last executing test programs: 27.831792074s ago: executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_QUERYCTRL(r0, 0x4020565a, &(0x7f0000000200)={0x0, 0x0, "fff01fa1c2c0c1fabf07ca81cc7fdc3d19a834b54191704aa0faaee5008000"}) 27.420129771s ago: executing program 0: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b40)=@delchain={0x2d0, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x288, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x6c, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x200, 0x6, [@m_ctinfo={0x38, 0x0, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0xbc, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x8}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @broadcast}}]}, {0x41, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a843bc4e0304e79be1f16cfa199b042be92c52b0490cb3ccc8a115bd7fba1ddd4a3"}, {0xc}, {0xc}}}, @m_skbmod={0xd8, 0x1a, 0x0, 0x0, {{0xb}, {0x68, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xe000}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}]}, {0x48, 0x6, "becc722ec1f85adf3045b58244e20c20326c020601d1cb8898361bc7a92863c89c609015a872f67e8e8542f04b01d7c0e9a127fde345a20800267504d8ebaeed2228c389"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ctinfo={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}]}, 0x2d0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$igmp6(0xa, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2000c080) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x4c}}, 0x0) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x7db2, 0x4) sendmmsg$inet6(r1, &(0x7f00000000c0), 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x0, 0x2000, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r4 = io_uring_setup(0xc8e, &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES2(r4, 0xd, &(0x7f0000000380)={0x60, 0x1, 0x0, 0x0, 0x0}, 0x20) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000380)={0x30, 0x5, 0x0, {0x0, 0x1, 0x0, 0xfffdfffc}}, 0x30) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_NOTIFY_INVAL_INODE(r3, &(0x7f00000000c0)={0x28}, 0x28) write$FUSE_OPEN(r3, &(0x7f00000002c0)={0x20, 0x0, r5}, 0x20) 17.735778685s ago: executing program 3: r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x43}, 0x10) sendmsg$tipc(r0, &(0x7f00000000c0)={&(0x7f0000000040)=@id={0x1e, 0x3, 0x0, {0x4e23}}, 0x10, 0x0}, 0x0) 17.631736992s ago: executing program 3: add_key(&(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="760aa96ac083772e9633bed9f100a62e335636f52f26b7ef7801fbb73bb7c94dfdfca66c9e3d52764600c8e77f78413322", 0x31, 0xfffffffffffffffb) 17.521842979s ago: executing program 3: socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x803, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='mounts\x00') r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) creat(&(0x7f0000000d00)='./file0\x00', 0x0) pselect6(0x40, &(0x7f0000000380), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) 16.581455407s ago: executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IRQFD(r1, 0xc00caee0, &(0x7f0000000040)) 16.174361605s ago: executing program 3: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x6, 0x5, 0x0, 0x74efdfe049b861ab) 15.835379258s ago: executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x0) 6.005000651s ago: executing program 0: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b40)=@delchain={0x2d0, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x288, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x6c, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x200, 0x6, [@m_ctinfo={0x38, 0x0, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0xbc, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x8}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @broadcast}}]}, {0x41, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a843bc4e0304e79be1f16cfa199b042be92c52b0490cb3ccc8a115bd7fba1ddd4a3"}, {0xc}, {0xc}}}, @m_skbmod={0xd8, 0x1a, 0x0, 0x0, {{0xb}, {0x68, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xe000}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}]}, {0x48, 0x6, "becc722ec1f85adf3045b58244e20c20326c020601d1cb8898361bc7a92863c89c609015a872f67e8e8542f04b01d7c0e9a127fde345a20800267504d8ebaeed2228c389"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ctinfo={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}]}, 0x2d0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$igmp6(0xa, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2000c080) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x4c}}, 0x0) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x7db2, 0x4) sendmmsg$inet6(r1, &(0x7f00000000c0), 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x0, 0x2000, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r4 = io_uring_setup(0xc8e, &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES2(r4, 0xd, &(0x7f0000000380)={0x60, 0x1, 0x0, 0x0, 0x0}, 0x20) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000380)={0x30, 0x5, 0x0, {0x0, 0x1, 0x0, 0xfffdfffc}}, 0x30) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_NOTIFY_INVAL_INODE(r3, &(0x7f00000000c0)={0x28}, 0x28) write$FUSE_OPEN(r3, &(0x7f00000002c0)={0x20, 0x0, r5}, 0x20) 5.005464977s ago: executing program 0: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x9) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002e40)=[@ip_retopts={{0x10}}, @ip_ttl={{0x14}}], 0x28}}], 0x1, 0x0) 4.552600434s ago: executing program 0: sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)='=', 0x1}], 0x1, 0x0) recvmmsg(r3, &(0x7f0000001440)=[{{&(0x7f0000000280)=@un=@abs, 0x0, &(0x7f0000001400)=[{&(0x7f0000001480)=""/1}, {&(0x7f0000000300)=""/102}, {&(0x7f0000000380)=""/4096}, {&(0x7f0000001380)=""/111}], 0x0, 0x0, 0xfea9}}], 0x700, 0x40002002, 0x0) write$binfmt_misc(r2, &(0x7f0000000040)=ANY=[], 0xffc1) setsockopt$sock_int(r3, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 4.265023672s ago: executing program 1: r0 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xe3d08660d3cdcf84}) io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0) 4.074571718s ago: executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001380)={r1, 0x0, 0x0}, 0x20) 3.998200424s ago: executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = io_uring_setup(0x6503, &(0x7f0000001300)={0x0, 0x0, 0x1046}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r1, 0xb, &(0x7f0000000000)=[@ioring_restriction_register_op={0x0, 0x4}], 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x82, &(0x7f0000000200)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x18, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xb}, @exp_fastopen={0xfe, 0x10, 0xf989, "6080356e793ca9d55b8ef24e"}, @window={0x3, 0x3}, @generic={0x0, 0xe, "04f6fea52eb715ea7022d662"}, @sack={0x5, 0x1a, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @exp_fastopen={0xfe, 0x4}]}}}}}}}, 0x0) 3.92167129s ago: executing program 1: r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e28}, {&(0x7f00000000c0)=""/250, 0x468}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)={0x14, r0, 0xfaac4106a1b87a7, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) 3.710414309s ago: executing program 4: mremap(&(0x7f00007fd000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f00008d7000/0x2000)=nil) 3.566182994s ago: executing program 4: unshare(0x2c020400) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0) syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540)) syz_open_procfs$userns(0x0, 0x0) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r1 = io_uring_setup(0x168e, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 3.398595331s ago: executing program 1: syz_open_dev$vbi(0x0, 0x1, 0x2) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x0, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "1c8e1f48"}, 0x0, 0x2}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000580)=ANY=[], 0x14}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fdc000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000640)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.243681753s ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224"], 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 3.013952509s ago: executing program 1: prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) ioprio_get$pid(0x2, 0x0) socket$kcm(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, 0x0, 0x2}, 0x18) sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0xfffffffffffffca9, &(0x7f00000001c0)=[{&(0x7f0000000100)='9', 0x1}, {0x0, 0x1}], 0x2}, 0x4040080) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r4 = socket(0x0, 0x80002, 0x0) sendmsg$nl_route(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a37", @ANYRES32=r3, @ANYBLOB="00000000100000001c001a80080002"], 0x44}}, 0x0) sendmsg$OSF_MSG_REMOVE(r4, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="100700000105010300000000000000000000000a540201000300000000000080080301000700250073797a3100000000000000000000000000000000000000000000000000000000014ed0b1ffd2aa3872820797f4e4ee541d93462f88ea9c3c81e8be2c44e4dedf225baf3a206b7510cc90ffb240bc883c44c31a63a3d81c662da75160593f4e7b020001010100000000010000080006000000000000000000ff03080002000000000001000104010000000000ee020000a900080001000000080000000800a40a03000000070000000800d4000100000007000000000101000300000019b9000004001f0003000000050000000104060003000000010000000002010100000000ff070000070003000000000001800000070040000300000002000000001000000100000002000000030004000100000000010000ff0f0800000000003f0000000104050001000000001000000400ff07000000004800000008007f0000000000010400000300010003000000070000000004030001000000f6090000b3060002000000000600000049070900030000000500000002004000030000007f000000ff00070001000000050000fbde00010003000000020000000080a6080000000000040000ff7f070006000000000200000100810003000000fdffffff0500090003000000040000000104080000000000fb000000040004000100000000020000000006000300000003000000070006000200000000080000ffff0004000000000900000097b907000000000005000000020049d10100000001040000000001000300000004000000080000000000000004000000e0ff0100030000003c0000005402010003000000ff0f000009ff1607ff07250073797a31000000000000000000000000000000000000000000000000000000003f66118d3fb77f02ab3126df775b522e1df90a0b2c89ea82dd55b96bfce483107a6eeb92679b0f57ced41deacfe9d1043eb21c185edb1069abe0b51e0350693600024b0002000000ff03000001010100030000000200000009000200963e1de5080000000800000000000000020000003d75080001000000040000006c8105000200000007000000030005000200000002000000ff07410001000000040000003f0000800300000001000100810080000200000009000000ff013b0000000000010000000000ff0300000000ff070000890b060002000000030000000100000402000000090000004de1010100000000fdffffff0300ff03020000000000000009000000000000000600000000fc00000000000035040000090004000000000009000000ff00ffff00000000ff01000000f80500020000000300000006000700010000008000000081ff3e4700000000010000000500204e0100000040000000000004000000000005000000080000080100000009000000070020000000000002000000ff0309000000000004000000f8ff80000200000006000000ff00fbff030000000300000001000300010000007ef10000080081ff00000000ffffff7f020007000300000004000000080005000200000002000000020001800000000000f0ffff05000000010000000800000005007f0001000000060000000200000102000000f4000000000040000300000001000000faff030000000000001000005402010002000000070000000680000805000e0073797a31000000000000000000000000000000000000000000000000000000004a2dea7f865dd27af8793fd69802a6f30b5e81ebb1095ffd49141195d0277e13c3a45718c4cb092736cf77c4c0ae69ee60cf3ed7fa6ae0dd3108d12a835f591108000080020000003dd70000f10a400503000000f1070000ff01020003000000000800000101a7b800000000ff0000000000070002000000480100000300010001000000160000000000952b0000000000f8ffff010107000500000002000000feff1f000000000003000000f50f43d50000000006000000b000ff01030000007f0000000a00665b000000007050e4da050000ff020000000700000001800088000000000900000009fbff00030000000300000001feffff010000002b04000058e5010003000000000000000008040002000000ffffff7ffbff00000000000003000000200025510100000025f9e1270900030001000000020000000200ff01020000000500000006000300010000000500000007005223000000000500000080000700020000000500000001040300030000000200000003007f0001000000ff7f000075f003000000000059821c22806f050001000000040000000004090001000000008000000000050002000000000000000400bc0900000000070f0000340003000200000008000000ff7f09000000000000000000080015c403000000000800000800000100000000000000009e4f05000200000055000000ff00c1ff010000000300000000000500020000003f040000050006000000000001000000eb1f2c0a6c02c569bdfb6bc834d63e2f1fd79654f5a7367fa01abe496c3f873aa7815ef0f97313b3417511be"], 0x710}, 0x1, 0x0, 0x0, 0x1}, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r5 = io_uring_setup(0x79e, &(0x7f0000000300)) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3}) syz_io_uring_setup(0x0, &(0x7f0000000280), &(0x7f0000c57000), 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$UFFDIO_ZEROPAGE(r6, 0x8010aa02, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}}) io_uring_register$IORING_REGISTER_PROBE(r5, 0x8, &(0x7f00000000c0)={0x0, 0x0, 0x0, '\x00', [{}, {}]}, 0x2) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) 2.58804321s ago: executing program 2: r0 = syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xe3d08660d3cdcf84}) io_uring_enter(r0, 0x92, 0x0, 0x0, 0x0, 0x0) 2.423076046s ago: executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x48, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0x0]}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6}]]}, 0x48}}, 0x0) 1.544024556s ago: executing program 4: socket(0xa, 0x0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xcbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000080603000000000000000000020000000500010007"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x14, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) socket(0x0, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvfrom(r0, 0x0, 0x500, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f00000000c0)=@int=0x3, 0x4) 1.290988322s ago: executing program 1: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902"], 0x0) syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000040)=ANY=[@ANYBLOB="02010000020000402505a1a4ff00000003010976f3b7a1dceca8d809040000000206000006240600005005240000000d240f0100000000000000000008241c00000002"], 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x903d01) r1 = syz_open_dev$evdev(&(0x7f0000000800), 0x0, 0x0) ioctl$EVIOCGMASK(r1, 0x5452, &(0x7f0000000100)={0x3, 0x0, 0x0}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2778) 1.259135093s ago: executing program 2: openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$sysctl(0xffffffffffffffff, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x3a}, 0x1c) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) syz_emit_ethernet(0x7a, &(0x7f00000000c0)={@link_local, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "02000b", 0x44, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558}}}}}}}, 0x0) 1.25867164s ago: executing program 4: syz_io_uring_setup(0x7a01, &(0x7f00000000c0), 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000500)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 1.140724463s ago: executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x2) connect$rxrpc(r0, &(0x7f0000000240)=@in4={0x21, 0x0, 0x2, 0x2, {0x10, 0x0, @broadcast}}, 0x24) 1.012729279s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000020240), 0x10010) r1 = socket(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1d, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000003c00)=0x90) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0) 583.830104ms ago: executing program 4: sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b40)=@delchain={0x2d0, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0x288, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x6c, 0x5, [@TCA_POLICE_RATE64={0xc}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_PEAKRATE64={0xc}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0x200, 0x6, [@m_ctinfo={0x38, 