiscuous mode [ 1529.549698][T17292] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1529.566160][T17292] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1529.598016][T17292] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1529.612407][T17292] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1529.716939][T17292] veth1_macvtap: left promiscuous mode [ 1529.727141][T17292] veth0_macvtap: left promiscuous mode [ 1529.741758][T17292] veth1_vlan: left promiscuous mode [ 1529.756163][T17292] veth0_vlan: left promiscuous mode [ 1529.954087][T23418] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1530.212746][T12029] Bluetooth: hci0: command tx timeout [ 1531.453038][T17292] team0 (unregistering): Port device team_slave_1 removed [ 1531.598082][T17292] team0 (unregistering): Port device team_slave_0 removed [ 1532.301762][T12029] Bluetooth: hci0: command tx timeout [ 1533.322787][T23413] pimreg: entered allmulticast mode [ 1533.366135][T23419] pimreg: left allmulticast mode [ 1533.573172][T23362] chnl_net:caif_netlink_parms(): no params data found [ 1534.187281][T23362] bridge0: port 1(bridge_slave_0) entered blocking state [ 1534.232951][T23362] bridge0: port 1(bridge_slave_0) entered disabled state [ 1534.274356][T23362] bridge_slave_0: entered allmulticast mode [ 1534.316545][T23362] bridge_slave_0: entered promiscuous mode [ 1534.357226][T23362] bridge0: port 2(bridge_slave_1) entered blocking state [ 1534.376422][T12029] Bluetooth: hci0: command tx timeout [ 1534.460683][T23362] bridge0: port 2(bridge_slave_1) entered disabled state [ 1534.468039][T23362] bridge_slave_1: entered allmulticast mode [ 1534.582062][T23362] bridge_slave_1: entered promiscuous mode [ 1534.744134][T23362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1534.791435][T23362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1534.879511][T23469] netlink: 'syz.2.6621': attribute type 1 has an invalid length. [ 1534.910698][T17292] bridge_slave_1: left allmulticast mode [ 1534.916620][T17292] bridge_slave_1: left promiscuous mode [ 1534.933398][T17292] bridge0: port 2(bridge_slave_1) entered disabled state [ 1535.005145][T17292] bridge_slave_0: left allmulticast mode [ 1535.018032][T17292] bridge_slave_0: left promiscuous mode [ 1535.035145][T17292] bridge0: port 1(bridge_slave_0) entered disabled state [ 1536.676784][T17292] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1536.716637][T17292] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1536.748070][T17292] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1536.778864][T17292] bond0 (unregistering): Released all slaves [ 1537.284097][T17292] bond1 (unregistering): Released all slaves [ 1537.502307][T15309] Bluetooth: hci5: command 0x0406 tx timeout [ 1537.863952][T17292] bond2 (unregistering): Released all slaves [ 1537.900999][T23470] pimreg: entered allmulticast mode [ 1537.984100][T23479] pimreg: left allmulticast mode [ 1538.192163][T23507] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6633'. [ 1538.265238][T17292] ɶƣ0G0w: left promiscuous mode [ 1538.303133][ T29] audit: type=1326 audit(2000000299.249:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23527 comm="syz.4.6645" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc66975b99 code=0x0 [ 1538.329218][T23362] team0: Port device team_slave_0 added [ 1538.420841][T23362] team0: Port device team_slave_1 added [ 1538.716334][T23362] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1538.738449][T23362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1538.812398][T23362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1538.858773][T23362] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1538.865791][T23362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1538.928419][T23362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1538.986595][T17292] hsr_slave_0: left promiscuous mode [ 1539.000843][T17292] hsr_slave_1: left promiscuous mode [ 1539.018911][T17292] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1539.034527][T17292] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1539.935175][T17292] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1539.967697][T17292] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1540.097991][T17292] veth1_macvtap: left promiscuous mode [ 1540.115046][T17292] veth0_macvtap: left promiscuous mode [ 1540.138535][T17292] veth1_vlan: left promiscuous mode [ 1540.160602][T17292] veth0_vlan: left promiscuous mode [ 1541.404871][ T29] audit: type=1326 audit(2000000302.350:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23576 comm="syz.2.6665" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3a9e575b99 code=0x0 [ 1541.999268][T17292] team0 (unregistering): Port device team_slave_1 removed [ 1542.159802][T17292] team0 (unregistering): Port device team_slave_0 removed [ 1542.641631][T12029] Bluetooth: hci3: command 0x0406 tx timeout [ 1545.130006][T17292] smc: removing net device lo with user defined pnetid SYZ1 [ 1545.169552][T23550] pimreg: entered allmulticast mode [ 1545.195132][T23557] pimreg: left allmulticast mode [ 1545.305925][T23592] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 1545.463808][T23362] hsr_slave_0: entered promiscuous mode [ 1545.502349][T23362] hsr_slave_1: entered promiscuous mode [ 1545.647616][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.655559][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.172494][ T29] audit: type=1326 audit(2000000307.113:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23612 comm="syz.1.6678" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8ef775b99 code=0x0 [ 1546.561852][T23622] pimreg: entered allmulticast mode [ 1546.673493][T23622] pimreg: left allmulticast mode [ 1547.245555][T23636] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 1547.258267][T23636] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 1547.266869][T23636] CPU: 1 PID: 23636 Comm: syz.2.6681 Not tainted 6.10.0-rc6-syzkaller-00048-g73e931504f8e #0 [ 1547.268038][T23362] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1547.277031][T23636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1547.277051][T23636] RIP: 0010:dev_map_enqueue+0x31/0x3e0 [ 1547.277088][T23636] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 f6 a0 d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 d0 0c 3a 00 4c 8b 7d 00 48 83 c5 [ 1547.277108][T23636] RSP: 0018:ffffc900032377d8 EFLAGS: 00010246 [ 1547.277130][T23636] RAX: 0000000000000000 RBX: 0000000000000019 RCX: 0000000000040000 [ 1547.333056][T23636] RDX: ffffc9001681a000 RSI: 00000000000001b4 RDI: 00000000000001b5 [ 1547.341050][T23636] RBP: 0000000000000000 R08: ffffffff8958de29 R09: ffffffff8958dded [ 1547.349127][T23636] R10: 0000000000000004 R11: ffff888021ab8000 R12: ffff888071280000 [ 1547.357294][T23636] R13: ffff88805d918000 R14: dffffc0000000000 R15: ffff8880b953c698 [ 1547.365274][T23636] FS: 00007f3a9dfde6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 1547.374225][T23636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1547.380825][T23636] CR2: 00007f3a9dfddfa8 CR3: 000000007c7e0000 CR4: 00000000003506f0 [ 1547.388808][T23636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1547.396787][T23636] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1547.404776][T23636] Call Trace: [ 1547.408064][T23636] [ 1547.411000][T23636] ? __die_body+0x88/0xe0 [ 1547.415362][T23636] ? die_addr+0x108/0x140 [ 1547.419712][T23636] ? exc_general_protection+0x3dd/0x5d0 [ 1547.425278][T23636] ? asm_exc_general_protection+0x26/0x30 [ 1547.431104][T23636] ? xdp_do_redirect+0x5ad/0xb50 [ 1547.436062][T23636] ? xdp_do_redirect+0x5e9/0xb50 [ 1547.441047][T23636] ? dev_map_enqueue+0x31/0x3e0 [ 1547.445911][T23636] ? dev_map_enqueue+0x2a/0x3e0 [ 1547.450776][T23636] xdp_do_redirect+0x60a/0xb50 [ 1547.455562][T23636] tun_xdp_act+0xe9/0xb70 [ 1547.459912][T23636] ? tun_get_user+0x84c/0x4560 [ 1547.464690][T23636] ? __pfx___cant_migrate+0x10/0x10 [ 1547.469918][T23636] ? __pfx_tun_xdp_act+0x10/0x10 [ 1547.474881][T23636] tun_get_user+0x3467/0x4560 [ 1547.479606][T23636] ? tun_get_user+0x84c/0x4560 [ 1547.484398][T23636] ? __pfx_tun_get_user+0x10/0x10 [ 1547.489526][T23636] ? tun_get+0x1e/0x2f0 [ 1547.493700][T23636] ? tun_get+0x1e/0x2f0 [ 1547.497864][T23636] ? tun_get+0x27d/0x2f0 [ 1547.502123][T23636] tun_chr_write_iter+0x113/0x1f0 [ 1547.507166][T23636] vfs_write+0xa72/0xc90 [ 1547.511427][T23636] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1547.516986][T23636] ? __pfx_vfs_write+0x10/0x10 [ 1547.521782][T23636] ksys_write+0x1a0/0x2c0 [ 1547.526148][T23636] ? __pfx_ksys_write+0x10/0x10 [ 1547.531016][T23636] ? exc_page_fault+0x590/0x8c0 [ 1547.535882][T23636] ? do_syscall_64+0xb6/0x230 [ 1547.540575][T23636] do_syscall_64+0xf3/0x230 [ 1547.545104][T23636] ? clear_bhb_loop+0x35/0x90 [ 1547.549803][T23636] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1547.555722][T23636] RIP: 0033:0x7f3a9e57471f [ 1547.560145][T23636] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 1547.579761][T23636] RSP: 002b:00007f3a9dfde010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1547.588186][T23636] RAX: ffffffffffffffda RBX: 00007f3a9e704078 RCX: 00007f3a9e57471f [ 1547.596169][T23636] RDX: 000000000000000e RSI: 0000000020001540 RDI: 00000000000000c8 [ 1547.604148][T23636] RBP: 00007f3a9e5f677e R08: 0000000000000000 R09: 0000000000000000 [ 1547.612122][T23636] R10: 000000000000000e R11: 0000000000000293 R12: 0000000000000000 [ 1547.620187][T23636] R13: 000000000000006e R14: 00007f3a9e704078 R15: 00007ffe71774568 [ 1547.628175][T23636] [ 1547.631197][T23636] Modules linked in: [ 1547.635278][T23636] ---[ end trace 0000000000000000 ]--- [ 1547.640771][T23636] RIP: 0010:dev_map_enqueue+0x31/0x3e0 [ 1547.646318][T23636] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 f6 a0 d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 d0 0c 3a 00 4c 8b 7d 00 48 83 c5 [ 1547.665994][T23636] RSP: 0018:ffffc900032377d8 EFLAGS: 00010246 [ 1547.672098][T23636] RAX: 0000000000000000 RBX: 0000000000000019 RCX: 0000000000040000 [ 1547.680133][T23636] RDX: ffffc9001681a000 RSI: 00000000000001b4 RDI: 00000000000001b5 [ 1547.688186][T23636] RBP: 0000000000000000 R08: ffffffff8958de29 R09: ffffffff8958dded [ 1547.696257][T23636] R10: 0000000000000004 R11: ffff888021ab8000 R12: ffff888071280000 [ 1547.704311][T23636] R13: ffff88805d918000 R14: dffffc0000000000 R15: ffff8880b953c698 [ 1547.712355][T23636] FS: 00007f3a9dfde6c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 1547.721371][T23636] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1547.728014][T23636] CR2: 00007f3a9dfddfa8 CR3: 000000007c7e0000 CR4: 00000000003506f0 [ 1547.736047][T23636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1547.744160][T23636] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1547.752173][T23636] Kernel panic - not syncing: Fatal exception in interrupt [ 1547.759677][T23636] Kernel Offset: disabled [ 1547.764028][T23636] Rebooting in 86400 seconds..