0x0, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_CTINFO_ZONE={0x6}]}, {0x4}, {0xc}, {0xc}}}, @m_nat={0xbc, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x8}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @broadcast}}]}, {0x41, 0x6, "ef93daeef78df7f9a037a0d7a2f92a1cc341deabba437fc636cbf66a843bc4e0304e79be1f16cfa199b042be92c52b0490cb3ccc8a115bd7fba1ddd4a3"}, {0xc}, {0xc}}}, @m_skbmod={0xd8, 0x1a, 0x0, 0x0, {{0xb}, {0x68, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0xe000}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}]}, {0x48, 0x6, "becc722ec1f85adf3045b58244e20c20326c020601d1cb8898361bc7a92863c89c609015a872f67e8e8542f04b01d7c0e9a127fde345a20800267504d8ebaeed2228c389"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ctinfo={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x0, 0x1}}]}, 0x2d0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$igmp6(0xa, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x2000c080) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x4c}}, 0x0) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x7db2, 0x4) sendmmsg$inet6(r1, &(0x7f00000000c0), 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40), 0x0, 0x2000, 0x0) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r4 = io_uring_setup(0xc8e, &(0x7f0000000040)) io_uring_register$IORING_REGISTER_FILES2(r4, 0xd, &(0x7f0000000380)={0x60, 0x1, 0x0, 0x0, 0x0}, 0x20) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000380)={0x30, 0x5, 0x0, {0x0, 0x1, 0x0, 0xfffdfffc}}, 0x30) read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_NOTIFY_INVAL_INODE(r3, &(0x7f00000000c0)={0x28}, 0x28) write$FUSE_OPEN(r3, &(0x7f00000002c0)={0x20, 0x0, r5}, 0x20) 0s ago: executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000760009eeffffffffffffff0400000000", @ANYRES32=0x0, @ANYBLOB="04000d80080005"], 0x24}, 0x1, 0x5502000000000000}, 0x0) kernel console output (not intermixed with test programs): atman_adv: batadv0: Removing interface: batadv_slave_0 [ 1263.167729][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1263.186757][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1263.275884][ T35] veth1_macvtap: left promiscuous mode [ 1263.290989][ T35] veth0_macvtap: left promiscuous mode [ 1263.306977][ T35] veth1_vlan: left promiscuous mode [ 1263.319138][ T35] veth0_vlan: left promiscuous mode [ 1263.832658][ T5169] usb 5-1: USB disconnect, device number 89 [ 1263.929168][ T5113] Bluetooth: hci1: command tx timeout [ 1263.982464][T30381] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 1264.073129][ T5179] usb 2-1: USB disconnect, device number 66 [ 1264.483963][ T35] team0 (unregistering): Port device team_slave_1 removed [ 1264.537749][ T35] team0 (unregistering): Port device team_slave_0 removed [ 1264.565974][ T57] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 1264.767670][ T57] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1264.779876][ T57] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=80.99 [ 1264.796237][ T57] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1264.812246][ T57] usb 1-1: Product: syz [ 1264.816655][ T57] usb 1-1: Manufacturer: syz [ 1264.821280][ T57] usb 1-1: SerialNumber: syz [ 1264.831148][ T57] usb 1-1: config 0 descriptor?? [ 1265.076636][ T57] usb 1-1: USB disconnect, device number 66 [ 1265.416492][T30337] chnl_net:caif_netlink_parms(): no params data found [ 1265.572306][ T29] audit: type=1326 audit(1719009210.344:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.649391][ T29] audit: type=1326 audit(1719009210.344:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.672282][ C1] vkms_vblank_simulate: vblank timer overrun [ 1265.711065][ T29] audit: type=1326 audit(1719009210.394:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.748304][ T29] audit: type=1326 audit(1719009210.394:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.771173][ C1] vkms_vblank_simulate: vblank timer overrun [ 1265.777804][ T29] audit: type=1326 audit(1719009210.394:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.851546][ T29] audit: type=1326 audit(1719009210.394:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.906832][ T29] audit: type=1326 audit(1719009210.414:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.957868][ T29] audit: type=1326 audit(1719009210.414:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1265.980886][ T29] audit: type=1326 audit(1719009210.414:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1266.005069][ T29] audit: type=1326 audit(1719009210.414:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30414 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x7ffc0000 [ 1266.028448][ T5113] Bluetooth: hci1: command tx timeout [ 1266.130032][T30337] bridge0: port 1(bridge_slave_0) entered blocking state [ 1266.160139][T30337] bridge0: port 1(bridge_slave_0) entered disabled state [ 1266.190935][T30337] bridge_slave_0: entered allmulticast mode [ 1266.225183][T30337] bridge_slave_0: entered promiscuous mode [ 1266.268338][T30337] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.296096][T30337] bridge0: port 2(bridge_slave_1) entered disabled state [ 1266.320812][T30337] bridge_slave_1: entered allmulticast mode [ 1266.342938][T30337] bridge_slave_1: entered promiscuous mode [ 1266.487790][T30337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1266.493222][T14445] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1266.533713][T30337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1266.725803][T14445] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1266.760422][T14445] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1266.783046][T30337] team0: Port device team_slave_0 added [ 1266.807492][T14445] usb 2-1: config 0 descriptor?? [ 1266.829549][T30337] team0: Port device team_slave_1 added [ 1266.983894][T30337] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1267.021944][T30337] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1267.062519][T30337] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1267.093140][T30337] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1267.110907][T30337] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1267.153388][T30337] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1267.183944][T30479] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 1267.192778][T30479] netlink: 152 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1267.206039][T30479] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1267.302196][T14445] [drm:udl_init] *ERROR* Selecting channel failed [ 1267.344710][T30337] hsr_slave_0: entered promiscuous mode [ 1267.350565][ T25] usb 5-1: new low-speed USB device number 90 using dummy_hcd [ 1267.385447][T30337] hsr_slave_1: entered promiscuous mode [ 1267.391987][T14445] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 1267.405423][T30337] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1267.413158][T30337] Cannot create hsr debugfs directory [ 1267.418730][T14445] [drm] Initialized udl on minor 2 [ 1267.429623][T14445] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1267.434281][T30483] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1267.448983][T14445] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1267.460332][T14445] usb 2-1: USB disconnect, device number 67 [ 1267.468862][ T5179] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 1267.484781][ T5179] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1267.545426][ T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 1267.575719][ T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B is Bulk; changing to Interrupt [ 1267.606866][ T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1267.620235][ T25] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1267.636764][ T25] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1267.653393][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1267.706037][ T25] usbtmc 5-1:16.0: bulk endpoints not found [ 1267.960471][ T5166] usb 5-1: USB disconnect, device number 90 [ 1268.085710][ T5113] Bluetooth: hci1: command tx timeout [ 1268.118218][T30514] futex_wake_op: syz-executor.1 tries to shift op by -1; fix this program [ 1268.893894][T30541] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 1269.018965][T30337] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1269.071141][T30337] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1269.116080][T30337] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1269.156089][T30337] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1269.572605][T30337] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1269.652430][T30337] 8021q: adding VLAN 0 to HW filter on device team0 [ 1269.667777][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state [ 1269.675022][ T5166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1269.725680][ T5169] bridge0: port 2(bridge_slave_1) entered blocking state [ 1269.732859][ T5169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1269.777013][ T25] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1269.920434][T30337] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1269.987667][ T25] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1270.008840][ T25] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1270.055234][ T25] usb 2-1: config 1 has no interface number 1 [ 1270.056799][T30337] veth0_vlan: entered promiscuous mode [ 1270.065090][ T25] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 1270.100937][ T25] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1270.124150][ T25] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1270.140313][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1270.155252][T30337] veth1_vlan: entered promiscuous mode [ 1270.169824][ T5113] Bluetooth: hci1: command tx timeout [ 1270.185398][ T25] usb 2-1: Product: syz [ 1270.190087][ T25] usb 2-1: Manufacturer: syz [ 1270.200185][ T25] usb 2-1: SerialNumber: syz [ 1270.307744][T30337] veth0_macvtap: entered promiscuous mode [ 1270.367390][T30603] sctp: [Deprecated]: syz-executor.3 (pid 30603) Use of int in max_burst socket option deprecated. [ 1270.367390][T30603] Use struct sctp_assoc_value instead [ 1270.386556][T30337] veth1_macvtap: entered promiscuous mode [ 1270.459035][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.484897][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.516983][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.542987][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.567198][ T25] usb 2-1: USB disconnect, device number 68 [ 1270.605522][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.658168][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.690333][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.712010][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.733060][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.762891][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.814799][T30337] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1270.890259][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1270.901352][T26825] udevd[26825]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1270.936366][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.976986][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1271.016775][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.051793][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1271.088067][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.123373][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1271.154863][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.181232][T30337] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1271.246769][T30337] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.283442][T30337] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1271.344214][T30337] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.425612][T30337] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.465499][T30337] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.500779][T30337] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1271.630712][T30649] netlink: 'syz-executor.3': attribute type 15 has an invalid length. [ 1271.670184][T30649] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1271.927337][ T3701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1271.935154][ T3701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1272.048586][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1272.083027][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1272.215853][T30669] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1272.258785][T30669] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 1272.352180][T30681] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1272.368896][T30681] gretap0: entered promiscuous mode [ 1272.394390][T30685] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1272.482445][T30681] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1272.505846][T30681] 0ªX¹¦D: renamed from gretap0 [ 1272.516522][ T5169] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 1272.529436][T30681] 0ªX¹¦D: left promiscuous mode [ 1272.563323][T30681] 0ªX¹¦D: entered allmulticast mode [ 1272.596434][T30681] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 1272.625485][ T29] kauditd_printk_skb: 78 callbacks suppressed [ 1272.625504][ T29] audit: type=1326 audit(1719009217.404:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30680 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed8d87d0a9 code=0x0 [ 1272.731305][ T5169] usb 1-1: Using ep0 maxpacket: 16 [ 1272.764761][ T5169] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 1272.807239][ T5169] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1272.844693][ T5169] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1272.884240][ T5169] usb 1-1: config 0 descriptor?? [ 1273.054457][T30702] netlink: 'syz-executor.4': attribute type 15 has an invalid length. [ 1273.090292][T30702] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1273.317390][T30673] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1273.348248][T30673] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1273.394740][ T5169] hid (null): report_id 2838798905 is invalid [ 1273.424963][ T5169] hid (null): unknown global tag 0xc [ 1273.454482][ T5169] hid (null): unknown global tag 0xc [ 1273.491650][ T5169] hid-generic 0003:0158:0100.003E: unknown main item tag 0x1 [ 1273.509913][ T5169] hid-generic 0003:0158:0100.003E: unexpected long global item [ 1273.610117][ T5169] hid-generic 0003:0158:0100.003E: probe with driver hid-generic failed with error -22 [ 1273.626137][T14447] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1273.669854][ T5169] usb 1-1: USB disconnect, device number 67 [ 1273.848390][T14447] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1273.868864][T14447] usb 5-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=80.99 [ 1273.878571][T14447] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1273.897296][T30728] netlink: 'syz-executor.3': attribute type 16 has an invalid length. [ 1273.911375][T14447] usb 5-1: Product: syz [ 1273.928923][T14447] usb 5-1: Manufacturer: syz [ 1273.933565][T14447] usb 5-1: SerialNumber: syz [ 1273.944594][T30728] netlink: 'syz-executor.3': attribute type 16 has an invalid length. [ 1273.969687][T14447] usb 5-1: config 0 descriptor?? [ 1274.255008][T14447] usb 5-1: USB disconnect, device number 91 [ 1274.351704][T14445] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 1274.555508][T14445] usb 3-1: Using ep0 maxpacket: 32 [ 1274.573876][T14445] usb 3-1: New USB device found, idVendor=0458, idProduct=7007, bcdDevice=69.91 [ 1274.603571][T14445] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1274.656017][T14445] usb 3-1: config 0 descriptor?? [ 1274.673776][T14445] gspca_main: gspca_zc3xx-2.14.0 probing 0458:7007 [ 1274.711620][T30757] geneve3: entered promiscuous mode [ 1274.729701][T30757] geneve3: entered allmulticast mode [ 1275.215640][T14445] gspca_zc3xx: reg_w_i err -110 [ 1275.226678][T30776] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1275.335542][ T5179] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 1275.375081][T30778] netlink: 'syz-executor.4': attribute type 8 has an invalid length. [ 1275.535482][ T5179] usb 1-1: Using ep0 maxpacket: 8 [ 1275.560577][ T5179] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x93 has an invalid bInterval 0, changing to 7 [ 1275.593059][ T5179] usb 1-1: New USB device found, idVendor=05ac, idProduct=9219, bcdDevice=61.da [ 1275.608368][ T5179] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1275.630176][ T5179] usb 1-1: Manufacturer: syz [ 1275.643840][ T5179] usb 1-1: config 0 descriptor?? [ 1275.836251][T14445] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 1275.884034][T14445] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -110 [ 1275.903845][ T5179] appledisplay 1-1:0.0: Error while getting initial brightness: -71 [ 1275.988396][T14445] usb 3-1: USB disconnect, device number 55 [ 1276.007259][ T5179] appledisplay 1-1:0.0: probe with driver appledisplay failed with error -71 [ 1276.041081][ T5179] usb 1-1: USB disconnect, device number 68 [ 1276.156730][T30802] sctp: [Deprecated]: syz-executor.4 (pid 30802) Use of int in max_burst socket option deprecated. [ 1276.156730][T30802] Use struct sctp_assoc_value instead [ 1276.577069][T30819] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1276.758703][T30822] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1276.812468][ T29] audit: type=1326 audit(1719009221.584:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30810 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x0 [ 1276.873112][T30831] geneve1: entered promiscuous mode [ 1277.030753][ T29] audit: type=1326 audit(1719009221.814:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30830 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe1967d0a9 code=0x0 [ 1277.211698][T30842] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1277.298642][T30842] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 1277.318393][T30842] netlink: 211132 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1277.344511][ T29] audit: type=1326 audit(1719009222.104:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.410895][ T29] audit: type=1326 audit(1719009222.104:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.473053][ T29] audit: type=1326 audit(1719009222.104:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.522899][ T29] audit: type=1326 audit(1719009222.104:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.572729][ T29] audit: type=1326 audit(1719009222.104:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.669359][ T29] audit: type=1326 audit(1719009222.104:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.700284][ T29] audit: type=1326 audit(1719009222.104:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.723154][ C1] vkms_vblank_simulate: vblank timer overrun [ 1277.730182][T30830] geneve1: left promiscuous mode [ 1277.811658][ T29] audit: type=1326 audit(1719009222.104:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.849425][ T29] audit: type=1326 audit(1719009222.104:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.872363][ C1] vkms_vblank_simulate: vblank timer overrun [ 1277.890052][ T29] audit: type=1326 audit(1719009222.104:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1277.946881][T30855] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1277.956542][ T29] audit: type=1326 audit(1719009222.104:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1278.005428][ T29] audit: type=1326 audit(1719009222.104:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1278.054332][ T29] audit: type=1326 audit(1719009222.104:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1278.105395][ T29] audit: type=1326 audit(1719009222.104:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1278.155911][T14445] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 1278.168086][ T29] audit: type=1326 audit(1719009222.104:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30843 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc6467d0a9 code=0x7ffc0000 [ 1278.233138][T30863] team0: Caught tx_queue_len zero misconfig [ 1278.354008][T14445] usb 1-1: config 0 has an invalid interface number: 100 but max is 1 [ 1278.382947][T14445] usb 1-1: config 0 has no interface number 1 [ 1278.395749][T14445] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1278.415417][T14445] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1278.428839][T14445] usb 1-1: New USB device found, idVendor=1b3d, idProduct=01ea, bcdDevice= c.8c [ 1278.438241][T14445] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1278.451857][T14445] usb 1-1: Product: syz [ 1278.460562][T14445] usb 1-1: Manufacturer: syz [ 1278.475418][T14445] usb 1-1: SerialNumber: syz [ 1278.484783][ T3701] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1278.509287][T14445] usb 1-1: config 0 descriptor?? [ 1278.526134][T14445] ftdi_sio 1-1:0.100: FTDI USB Serial Device converter detected [ 1278.545886][T14445] ftdi_sio ttyUSB0: unknown device type: 0xc8c [ 1278.574599][T14445] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1278.598720][T14445] ftdi_sio ttyUSB1: unknown device type: 0xc8c [ 1278.661292][T30872] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 1278.701967][ T3701] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1278.838846][ T3701] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1278.915122][ T5179] usb 1-1: USB disconnect, device number 69 [ 1278.931020][ T5179] ftdi_sio 1-1:0.100: device disconnected [ 1278.940852][T30858] dccp_close: ABORT with 32 bytes unread [ 1278.947341][T14445] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1278.966899][ T5179] ftdi_sio 1-1:0.0: device disconnected [ 1279.033961][ T3701] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1279.156457][T14445] usb 5-1: Using ep0 maxpacket: 32 [ 1279.177509][T14445] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 1279.197089][T14445] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1279.254825][T14445] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1279.286883][T14445] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1279.296584][T14445] usb 5-1: Product: syz [ 1279.300770][T14445] usb 5-1: Manufacturer: syz [ 1279.315860][T14445] usb 5-1: SerialNumber: syz [ 1279.326669][T14445] usb 5-1: config 0 descriptor?? [ 1279.334390][T14445] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1279.371560][ T3701] bridge_slave_1: left allmulticast mode [ 1279.395475][ T3701] bridge_slave_1: left promiscuous mode [ 1279.405962][T14445] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1279.415848][ T3701] bridge0: port 2(bridge_slave_1) entered disabled state [ 1279.456188][ T3701] bridge_slave_0: left allmulticast mode [ 1279.464515][T19563] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1279.485202][T19563] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1279.502648][T19563] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1279.510869][T19563] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1279.522092][T19563] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1279.530755][T19563] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1279.537945][ T3701] bridge_slave_0: left promiscuous mode [ 1279.543696][ T3701] bridge0: port 1(bridge_slave_0) entered disabled state [ 1280.025501][T14445] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 1280.226282][T14445] usb 3-1: Using ep0 maxpacket: 8 [ 1280.258095][T14445] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1280.284624][T14445] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1280.310014][T14445] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1280.335203][T14445] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1280.371179][T14445] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1280.393604][T14445] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1280.417326][T14445] usb 3-1: config 0 descriptor?? [ 1280.672878][T22703] usb 3-1: USB disconnect, device number 56 [ 1280.693326][ T3701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1280.722155][ T3701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1280.773885][ T3701] bond0 (unregistering): Released all slaves [ 1281.315393][ T3701] hsr_slave_0: left promiscuous mode [ 1281.327571][ T3701] hsr_slave_1: left promiscuous mode [ 1281.333875][ T3701] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1281.342619][ T3701] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1281.357099][ T3701] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1281.364809][ T3701] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1281.403131][ T3701] veth1_macvtap: left promiscuous mode [ 1281.413143][ T3701] veth0_macvtap: left promiscuous mode [ 1281.419558][ T3701] veth1_vlan: left promiscuous mode [ 1281.430347][ T3701] veth0_vlan: left allmulticast mode [ 1281.439400][ T3701] veth0_vlan: left promiscuous mode [ 1281.606462][T19563] Bluetooth: hci2: command tx timeout [ 1282.613698][ T3701] team0 (unregistering): Port device team_slave_1 removed [ 1282.686103][ T3701] team0 (unregistering): Port device team_slave_0 removed [ 1283.456817][T30948] lo: Caught tx_queue_len zero misconfig [ 1283.472784][T30948] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 1283.651023][T30890] chnl_net:caif_netlink_parms(): no params data found [ 1283.682828][T30964] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (5) [ 1283.692785][T19563] Bluetooth: hci2: command tx timeout [ 1283.895480][T14447] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 1283.945444][T22703] usb 3-1: new low-speed USB device number 57 using dummy_hcd [ 1283.993049][T30890] bridge0: port 1(bridge_slave_0) entered blocking state [ 1284.006603][T30890] bridge0: port 1(bridge_slave_0) entered disabled state [ 1284.013861][T30890] bridge_slave_0: entered allmulticast mode [ 1284.022370][T30890] bridge_slave_0: entered promiscuous mode [ 1284.031856][T30890] bridge0: port 2(bridge_slave_1) entered blocking state [ 1284.047623][T30890] bridge0: port 2(bridge_slave_1) entered disabled state [ 1284.054899][T30890] bridge_slave_1: entered allmulticast mode [ 1284.062669][T30890] bridge_slave_1: entered promiscuous mode [ 1284.127000][T14447] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1284.150092][T22703] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1284.163993][T14447] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1284.180344][T22703] usb 3-1: string descriptor 0 read error: -22 [ 1284.188032][T22703] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1284.194212][T30890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1284.215667][T14447] usb 1-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 1284.220731][T22703] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1284.224724][T14447] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1284.279544][T30890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1284.300295][T14447] usb 1-1: config 0 descriptor?? [ 1284.335170][T30987] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1284.357628][T30966] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1284.615067][T30991] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1284.631600][T22703] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 1284.647197][T30891] ldusb 5-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110 [ 1284.740900][ T5179] usb 5-1: USB disconnect, device number 92 [ 1284.744692][T30890] team0: Port device team_slave_0 added [ 1284.766053][ T5179] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 1284.779632][ T5166] usb 3-1: USB disconnect, device number 57 [ 1284.803788][T30890] team0: Port device team_slave_1 added [ 1284.815350][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 1284.815368][ T29] audit: type=1326 audit(1719009229.574:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30982 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f1d67d0a9 code=0x0 [ 1284.960646][T30890] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1284.975892][T30890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1285.025013][T14447] belkin 0003:1020:0006.003F: hidraw0: USB HID v0.00 Device [HID 1020:0006] on usb-dummy_hcd.0-1/input0 [ 1285.059521][T30890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1285.130734][T30890] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1285.161883][T30890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1285.166306][T30999] mmap: syz-executor.1 (30999): VmData 42397696 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 1285.187807][ C1] vkms_vblank_simulate: vblank timer overrun [ 1285.218653][T30890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1285.232264][ T5169] usb 1-1: USB disconnect, device number 70 [ 1285.333258][T31003] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1285.368613][T30890] hsr_slave_0: entered promiscuous mode [ 1285.421083][T30890] hsr_slave_1: entered promiscuous mode [ 1285.456551][T30890] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1285.475420][T30890] Cannot create hsr debugfs directory [ 1285.546189][T31015] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1285.772586][T19563] Bluetooth: hci2: command tx timeout [ 1285.925413][ T29] audit: type=1326 audit(1719009230.704:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31026 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e58c7d0a9 code=0x0 [ 1285.945827][T31024] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (5) [ 1286.389030][T31044] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1286.751195][T31044] netlink: 100 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1286.767971][ T29] audit: type=1326 audit(1719009231.554:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31037 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f1d67d0a9 code=0x0 [ 1287.374244][T31025] syz-executor.4 (31025): drop_caches: 2 [ 1287.403125][T31060] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1287.510955][T31063] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1287.684516][T31067] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1287.792978][T30890] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1287.823517][T31076] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (5) [ 1287.839288][T30890] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1287.854661][T30890] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1287.855746][T19563] Bluetooth: hci2: command tx timeout [ 1287.886899][T30890] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1287.920751][T31078] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 1288.007586][T31078] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1288.490685][T31103] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1288.501136][ T1094] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1288.535578][ T1094] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1288.661905][T30890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1288.859850][ T1094] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1288.895367][ T1094] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1289.010708][T30890] 8021q: adding VLAN 0 to HW filter on device team0 [ 1289.098933][ T1094] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1289.130352][ T1094] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1289.179559][T31120] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 1289.244669][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state [ 1289.251854][ T5166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1289.333694][ T1094] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1289.366241][ T1094] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1289.472387][T14447] bridge0: port 2(bridge_slave_1) entered blocking state [ 1289.479672][T14447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1289.579598][T31130] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1289.641175][ T29] audit: type=1326 audit(1719009234.424:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31131 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f1d67d0a9 code=0x0 [ 1289.700478][ T5113] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1289.714041][ T5113] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1289.730367][ T5113] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1289.745769][ T5113] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1289.754583][ T5113] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1289.765979][ T5113] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1290.008733][ T1094] team0: left allmulticast mode [ 1290.033382][ T1094] bridge0: port 1(team0) entered disabled state [ 1290.624155][T31148] input: syz0 as /devices/virtual/input/input96 [ 1291.418495][ T1094] bond0 (unregistering): Released all slaves [ 1291.441262][ T1094] bond1 (unregistering): Released all slaves [ 1291.497958][T30890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1291.624975][ T1094] Êü: left promiscuous mode [ 1291.646462][T31166] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1291.846146][T19563] Bluetooth: hci6: command tx timeout [ 1291.944412][T22701] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 1291.967970][T30890] veth0_vlan: entered promiscuous mode [ 1292.053157][T30890] veth1_vlan: entered promiscuous mode [ 1292.095958][ T25] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1292.158230][T22701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1292.175471][T22701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1292.194316][T22701] usb 1-1: New USB device found, idVendor=056a, idProduct=032c, bcdDevice=80.00 [ 1292.205227][T22701] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1292.225562][T22701] usb 1-1: config 0 descriptor?? [ 1292.292285][T31186] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1292.308239][ T25] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1292.338417][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=021b, bcdDevice= 0.40 [ 1292.349850][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1292.367206][ T25] usb 3-1: Product: syz [ 1292.386605][ T25] usb 3-1: Manufacturer: 뫛í‰çµ­ì…¢ê´¾î´§æžï„”䜼èžá¨œà¦…ášç¤µê™¨ä¥‰ë³Âšä…“䅶ᴇ括鑴渥棃è»à¾²á™ä¡ç™ï¦¨è˜í€±Û’ë„»â¯êŠ­è˜ƒç·­î™žé¹»îƒšï·›ä¬á«´á›‹ëœ›ï’¿æ©¡â©¦êµå—ࡈﳗ섪ꙿ錂桮᪢ꃗ๿Ⲃ襛ꓜჩ墀î¢ä¯…Ⓝ莴펴ᑔìžä¦¸ï¬·å²ˆÛ瘖뷪꙼Ꜻ묭独à²íš¶ë¯¯ [ 1292.460206][ T25] usb 3-1: SerialNumber: syz [ 1292.486185][ T1094] hsr_slave_0: left promiscuous mode [ 1292.491242][ T25] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 1292.499589][ T1094] hsr_slave_1: left promiscuous mode [ 1292.568992][ T1094] veth1_macvtap: left promiscuous mode [ 1292.574623][ T1094] veth0_macvtap: left promiscuous mode [ 1292.603415][ T1094] veth1_vlan: left promiscuous mode [ 1292.615850][ T1094] veth0_vlan: left promiscuous mode [ 1292.673394][T22701] wacom 0003:056A:032C.0040: item fetching failed at offset 0/2 [ 1292.696717][T22701] wacom 0003:056A:032C.0040: parse failed [ 1292.746319][T22701] wacom 0003:056A:032C.0040: probe with driver wacom failed with error -22 [ 1292.773262][ T25] usb 3-1: USB disconnect, device number 58 [ 1292.865039][T22701] usb 1-1: USB disconnect, device number 71 [ 1293.791617][T31244] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1293.937505][T19563] Bluetooth: hci6: command tx timeout [ 1294.540393][T31136] chnl_net:caif_netlink_parms(): no params data found [ 1294.577294][T30890] veth0_macvtap: entered promiscuous mode [ 1294.619241][T30890] veth1_macvtap: entered promiscuous mode [ 1294.954940][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1294.992214][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.005737][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1295.018524][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.035443][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1295.055688][T19563] Bluetooth: hci1: unexpected cc 0x2040 length: 7 > 1 [ 1295.066526][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.085384][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1295.107188][ T29] audit: type=1326 audit(1719009239.894:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31278 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3f1d67d0a9 code=0x0 [ 1295.107912][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.156314][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1295.181766][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.195821][T30890] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1295.231963][T31136] bridge0: port 1(bridge_slave_0) entered blocking state [ 1295.252677][T31136] bridge0: port 1(bridge_slave_0) entered disabled state [ 1295.268574][T31136] bridge_slave_0: entered allmulticast mode [ 1295.288342][T31136] bridge_slave_0: entered promiscuous mode [ 1295.310982][T31136] bridge0: port 2(bridge_slave_1) entered blocking state [ 1295.328571][T31136] bridge0: port 2(bridge_slave_1) entered disabled state [ 1295.347771][T31136] bridge_slave_1: entered allmulticast mode [ 1295.370485][T31136] bridge_slave_1: entered promiscuous mode [ 1295.445735][ T5166] usb 3-1: new low-speed USB device number 59 using dummy_hcd [ 1295.496166][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1295.507124][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.518175][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1295.533490][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.547373][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1295.565895][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.580045][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1295.592723][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.653943][T30890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1295.671504][ T5166] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 1295.683446][ T5166] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 1295.700939][T30890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1295.715513][ T5166] usb 3-1: config 0 has no interface number 0 [ 1295.722844][ T29] audit: type=1326 audit(1719009240.504:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31297 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbe1967d0a9 code=0x0 [ 1295.746201][T30890] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1295.753948][ T5166] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 1295.778135][ T5166] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1295.792276][ T5166] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1295.817245][T31136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1295.845401][ T5166] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1295.877615][T31136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1295.910575][ T5166] usb 3-1: config 0 descriptor?? [ 1296.000149][T30890] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1296.016308][T19563] Bluetooth: hci6: command tx timeout [ 1296.023213][T30890] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1296.035650][T30890] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1296.044744][T30890] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1296.062624][T31305] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1296.103496][T31136] team0: Port device team_slave_0 added [ 1296.137345][T31136] team0: Port device team_slave_1 added [ 1296.227782][T31136] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1296.234752][T31136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1296.272980][T31136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1296.296647][T31136] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1296.303607][T31136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1296.330132][T31136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1296.457231][T31136] hsr_slave_0: entered promiscuous mode [ 1296.482317][T31136] hsr_slave_1: entered promiscuous mode [ 1296.507510][T31136] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1296.525302][T31136] Cannot create hsr debugfs directory [ 1296.560484][ T5166] usb 3-1: USB disconnect, device number 59 [ 1296.707907][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1296.733259][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1296.823114][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1296.855710][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1297.053881][T31331] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1297.282529][T31342] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1297.744190][ T29] audit: type=1800 audit(1719009242.524:820): pid=31358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="/" dev="fuse" ino=0 res=0 errno=0 [ 1297.786343][T31136] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1297.811576][T31136] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1297.849285][T31136] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1297.888004][T31136] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1297.987830][T31374] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1298.085498][T19563] Bluetooth: hci6: command tx timeout [ 1298.112632][T31136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1298.233646][T31136] 8021q: adding VLAN 0 to HW filter on device team0 [ 1298.277964][T14445] bridge0: port 1(bridge_slave_0) entered blocking state [ 1298.285114][T14445] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1298.373323][T14445] bridge0: port 2(bridge_slave_1) entered blocking state [ 1298.380627][T14445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1298.535435][ T29] audit: type=1326 audit(1719009243.314:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31387 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbe1967d0a9 code=0x0 [ 1298.660027][T31136] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1298.780365][T31136] veth0_vlan: entered promiscuous mode [ 1298.799984][T31136] veth1_vlan: entered promiscuous mode [ 1298.914008][T31136] veth0_macvtap: entered promiscuous mode [ 1298.948492][T31136] veth1_macvtap: entered promiscuous mode [ 1299.025738][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.071402][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.135625][T19563] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1299.146621][T19563] Bluetooth: hci1: Injecting HCI hardware error event [ 1299.155624][ T5113] Bluetooth: hci1: hardware error 0x00 [ 1299.169792][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.204781][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.218691][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.229955][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.240114][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.251252][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.261290][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.272921][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.283963][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1299.303432][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.395907][T31136] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1299.417828][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.459465][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.572593][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.647727][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.665730][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.708583][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.739113][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.762648][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.788164][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.807483][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.827547][T31136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1299.849625][T31136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1299.876771][T31136] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1299.951380][T31414] tipc: Started in network mode [ 1299.965647][T31414] tipc: Node identity 5f000000000000000000000000000001, cluster identity 4711 [ 1299.995683][T31414] tipc: Enabling of bearer rejected, failed to enable media [ 1300.047019][T31136] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.056439][T31136] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.065242][T31136] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.087246][T31136] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1300.452728][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1300.502055][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1300.594540][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1300.606056][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1300.707267][T31380] syz-executor.2 (31380): drop_caches: 2 [ 1300.813108][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.821186][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.860621][T31428] usb usb7: usbfs: process 31428 (syz-executor.3) did not claim interface 0 before use [ 1300.886246][T29292] bond0: (slave syz_tun): Releasing backup interface [ 1300.894205][T31431] input: syz0 as /devices/virtual/input/input98 [ 1300.922485][T31431] input: failed to attach handler leds to device input98, error: -6 [ 1300.951365][T31432] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 1301.034627][T31432] bond1: entered promiscuous mode [ 1301.088960][T31433] bond0: (slave bond_slave_0): Releasing backup interface [ 1301.224958][T31433] bond1: (slave bond_slave_0): making interface the new active one [ 1301.254530][T31433] bond_slave_0: entered promiscuous mode [ 1301.263355][T31433] bond1: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1301.463699][ T1044] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1301.526067][ T57] usb 1-1: new low-speed USB device number 72 using dummy_hcd [ 1301.630118][ T1044] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1301.757396][ T57] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 1301.779520][ T57] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 1301.808169][ T57] usb 1-1: config 0 has no interface number 0 [ 1301.812853][ T1044] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1301.830313][ T57] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 1301.862288][ T57] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1301.876593][ T57] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1301.887275][ T57] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1301.899255][T31468] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1301.917231][ T57] usb 1-1: config 0 descriptor?? [ 1301.928008][ T5113] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1302.007368][T19563] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1302.020678][T19563] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1302.034181][T19563] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1302.055721][T19563] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1302.070508][T19563] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1302.078417][T19563] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1302.080590][ T1044] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1302.560547][T31472] chnl_net:caif_netlink_parms(): no params data found [ 1302.611866][ T57] usb 1-1: USB disconnect, device number 72 [ 1302.633514][ T1044] bridge_slave_1: left allmulticast mode [ 1302.654971][ T1044] bridge_slave_1: left promiscuous mode [ 1302.661144][ T1044] bridge0: port 2(bridge_slave_1) entered disabled state [ 1302.683700][ T1044] bridge_slave_0: left allmulticast mode [ 1302.710637][ T1044] bridge_slave_0: left promiscuous mode [ 1302.720699][ T1044] bridge0: port 1(bridge_slave_0) entered disabled state [ 1303.389739][ T1044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1303.402378][ T1044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1303.414271][ T1044] bond0 (unregistering): Released all slaves [ 1303.437618][T31487] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1303.797071][T31472] bridge0: port 1(bridge_slave_0) entered blocking state [ 1303.827910][T31472] bridge0: port 1(bridge_slave_0) entered disabled state [ 1303.835291][T31472] bridge_slave_0: entered allmulticast mode [ 1303.845950][ T57] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1303.857841][T31472] bridge_slave_0: entered promiscuous mode [ 1303.955626][T31472] bridge0: port 2(bridge_slave_1) entered blocking state [ 1303.973246][T31472] bridge0: port 2(bridge_slave_1) entered disabled state [ 1303.983477][T31472] bridge_slave_1: entered allmulticast mode [ 1303.998688][T31472] bridge_slave_1: entered promiscuous mode [ 1304.055913][ T57] usb 5-1: Using ep0 maxpacket: 32 [ 1304.067842][ T57] usb 5-1: too many configurations: 101, using maximum allowed: 8 [ 1304.134285][ T57] usb 5-1: New USB device found, idVendor=08ca, idProduct=0111, bcdDevice=6d.c8 [ 1304.149932][T31472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1304.160761][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1304.166727][T31529] kvm: kvm [31528]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1d00000080 [ 1304.185447][T19563] Bluetooth: hci4: command tx timeout [ 1304.190472][ T57] usb 5-1: config 0 descriptor?? [ 1304.212073][T31529] kvm: kvm [31528]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x3f00000080 [ 1304.243490][ T1044] hsr_slave_0: left promiscuous mode [ 1304.257601][T31529] kvm: kvm [31528]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xa600000000 [ 1304.276413][ T1044] hsr_slave_1: left promiscuous mode [ 1304.305822][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1304.313303][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1304.324927][T31529] kvm: kvm [31528]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x16800000080 [ 1304.363687][T31529] kvm: kvm [31528]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe702111 [ 1304.376830][ T1044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1304.396538][ T1044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1304.460184][ T1044] veth1_macvtap: left promiscuous mode [ 1304.485699][ T1044] veth0_macvtap: left promiscuous mode [ 1304.501353][ T57] usb 5-1: string descriptor 0 read error: -71 [ 1304.514402][ T1044] veth1_vlan: left promiscuous mode [ 1304.527641][ T57] gspca_main: 08ca:0111 too many config [ 1304.533834][ T1044] veth0_vlan: left promiscuous mode [ 1304.559283][ T57] usb 5-1: USB disconnect, device number 93 [ 1304.599045][T31549] kvm: kvm [31547]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe702111 [ 1305.138751][T31566] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1305.310179][T31572] netlink: 'syz-executor.3': attribute type 6 has an invalid length. [ 1305.626771][T22701] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1305.726367][ T29] audit: type=1800 audit(1719009250.514:822): pid=31583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.2" name="/" dev="fuse" ino=0 res=0 errno=0 [ 1305.762386][ T1044] team0 (unregistering): Port device team_slave_1 removed [ 1305.815535][T22701] usb 5-1: Using ep0 maxpacket: 8 [ 1305.815633][ T1044] team0 (unregistering): Port device team_slave_0 removed [ 1305.827692][T22701] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1305.850276][T22701] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1305.862834][T22701] usb 5-1: config 0 descriptor?? [ 1306.247592][T19563] Bluetooth: hci4: command tx timeout [ 1306.560757][T31472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1306.589387][T31545] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1306.716784][T31472] team0: Port device team_slave_0 added [ 1306.719865][T31593] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1306.731288][T31472] team0: Port device team_slave_1 added [ 1306.805120][T31595] binder: 31594:31595 ioctl c018620c 20000000 returned -1 [ 1306.835548][T31472] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1306.855497][T31472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1306.900448][T31472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1306.929733][T31472] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1306.958601][T31472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1307.018493][T31472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1307.057411][T31604] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1307.182377][T31472] hsr_slave_0: entered promiscuous mode [ 1307.219735][T31472] hsr_slave_1: entered promiscuous mode [ 1307.239779][T31472] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1307.259122][T31472] Cannot create hsr debugfs directory [ 1307.297198][T22701] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1307.322268][T22701] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 1307.342970][T22701] asix 5-1:0.0: probe with driver asix failed with error -71 [ 1307.367863][T22701] usb 5-1: USB disconnect, device number 94 [ 1307.929213][T31640] TCP: request_sock_subflow_v6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1307.968401][T31637] netlink: 'syz-executor.0': attribute type 46 has an invalid length. [ 1307.990696][T31637] netlink: 212868 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1308.151603][T31643] netlink: 'syz-executor.4': attribute type 8 has an invalid length. [ 1308.175443][T31643] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1308.325679][T19563] Bluetooth: hci4: command tx timeout [ 1308.348381][T31647] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1308.372123][T31647] tipc: Invalid UDP bearer configuration [ 1308.374518][T31647] tipc: Enabling of bearer rejected, failed to enable media [ 1308.471699][T31472] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1308.490757][T19563] Bluetooth: hci6: Received unexpected HCI Event 0x00 [ 1308.519037][T31472] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1308.580396][T31472] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1308.628121][T31472] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1309.045149][T31472] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1309.189515][ T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1309.400222][ T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1309.470329][T31472] 8021q: adding VLAN 0 to HW filter on device team0 [ 1309.634257][ T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1309.677832][ T5169] bridge0: port 1(bridge_slave_0) entered blocking state [ 1309.682982][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x5ff00000800 [ 1309.684978][ T5169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1309.727347][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x5ff00000000 [ 1309.816327][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x5ff00000000 [ 1309.839848][ T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1309.860679][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x5ff00000000 [ 1309.909929][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x5ff00000000 [ 1309.967034][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x5ff00000800 [ 1309.974216][ T5169] bridge0: port 2(bridge_slave_1) entered blocking state [ 1309.983546][ T5169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1310.010259][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x5ff00000800 [ 1310.044646][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x5ff00000800 [ 1310.098592][T31677] kvm: kvm [31676]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x5ff00000000 [ 1310.289484][ T5179] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 1310.356238][ T51] bridge_slave_1: left allmulticast mode [ 1310.372263][ T51] bridge_slave_1: left promiscuous mode [ 1310.378495][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 1310.406855][ T5113] Bluetooth: hci4: command tx timeout [ 1310.417534][ T51] bridge_slave_0: left allmulticast mode [ 1310.423213][ T51] bridge_slave_0: left promiscuous mode [ 1310.430133][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 1310.439069][ T5113] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1310.450907][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1310.460755][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1310.475909][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1310.484713][ T5113] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1310.493977][ T5113] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1310.505515][ T5179] usb 1-1: Using ep0 maxpacket: 32 [ 1310.514508][ T5179] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 1310.537683][ T5179] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1310.546971][ T5179] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1310.557331][ T5179] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1310.567477][ T5179] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1310.581209][ T5179] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1310.595053][ T5179] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1310.604601][ T5179] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1310.617456][ T5179] usb 1-1: config 0 descriptor?? [ 1310.841404][ T5179] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 73 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1310.889373][ T5179] usb 1-1: USB disconnect, device number 73 [ 1310.915589][ T5179] usblp0: removed [ 1311.085745][ T25] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1311.295978][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 1311.311489][ T25] usb 5-1: too many configurations: 101, using maximum allowed: 8 [ 1311.394005][ T25] usb 5-1: New USB device found, idVendor=08ca, idProduct=0111, bcdDevice=6d.c8 [ 1311.404801][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1311.445716][ T5179] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 1311.466449][ T25] usb 5-1: config 0 descriptor?? [ 1311.679434][ T5179] usb 1-1: Using ep0 maxpacket: 32 [ 1311.706168][ T5179] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 1311.725650][ T25] usb 5-1: string descriptor 0 read error: -71 [ 1311.731913][ T5179] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1311.748850][ T25] gspca_main: 08ca:0111 too many config [ 1311.763643][ T5179] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1311.775665][ T25] usb 5-1: USB disconnect, device number 95 [ 1311.792486][ T5179] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1311.814512][ T5179] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1311.843231][ T5179] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1311.869816][ T5179] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1311.884225][ T5179] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1311.916381][ T5179] usb 1-1: config 0 descriptor?? [ 1312.146236][ T5179] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 74 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1312.285698][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1312.328328][ T51] bond0 (unregistering): Released all slaves [ 1312.359671][ T51] bond1 (unregistering): (slave bond_slave_0): Releasing active interface [ 1312.383826][ T51] bond_slave_0: left promiscuous mode [ 1312.406145][ T51] bond1 (unregistering): Released all slaves [ 1312.568684][T19563] Bluetooth: hci1: command tx timeout [ 1312.701094][T14447] usb 1-1: USB disconnect, device number 74 [ 1312.744305][T14447] usblp0: removed [ 1312.792728][T31748] bridge1: entered promiscuous mode [ 1312.808118][T31748] bridge1: entered allmulticast mode [ 1312.849582][T31472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1313.057049][ T51] hsr_slave_0: left promiscuous mode [ 1313.077430][ T51] hsr_slave_1: left promiscuous mode [ 1313.091682][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1313.113409][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1313.141515][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1313.149396][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1313.197382][ T51] veth1_macvtap: left promiscuous mode [ 1313.203437][ T51] veth0_macvtap: left promiscuous mode [ 1313.209701][ T51] veth1_vlan: left promiscuous mode [ 1313.215178][ T51] veth0_vlan: left promiscuous mode [ 1314.128976][ T51] team0 (unregistering): Port device team_slave_1 removed [ 1314.230768][ T51] team0 (unregistering): Port device team_slave_0 removed [ 1314.645714][T19563] Bluetooth: hci1: command tx timeout [ 1315.042207][T31785] bridge2: entered promiscuous mode [ 1315.050634][T31785] bridge2: entered allmulticast mode [ 1315.069873][T31472] veth0_vlan: entered promiscuous mode [ 1315.182776][T31472] veth1_vlan: entered promiscuous mode [ 1315.236811][T31472] veth0_macvtap: entered promiscuous mode [ 1315.262844][T31472] veth1_macvtap: entered promiscuous mode [ 1315.285164][ T29] audit: type=1326 audit(1719009260.064:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31794 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe8f107d0a9 code=0x0 [ 1315.352018][T31702] chnl_net:caif_netlink_parms(): no params data found [ 1315.590788][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1315.612607][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.622608][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1315.637600][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.648568][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1315.659860][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.669923][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1315.680629][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.691361][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1315.701920][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.713531][T31472] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1315.723670][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.748526][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.802542][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.824450][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.835039][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.847505][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.859973][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.871815][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.884314][T31472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1315.902673][T31472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1315.938130][T31472] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1315.999829][ T29] audit: type=1800 audit(1719009260.784:824): pid=31817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="/" dev="fuse" ino=0 res=0 errno=0 [ 1316.030126][T31702] bridge0: port 1(bridge_slave_0) entered blocking state [ 1316.043296][T31702] bridge0: port 1(bridge_slave_0) entered disabled state [ 1316.062073][T31702] bridge_slave_0: entered allmulticast mode [ 1316.079667][T31702] bridge_slave_0: entered promiscuous mode [ 1316.093257][T31472] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.110504][T31472] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.144577][T31472] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.214866][T31472] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.260993][T31702] bridge0: port 2(bridge_slave_1) entered blocking state [ 1316.295624][T31702] bridge0: port 2(bridge_slave_1) entered disabled state [ 1316.320436][T31702] bridge_slave_1: entered allmulticast mode [ 1316.338779][T31702] bridge_slave_1: entered promiscuous mode [ 1316.454820][T31702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1316.500722][T31702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1316.574319][T31702] team0: Port device team_slave_0 added [ 1316.651042][T31702] team0: Port device team_slave_1 added [ 1316.727575][T19563] Bluetooth: hci1: command tx timeout [ 1316.764946][T31702] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1316.808092][T31702] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1316.844268][T31702] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1316.925258][T31702] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1316.940481][T31702] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1317.005292][T31702] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1317.019296][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1317.051286][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1317.236412][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1317.252205][T31702] hsr_slave_0: entered promiscuous mode [ 1317.268120][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1317.294150][T31702] hsr_slave_1: entered promiscuous mode [ 1317.311415][T31702] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1317.353887][T31702] Cannot create hsr debugfs directory [ 1317.506066][T31866] xt_connbytes: Forcing CT accounting to be enabled [ 1317.523847][T31866] Cannot find add_set index 0 as target [ 1318.761404][T31702] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1318.797909][T31702] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1318.805636][T19563] Bluetooth: hci1: command tx timeout [ 1318.912939][T31702] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1318.976401][T31702] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1319.435200][ T1094] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1319.779260][ T1094] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1319.818826][T31907] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1319.962324][ T1094] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.026697][T31907] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1320.119739][ T1094] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1320.218696][T31702] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1320.228245][ T5113] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1320.246392][ T5113] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1320.264992][ T5113] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1320.274845][ T5113] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1320.283627][ T5113] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1320.291201][ T5113] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1320.368541][T31702] 8021q: adding VLAN 0 to HW filter on device team0 [ 1320.414740][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state [ 1320.421954][ T5166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1320.502755][ T5113] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1320.515284][ T5113] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1320.523876][ T5113] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1320.534814][ T5113] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1320.543728][ T5113] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1320.551476][ T5113] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1320.672407][T14445] bridge0: port 2(bridge_slave_1) entered blocking state [ 1320.679576][T14445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1320.725080][T31921] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 1320.805817][T31921] team0: Port device netdevsim0 added [ 1320.815759][ T1094] bridge_slave_1: left allmulticast mode [ 1320.821430][ T1094] bridge_slave_1: left promiscuous mode [ 1320.832962][ T1094] bridge0: port 2(bridge_slave_1) entered disabled state [ 1320.849799][ T1094] bridge_slave_0: left allmulticast mode [ 1320.856056][ T1094] bridge_slave_0: left promiscuous mode [ 1320.861884][ T1094] bridge0: port 1(bridge_slave_0) entered disabled state [ 1321.429734][T31939] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1321.771719][ T1094] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1321.783870][ T1094] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1321.797959][ T1094] bond0 (unregistering): Released all slaves [ 1321.832485][T31939] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1321.915240][T31940] netlink: 'syz-executor.3': attribute type 29 has an invalid length. [ 1322.406411][T19563] Bluetooth: hci5: command tx timeout [ 1322.652427][T19563] Bluetooth: hci6: command tx timeout [ 1322.741764][T31702] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1322.845117][ T1094] hsr_slave_0: left promiscuous mode [ 1322.886891][ T1094] hsr_slave_1: left promiscuous mode [ 1322.904195][ T1094] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1322.923225][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1322.937360][ T1094] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1322.951714][ T1094] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1323.001177][ T1094] veth1_macvtap: left promiscuous mode [ 1323.013537][ T1094] veth0_macvtap: left promiscuous mode [ 1323.023620][ T1094] veth1_vlan: left promiscuous mode [ 1323.034506][ T1094] veth0_vlan: left promiscuous mode [ 1323.911910][ T1094] team0 (unregistering): Port device team_slave_1 removed [ 1323.963220][ T1094] team0 (unregistering): Port device team_slave_0 removed [ 1324.487053][T19563] Bluetooth: hci5: command tx timeout [ 1324.593368][T31915] chnl_net:caif_netlink_parms(): no params data found [ 1324.736486][T19563] Bluetooth: hci6: command tx timeout [ 1324.932486][T31923] chnl_net:caif_netlink_parms(): no params data found [ 1324.959476][T32024] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1324.976296][T32024] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1324.985639][T31915] bridge0: port 1(bridge_slave_0) entered blocking state [ 1325.010515][T31915] bridge0: port 1(bridge_slave_0) entered disabled state [ 1325.055062][T31915] bridge_slave_0: entered allmulticast mode [ 1325.078469][T31915] bridge_slave_0: entered promiscuous mode [ 1325.220761][T31915] bridge0: port 2(bridge_slave_1) entered blocking state [ 1325.265753][T31915] bridge0: port 2(bridge_slave_1) entered disabled state [ 1325.285537][T31915] bridge_slave_1: entered allmulticast mode [ 1325.313277][T31915] bridge_slave_1: entered promiscuous mode [ 1325.468023][T31915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1325.515543][T31702] veth0_vlan: entered promiscuous mode [ 1325.562696][T31915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1325.711297][T31702] veth1_vlan: entered promiscuous mode [ 1325.851905][T31915] team0: Port device team_slave_0 added [ 1325.964231][T31923] bridge0: port 1(bridge_slave_0) entered blocking state [ 1325.976847][T31923] bridge0: port 1(bridge_slave_0) entered disabled state [ 1325.994318][T31923] bridge_slave_0: entered allmulticast mode [ 1326.010373][T31923] bridge_slave_0: entered promiscuous mode [ 1326.048774][T31915] team0: Port device team_slave_1 added [ 1326.064996][T31923] bridge0: port 2(bridge_slave_1) entered blocking state [ 1326.085000][T31923] bridge0: port 2(bridge_slave_1) entered disabled state [ 1326.106027][T31923] bridge_slave_1: entered allmulticast mode [ 1326.113413][T31923] bridge_slave_1: entered promiscuous mode [ 1326.259472][T32059] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1326.284849][T31915] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1326.295502][T31915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1326.321404][ C1] vkms_vblank_simulate: vblank timer overrun [ 1326.348236][T31915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1326.396615][T31915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1326.423423][T31915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1326.476145][T31915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1326.516417][T31923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1326.547783][T31923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1326.568965][T19563] Bluetooth: hci5: command tx timeout [ 1326.700814][T31923] team0: Port device team_slave_0 added [ 1326.759507][T31923] team0: Port device team_slave_1 added [ 1326.806539][T19563] Bluetooth: hci6: command tx timeout [ 1326.836770][T31915] hsr_slave_0: entered promiscuous mode [ 1326.860595][T31915] hsr_slave_1: entered promiscuous mode [ 1326.892623][T31915] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1326.915438][T22703] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1326.925391][T31915] Cannot create hsr debugfs directory [ 1326.933559][T31702] veth0_macvtap: entered promiscuous mode [ 1327.093534][T31923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1327.111097][T31923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1327.137040][ C1] vkms_vblank_simulate: vblank timer overrun [ 1327.159021][T22703] usb 4-1: New USB device found, idVendor=0c45, idProduct=60aa, bcdDevice=43.d9 [ 1327.172258][T31923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1327.184014][T22703] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1327.196884][T31923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1327.203957][T31923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1327.231913][T22703] usb 4-1: config 0 descriptor?? [ 1327.248325][T22703] gspca_main: sonixb-2.14.0 probing 0c45:60aa [ 1327.266662][T31923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1327.312850][T31702] veth1_macvtap: entered promiscuous mode [ 1327.460262][T31923] hsr_slave_0: entered promiscuous mode [ 1327.481846][T31923] hsr_slave_1: entered promiscuous mode [ 1327.496520][T31923] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1327.513967][T31923] Cannot create hsr debugfs directory [ 1327.535437][T14447] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1327.589139][T22703] sonixb 4-1:0.0: Error reading register 00: -71 [ 1327.602251][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1327.616037][T22703] usb 4-1: USB disconnect, device number 57 [ 1327.623687][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.636627][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1327.647492][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.657395][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1327.667994][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.677914][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1327.689110][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.704516][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1327.725363][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.738038][T31702] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1327.749470][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1327.760555][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.764045][T14447] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1327.771508][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1327.780934][T14447] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1327.801791][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.806136][T14447] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1327.822647][T14447] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1327.831113][T14447] usb 2-1: Product: syz [ 1327.836057][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1327.847026][T14447] usb 2-1: Manufacturer: syz [ 1327.851296][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.851733][T14447] usb 2-1: SerialNumber: syz [ 1327.871696][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1327.882623][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.892811][T31702] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1327.903310][T31702] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1327.914790][T31702] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1327.991472][T31702] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1328.000936][T31702] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1328.009828][T31702] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1328.018664][T31702] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1328.310548][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1328.340934][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1328.563601][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1328.591112][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1328.645599][T19563] Bluetooth: hci5: command tx timeout [ 1328.714225][T14447] cdc_ncm 2-1:1.0: SET_CRC_MODE failed [ 1328.743497][T14447] cdc_ncm 2-1:1.0: SET_NTB_FORMAT failed [ 1328.797732][T14447] cdc_ncm 2-1:1.0: bind() failure [ 1328.820944][T14447] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 1328.832975][T14447] cdc_ncm 2-1:1.1: bind() failure [ 1328.865698][T14447] usb 2-1: USB disconnect, device number 69 [ 1328.885979][T19563] Bluetooth: hci6: command tx timeout [ 1329.073777][T31923] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.280438][T31923] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.494060][T31923] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.684459][T31923] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1330.097654][T31915] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1330.120224][T31915] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1330.150713][T31915] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1330.176507][T31915] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1330.383930][T31923] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1330.395947][T14445] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 1330.424221][T31923] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1330.456613][T31923] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1330.483489][T31923] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1330.590270][T14445] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 1330.605873][T14445] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1330.644873][T14445] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1330.691115][T14445] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1330.711432][T31915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1330.719305][T14445] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1330.743065][T14445] usb 3-1: Manufacturer: syz [ 1330.760538][T14445] usb 3-1: config 0 descriptor?? [ 1330.780093][T14445] igorplugusb 3-1:0.0: incorrect number of endpoints [ 1330.878071][T31915] 8021q: adding VLAN 0 to HW filter on device team0 [ 1330.947779][T22701] bridge0: port 1(bridge_slave_0) entered blocking state [ 1330.954939][T22701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1331.000056][T22701] usb 3-1: USB disconnect, device number 60 [ 1331.038473][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 1331.045652][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1331.322805][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1331.407222][T31923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1331.591342][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1331.664104][T31915] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1331.738314][T31923] 8021q: adding VLAN 0 to HW filter on device team0 [ 1331.869349][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1331.932151][T14612] bridge0: port 1(bridge_slave_0) entered blocking state [ 1331.939344][T14612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1331.984002][T14612] bridge0: port 2(bridge_slave_1) entered blocking state [ 1331.991155][T14612] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1332.123505][ T35] team0: Port device netdevsim0 removed [ 1332.143789][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1332.155174][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1332.177117][ T5113] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1332.185763][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1332.196989][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1332.204693][ T5113] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1332.215458][ T5113] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1332.271097][T31915] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1332.455575][ T5179] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1332.483220][T31923] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1332.624518][ T35] bridge_slave_1: left allmulticast mode [ 1332.630465][ T35] bridge_slave_1: left promiscuous mode [ 1332.636835][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 1332.649808][ T35] bridge_slave_0: left allmulticast mode [ 1332.658159][ T35] bridge_slave_0: left promiscuous mode [ 1332.669917][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 1332.683566][ T5179] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1332.693032][ T5179] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1332.707539][ T5179] usb 2-1: Product: syz [ 1332.711767][ T5179] usb 2-1: Manufacturer: syz [ 1332.717225][ T5179] usb 2-1: SerialNumber: syz [ 1332.729324][ T5179] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1332.752481][T22703] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1333.006108][T14612] usb 2-1: USB disconnect, device number 70 [ 1333.246828][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1333.259642][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1333.273372][ T35] bond0 (unregistering): Released all slaves [ 1333.313738][T31915] veth0_vlan: entered promiscuous mode [ 1333.619626][T31923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1333.676130][T31915] veth1_vlan: entered promiscuous mode [ 1333.846204][T22703] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 1333.878140][ T35] hsr_slave_0: left promiscuous mode [ 1333.880627][T22703] ath9k_htc: Failed to initialize the device [ 1333.893336][ T35] hsr_slave_1: left promiscuous mode [ 1333.901680][T14612] usb 2-1: ath9k_htc: USB layer deinitialized [ 1333.926574][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1333.934034][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1333.960354][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1333.976920][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1334.058297][ T35] veth1_macvtap: left promiscuous mode [ 1334.064061][ T35] veth0_macvtap: left promiscuous mode [ 1334.081658][ T35] veth1_vlan: left promiscuous mode [ 1334.098691][ T35] veth0_vlan: left promiscuous mode [ 1334.295894][T14612] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1334.325686][T19563] Bluetooth: hci2: command tx timeout [ 1334.497726][T14612] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1334.516529][T14612] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1334.523266][T14612] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 9.99 [ 1334.532846][T14612] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1334.546304][T14612] usb 2-1: config 0 descriptor?? [ 1334.555252][T14612] usb 2-1: selecting invalid altsetting 0 [ 1334.601530][T14612] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1334.677700][T24779] udevd[24779]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1334.756933][T22703] usb 2-1: USB disconnect, device number 71 [ 1335.331527][T14612] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1335.375730][ T35] team0 (unregistering): Port device team_slave_1 removed [ 1335.487789][ T35] team0 (unregistering): Port device team_slave_0 removed [ 1335.577175][T14612] usb 3-1: New USB device found, idVendor=0c45, idProduct=60aa, bcdDevice=43.d9 [ 1335.596744][T14612] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1335.625232][T14612] usb 3-1: config 0 descriptor?? [ 1335.633422][T14612] gspca_main: sonixb-2.14.0 probing 0c45:60aa [ 1335.969105][T14612] sonixb 3-1:0.0: Error reading register 00: -71 [ 1335.980795][T14612] usb 3-1: USB disconnect, device number 61 [ 1336.302802][T32209] chnl_net:caif_netlink_parms(): no params data found [ 1336.419179][T19563] Bluetooth: hci2: command tx timeout [ 1336.464889][T31915] veth0_macvtap: entered promiscuous mode [ 1336.569565][T31915] veth1_macvtap: entered promiscuous mode [ 1336.660036][T32262] team_slave_0: entered promiscuous mode [ 1336.666449][T32262] team_slave_1: entered promiscuous mode [ 1336.676929][T32262] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1336.710432][T32262] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 1336.771381][T32209] bridge0: port 1(bridge_slave_0) entered blocking state [ 1336.786880][T32209] bridge0: port 1(bridge_slave_0) entered disabled state [ 1336.794070][T32209] bridge_slave_0: entered allmulticast mode [ 1336.811938][T32209] bridge_slave_0: entered promiscuous mode [ 1336.876077][T32266] bond0: entered promiscuous mode [ 1336.882319][T32266] bond_slave_0: entered promiscuous mode [ 1336.890516][T32266] bond_slave_1: entered promiscuous mode [ 1336.898497][T32266] macvlan2: entered promiscuous mode [ 1336.904189][T32266] team0: entered promiscuous mode [ 1336.962087][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1336.984553][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.000737][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.027298][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.047943][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.079193][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.098900][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.115627][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.137792][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1337.159051][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.177803][T31915] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1337.188958][T32209] bridge0: port 2(bridge_slave_1) entered blocking state [ 1337.206840][T32209] bridge0: port 2(bridge_slave_1) entered disabled state [ 1337.214058][T32209] bridge_slave_1: entered allmulticast mode [ 1337.241716][T32209] bridge_slave_1: entered promiscuous mode [ 1337.242824][T32285] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1337.281128][T31923] veth0_vlan: entered promiscuous mode [ 1337.399694][T32209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1337.435553][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.488117][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.507350][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.526008][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.545943][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.565446][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.575277][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.594795][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.619966][T31915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1337.641215][T31915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1337.657412][T31915] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1337.680790][T31915] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.700282][T31915] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.713683][T31915] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.737023][T31915] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1337.789751][T32209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1337.891993][T31923] veth1_vlan: entered promiscuous mode [ 1337.987431][T32209] team0: Port device team_slave_0 added [ 1338.037556][T32209] team0: Port device team_slave_1 added [ 1338.047144][T32299] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1338.182121][T32209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1338.194743][T32209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1338.246277][T32209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1338.285263][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1338.308711][T32209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1338.317479][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1338.345383][T32209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1338.394476][T32209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1338.463616][T31923] veth0_macvtap: entered promiscuous mode [ 1338.472427][T32317] GUP no longer grows the stack in syz-executor.1 (32317): 20004000-20006000 (20002000) [ 1338.500479][T19563] Bluetooth: hci2: command tx timeout [ 1338.501150][T32317] CPU: 1 PID: 32317 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00164-g66cc544fd75c #0 [ 1338.516387][T32317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1338.526465][T32317] Call Trace: [ 1338.529771][T32317] [ 1338.532766][T32317] dump_stack_lvl+0x241/0x360 [ 1338.537484][T32317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1338.542729][T32317] ? __pfx__printk+0x10/0x10 [ 1338.547363][T32317] ? find_vma+0xf9/0x170 [ 1338.551655][T32317] ? vma_is_secretmem+0xd/0x50 [ 1338.556443][T32317] ? check_vma_flags+0x531/0x5a0 [ 1338.561411][T32317] __get_user_pages+0x10e3/0x1590 [ 1338.566495][T32317] ? __pfx___get_user_pages+0x10/0x10 [ 1338.571921][T32317] __gup_longterm_locked+0x4b0/0x2a80 [ 1338.577366][T32317] ? __pfx___gup_longterm_locked+0x10/0x10 [ 1338.583205][T32317] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1338.589219][T32317] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1338.595583][T32317] ? sanity_check_pinned_pages+0x12c2/0x13c0 [ 1338.601601][T32317] ? gup_fast_fallback+0x220d/0x2b40 [ 1338.606920][T32317] gup_fast_fallback+0x2732/0x2b40 [ 1338.612122][T32317] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1338.617638][T32317] ? mark_lock+0x9a/0x350 [ 1338.622014][T32317] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1338.628054][T32317] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1338.634430][T32317] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 1338.640002][T32317] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 1338.645578][T32317] ? is_valid_gup_args+0x124/0x200 [ 1338.646392][T14447] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1338.650704][T32317] pin_user_pages_fast+0xcc/0x160 [ 1338.650735][T32317] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 1338.669018][T32317] ? __kmalloc_node_noprof+0x247/0x440 [ 1338.674537][T32317] ? kvmalloc_node_noprof+0x72/0x190 [ 1338.679881][T32317] io_pin_pages+0x7e/0x170 [ 1338.684354][T32317] io_sqe_buffer_register+0x180/0x1b10 [ 1338.689864][T32317] ? __might_fault+0xc6/0x120 [ 1338.694583][T32317] ? _copy_from_user+0xa6/0xe0 [ 1338.699376][T32317] ? io_copy_iov+0xda/0x260 [ 1338.703910][T32317] ? __pfx_io_sqe_buffer_register+0x10/0x10 [ 1338.709838][T32317] ? __pfx_io_copy_iov+0x10/0x10 [ 1338.714802][T32317] ? io_sqe_buffers_register+0x208/0x6b0 [ 1338.720486][T32317] ? io_sqe_buffers_register+0x208/0x6b0 [ 1338.726155][T32317] ? __kmalloc_noprof+0x217/0x400 [ 1338.731225][T32317] io_sqe_buffers_register+0x4d3/0x6b0 [ 1338.736726][T32317] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 1338.742750][T32317] ? __fget_files+0x29/0x470 [ 1338.747389][T32317] __se_sys_io_uring_register+0xb22/0x15d0 [ 1338.753252][T32317] ? __pfx___se_sys_io_uring_register+0x10/0x10 [ 1338.759533][T32317] ? do_syscall_64+0x100/0x230 [ 1338.764335][T32317] ? do_syscall_64+0xb6/0x230 [ 1338.769063][T32317] do_syscall_64+0xf3/0x230 [ 1338.773627][T32317] ? clear_bhb_loop+0x35/0x90 [ 1338.778345][T32317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1338.784272][T32317] RIP: 0033:0x7fc22be7d0a9 [ 1338.788712][T32317] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1338.808355][T32317] RSP: 002b:00007fc22cbf90c8 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 1338.816801][T32317] RAX: ffffffffffffffda RBX: 00007fc22bfb3f80 RCX: 00007fc22be7d0a9 [ 1338.824794][T32317] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000000000006 [ 1338.832787][T32317] RBP: 00007fc22beec074 R08: 0000000000000000 R09: 0000000000000000 [ 1338.840782][T32317] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000000 [ 1338.848774][T32317] R13: 000000000000000b R14: 00007fc22bfb3f80 R15: 00007fc22c0dfaa8 [ 1338.856796][T32317] [ 1338.881889][T14447] usb 3-1: Using ep0 maxpacket: 16 [ 1338.890029][T14447] usb 3-1: config 0 has an invalid interface number: 24 but max is 1 [ 1338.893146][T32209] hsr_slave_0: entered promiscuous mode [ 1338.905691][T14447] usb 3-1: config 0 has no interface number 1 [ 1338.924098][T32209] hsr_slave_1: entered promiscuous mode [ 1338.932829][T14447] usb 3-1: New USB device found, idVendor=046d, idProduct=092a, bcdDevice= a.c1 [ 1338.942296][T14447] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1338.952355][T14447] usb 3-1: Product: syz [ 1338.955438][T32209] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1338.959477][T14447] usb 3-1: Manufacturer: syz [ 1338.971058][T14447] usb 3-1: SerialNumber: syz [ 1338.977791][T32209] Cannot create hsr debugfs directory [ 1338.984067][T14447] usb 3-1: config 0 descriptor?? [ 1338.996856][T31923] veth1_macvtap: entered promiscuous mode [ 1339.016657][T14447] gspca_main: spca561-2.14.0 probing 046d:092a [ 1339.080235][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1339.092125][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1339.224873][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1339.225524][T14447] spca561 3-1:0.0: probe with driver spca561 failed with error -22 [ 1339.254096][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.267456][T14447] usb 3-1: USB disconnect, device number 62 [ 1339.279909][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1339.291310][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.306242][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1339.317500][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.327960][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1339.338835][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.349707][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1339.360625][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.371102][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1339.382899][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.394505][T31923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1339.429271][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1339.448774][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.458677][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1339.469198][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.480324][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1339.491109][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.501636][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1339.518424][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.543853][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1339.559256][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.581536][T31923] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1339.596526][T31923] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1339.612506][T31923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1339.724770][T32340] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 1339.759197][T32340] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1339.804468][T31923] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1339.837448][T31923] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1339.870822][T31923] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1339.889375][T31923] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1340.105710][ T25] usb 2-1: new low-speed USB device number 72 using dummy_hcd [ 1340.197828][T32359] bond0: entered promiscuous mode [ 1340.202930][T32359] bond_slave_0: entered promiscuous mode [ 1340.230684][T32359] bond_slave_1: entered promiscuous mode [ 1340.240559][T32359] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1340.266813][T32359] bond0: left promiscuous mode [ 1340.275355][T32359] bond_slave_0: left promiscuous mode [ 1340.281510][T32359] bond_slave_1: left promiscuous mode [ 1340.310634][ T25] usb 2-1: No LPM exit latency info found, disabling LPM. [ 1340.322415][ T25] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1340.349434][ T25] usb 2-1: string descriptor 0 read error: -22 [ 1340.357606][ T25] usb 2-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice= 0.40 [ 1340.384895][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1340.431752][ T25] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 1340.566229][T19563] Bluetooth: hci2: command tx timeout [ 1340.710195][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1340.726590][ T5166] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1340.755422][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1340.994902][ T5166] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1341.022770][ T5166] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1341.071049][ T5166] usb 5-1: Product: syz [ 1341.073910][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1341.097921][ T5166] usb 5-1: Manufacturer: syz [ 1341.114036][ T5166] usb 5-1: SerialNumber: syz [ 1341.148934][ T5166] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1341.173539][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1341.175653][ T5169] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1341.402451][T32209] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1341.490050][T32209] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1341.642121][T32209] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1341.704751][ T5166] usb 5-1: USB disconnect, device number 96 [ 1341.742259][T32209] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1342.196238][T32209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1342.263165][T32209] 8021q: adding VLAN 0 to HW filter on device team0 [ 1342.309722][T14445] bridge0: port 1(bridge_slave_0) entered blocking state [ 1342.316932][T14445] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1342.332852][ T5169] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1342.376192][ T5169] ath9k_htc: Failed to initialize the device [ 1342.396997][T14445] bridge0: port 2(bridge_slave_1) entered blocking state [ 1342.404110][T14445] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1342.418001][ T5166] usb 5-1: ath9k_htc: USB layer deinitialized [ 1342.954731][ T3701] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1342.982812][ T57] usb 2-1: USB disconnect, device number 72 [ 1343.176748][T32209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1343.271705][ T29] audit: type=1326 audit(1719009288.044:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32418 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f315b67d0a9 code=0x0 [ 1343.391199][ T3701] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1343.576482][ T3701] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1343.777919][ T3701] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1343.844946][T32209] veth0_vlan: entered promiscuous mode [ 1343.923987][T32209] veth1_vlan: entered promiscuous mode [ 1343.975143][ T5113] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1343.991497][ T5113] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1344.003339][ T5113] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1344.023405][ T5113] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1344.043505][ T5113] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1344.051421][ T5113] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1344.197110][T32209] veth0_macvtap: entered promiscuous mode [ 1344.415520][ T5166] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 1344.474590][ T3701] bridge_slave_1: left allmulticast mode [ 1344.496221][ T3701] bridge_slave_1: left promiscuous mode [ 1344.522376][ T3701] bridge0: port 2(bridge_slave_1) entered disabled state [ 1344.548744][ T3701] bridge_slave_0: left allmulticast mode [ 1344.563639][ T3701] bridge_slave_0: left promiscuous mode [ 1344.580392][ T3701] bridge0: port 1(bridge_slave_0) entered disabled state [ 1344.648201][ T5166] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1344.687204][ T5166] usb 5-1: config 0 has no interfaces? [ 1344.692820][ T5166] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1344.742822][ T5166] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1344.786549][ T5166] usb 5-1: config 0 descriptor?? [ 1345.021997][T14447] usb 5-1: USB disconnect, device number 97 [ 1345.799336][ T3701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1345.832761][ T3701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1345.860698][ T3701] bond0 (unregistering): Released all slaves [ 1345.895546][T32209] veth1_macvtap: entered promiscuous mode [ 1346.076409][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1346.125599][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.136065][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1346.147195][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.161505][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1346.174652][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.184731][ T5113] Bluetooth: hci6: command tx timeout [ 1346.194644][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1346.205801][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.216411][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1346.227898][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.238093][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1346.250451][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.260758][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1346.275819][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.288237][T32209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1346.308097][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1346.318911][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.335837][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1346.362554][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.385386][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1346.415476][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.445427][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1346.471385][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.494311][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1346.534069][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.564020][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1346.576889][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.587494][T32209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1346.598131][T32209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1346.613189][T32209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1346.704915][T32209] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1346.713889][T32209] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1346.724031][T32209] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1346.734640][T32209] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1346.798776][T14612] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1347.037524][T14612] usb 2-1: config 0 has no interfaces? [ 1347.055619][T14612] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1347.069163][T14612] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1347.113831][T14612] usb 2-1: config 0 descriptor?? [ 1347.159341][ T3701] hsr_slave_0: left promiscuous mode [ 1347.174684][ T3701] hsr_slave_1: left promiscuous mode [ 1347.192933][ T3701] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1347.223624][ T3701] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1347.264994][ T3701] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1347.315350][ T3701] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1347.350172][T32518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1347.377780][T32518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1347.438882][T32518] [ 1347.441213][T32518] ===================================================== [ 1347.448128][T32518] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 1347.455564][T32518] 6.10.0-rc4-syzkaller-00164-g66cc544fd75c #0 Not tainted [ 1347.462653][T32518] ----------------------------------------------------- [ 1347.469570][T32518] syz-executor.1/32518 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1347.477628][T32518] ffff888079aa39f0 (&new->fa_lock){...-}-{2:2}, at: kill_fasync+0x19e/0x4d0 [ 1347.486347][T32518] [ 1347.486347][T32518] and this task is already holding: [ 1347.493690][T32518] ffff888078e4e028 (&client->buffer_lock){-.-.}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 1347.503426][T32518] which would create a new lock dependency: [ 1347.509302][T32518] (&client->buffer_lock){-.-.}-{2:2} -> (&new->fa_lock){...-}-{2:2} [ 1347.517406][T32518] [ 1347.517406][T32518] but this new dependency connects a HARDIRQ-irq-safe lock: [ 1347.526839][T32518] (&client->buffer_lock){-.-.}-{2:2} [ 1347.526861][T32518] [ 1347.526861][T32518] ... which became HARDIRQ-irq-safe at: [ 1347.539892][T32518] lock_acquire+0x1ed/0x550 [ 1347.544472][T32518] _raw_spin_lock+0x2e/0x40 [ 1347.549058][T32518] evdev_pass_values+0xf2/0xad0 [ 1347.553990][T32518] evdev_events+0x1c2/0x300 [ 1347.558573][T32518] input_pass_values+0x84d/0x1200 [ 1347.563681][T32518] input_event_dispose+0x36c/0x650 [ 1347.568872][T32518] input_handle_event+0xa71/0xbe0 [ 1347.573973][T32518] input_event+0xa4/0xd0 [ 1347.578299][T32518] hidinput_report_event+0x93/0x100 [ 1347.583573][T32518] hid_report_raw_event+0x165c/0x18a0 [ 1347.589019][T32518] hid_input_report+0x416/0x500 [ 1347.593945][T32518] hid_irq_in+0x4a0/0x6d0 [ 1347.598369][T32518] __usb_hcd_giveback_urb+0x42c/0x6e0 [ 1347.603846][T32518] dummy_timer+0x830/0x45d0 [ 1347.608430][T32518] __hrtimer_run_queues+0x59b/0xd50 [ 1347.613707][T32518] hrtimer_interrupt+0x396/0x990 [ 1347.618724][T32518] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1347.624783][T32518] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1347.630509][T32518] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1347.636570][T32518] lock_acquire+0x264/0x550 [ 1347.641171][T32518] batadv_nc_worker+0xec/0x610 [ 1347.646019][T32518] process_scheduled_works+0xa2c/0x1830 [ 1347.651688][T32518] worker_thread+0x86d/0xd70 [ 1347.656353][T32518] kthread+0x2f0/0x390 [ 1347.660499][T32518] ret_from_fork+0x4b/0x80 [ 1347.664994][T32518] ret_from_fork_asm+0x1a/0x30 [ 1347.669839][T32518] [ 1347.669839][T32518] to a HARDIRQ-irq-unsafe lock: [ 1347.676929][T32518] (tasklist_lock){.+.+}-{2:2} [ 1347.676955][T32518] [ 1347.676955][T32518] ... which became HARDIRQ-irq-unsafe at: [ 1347.689567][T32518] ... [ 1347.689575][T32518] lock_acquire+0x1ed/0x550 [ 1347.696745][T32518] _raw_read_lock+0x36/0x50 [ 1347.701353][T32518] __do_wait+0x12d/0x850 [ 1347.705706][T32518] do_wait+0x1e9/0x560 [ 1347.709879][T32518] kernel_wait+0xe9/0x240 [ 1347.714296][T32518] call_usermodehelper_exec_work+0xbd/0x230 [ 1347.720266][T32518] process_scheduled_works+0xa2c/0x1830 [ 1347.725894][T32518] worker_thread+0x86d/0xd70 [ 1347.730561][T32518] kthread+0x2f0/0x390 [ 1347.734708][T32518] ret_from_fork+0x4b/0x80 [ 1347.739222][T32518] ret_from_fork_asm+0x1a/0x30 [ 1347.744120][T32518] [ 1347.744120][T32518] other info that might help us debug this: [ 1347.744120][T32518] [ 1347.754353][T32518] Chain exists of: [ 1347.754353][T32518] &client->buffer_lock --> &new->fa_lock --> tasklist_lock [ 1347.754353][T32518] [ 1347.767480][T32518] Possible interrupt unsafe locking scenario: [ 1347.767480][T32518] [ 1347.775782][T32518] CPU0 CPU1 [ 1347.781133][T32518] ---- ---- [ 1347.786479][T32518] lock(tasklist_lock); [ 1347.790725][T32518] local_irq_disable(); [ 1347.797468][T32518] lock(&client->buffer_lock); [ 1347.804828][T32518] lock(&new->fa_lock); [ 1347.811574][T32518] [ 1347.815027][T32518] lock(&client->buffer_lock); [ 1347.820035][T32518] [ 1347.820035][T32518] *** DEADLOCK *** [ 1347.820035][T32518] [ 1347.828160][T32518] 7 locks held by syz-executor.1/32518: [ 1347.833683][T32518] #0: ffff888024744110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x272/0x7c0 [ 1347.842817][T32518] #1: ffff88801a3be230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0xc5/0x340 [ 1347.852930][T32518] #2: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xd6/0x340 [ 1347.862583][T32518] #3: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0x9d/0x1200 [ 1347.872231][T32518] #4: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x6f/0x300 [ 1347.881448][T32518] #5: ffff888078e4e028 (&client->buffer_lock){-.-.}-{2:2}, at: evdev_pass_values+0xf2/0xad0 [ 1347.891626][T32518] #6: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x55/0x4d0 [ 1347.900665][T32518] [ 1347.900665][T32518] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 1347.911056][T32518] -> (&client->buffer_lock){-.-.}-{2:2} { [ 1347.916788][T32518] IN-HARDIRQ-W at: [ 1347.920753][T32518] lock_acquire+0x1ed/0x550 [ 1347.926909][T32518] _raw_spin_lock+0x2e/0x40 [ 1347.933066][T32518] evdev_pass_values+0xf2/0xad0 [ 1347.939557][T32518] evdev_events+0x1c2/0x300 [ 1347.945702][T32518] input_pass_values+0x84d/0x1200 [ 1347.952379][T32518] input_event_dispose+0x36c/0x650 [ 1347.959134][T32518] input_handle_event+0xa71/0xbe0 [ 1347.965882][T32518] input_event+0xa4/0xd0 [ 1347.971761][T32518] hidinput_report_event+0x93/0x100 [ 1347.978614][T32518] hid_report_raw_event+0x165c/0x18a0 [ 1347.985626][T32518] hid_input_report+0x416/0x500 [ 1347.992114][T32518] hid_irq_in+0x4a0/0x6d0 [ 1347.998090][T32518] __usb_hcd_giveback_urb+0x42c/0x6e0 [ 1348.005102][T32518] dummy_timer+0x830/0x45d0 [ 1348.011246][T32518] __hrtimer_run_queues+0x59b/0xd50 [ 1348.018092][T32518] hrtimer_interrupt+0x396/0x990 [ 1348.024690][T32518] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1348.032328][T32518] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1348.039608][T32518] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1348.047236][T32518] lock_acquire+0x264/0x550 [ 1348.053383][T32518] batadv_nc_worker+0xec/0x610 [ 1348.059793][T32518] process_scheduled_works+0xa2c/0x1830 [ 1348.066984][T32518] worker_thread+0x86d/0xd70 [ 1348.073232][T32518] kthread+0x2f0/0x390 [ 1348.078950][T32518] ret_from_fork+0x4b/0x80 [ 1348.085011][T32518] ret_from_fork_asm+0x1a/0x30 [ 1348.091426][T32518] IN-SOFTIRQ-W at: [ 1348.095408][T32518] lock_acquire+0x1ed/0x550 [ 1348.101564][T32518] _raw_spin_lock+0x2e/0x40 [ 1348.107711][T32518] evdev_pass_values+0xf2/0xad0 [ 1348.114205][T32518] evdev_events+0x1c2/0x300 [ 1348.120370][T32518] input_pass_values+0x84d/0x1200 [ 1348.127047][T32518] input_event_dispose+0x36c/0x650 [ 1348.133800][T32518] input_handle_event+0xa71/0xbe0 [ 1348.140469][T32518] input_event+0xa4/0xd0 [ 1348.146359][T32518] hidinput_report_event+0x93/0x100 [ 1348.153202][T32518] hid_report_raw_event+0x165c/0x18a0 [ 1348.160218][T32518] hid_input_report+0x416/0x500 [ 1348.166729][T32518] hid_irq_in+0x4a0/0x6d0 [ 1348.172706][T32518] __usb_hcd_giveback_urb+0x42c/0x6e0 [ 1348.179721][T32518] dummy_timer+0x830/0x45d0 [ 1348.185863][T32518] __hrtimer_run_queues+0x59b/0xd50 [ 1348.192710][T32518] hrtimer_interrupt+0x396/0x990 [ 1348.199299][T32518] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1348.206929][T32518] sysvec_apic_timer_interrupt+0x52/0xc0 [ 1348.214207][T32518] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1348.221843][T32518] _raw_spin_unlock_irq+0x29/0x50 [ 1348.228519][T32518] __run_timer_base+0x1c0/0x8e0 [ 1348.235010][T32518] run_timer_softirq+0xb7/0x170 [ 1348.241502][T32518] handle_softirqs+0x2c4/0x970 [ 1348.247911][T32518] __irq_exit_rcu+0xf4/0x1c0 [ 1348.254150][T32518] irq_exit_rcu+0x9/0x30 [ 1348.260028][T32518] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1348.267304][T32518] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1348.274935][T32518] lock_acquire+0x264/0x550 [ 1348.281079][T32518] batadv_nc_worker+0xec/0x610 [ 1348.287486][T32518] process_scheduled_works+0xa2c/0x1830 [ 1348.294667][T32518] worker_thread+0x86d/0xd70 [ 1348.300900][T32518] kthread+0x2f0/0x390 [ 1348.306613][T32518] ret_from_fork+0x4b/0x80 [ 1348.312685][T32518] ret_from_fork_asm+0x1a/0x30 [ 1348.319105][T32518] INITIAL USE at: [ 1348.322989][T32518] lock_acquire+0x1ed/0x550 [ 1348.329045][T32518] _raw_spin_lock+0x2e/0x40 [ 1348.335107][T32518] evdev_handle_get_val+0x67/0x820 [ 1348.341771][T32518] evdev_ioctl_handler+0x135c/0x21b0 [ 1348.348616][T32518] __se_sys_ioctl+0xfc/0x170 [ 1348.354768][T32518] do_syscall_64+0xf3/0x230 [ 1348.360836][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1348.368294][T32518] } [ 1348.370781][T32518] ... key at: [] evdev_open.__key.24+0x0/0x20 [ 1348.378933][T32518] [ 1348.378933][T32518] the dependencies between the lock to be acquired [ 1348.378944][T32518] and HARDIRQ-irq-unsafe lock: [ 1348.392442][T32518] -> (tasklist_lock){.+.+}-{2:2} { [ 1348.397741][T32518] HARDIRQ-ON-R at: [ 1348.401884][T32518] lock_acquire+0x1ed/0x550 [ 1348.408383][T32518] _raw_read_lock+0x36/0x50 [ 1348.414875][T32518] __do_wait+0x12d/0x850 [ 1348.421135][T32518] do_wait+0x1e9/0x560 [ 1348.427203][T32518] kernel_wait+0xe9/0x240 [ 1348.433530][T32518] call_usermodehelper_exec_work+0xbd/0x230 [ 1348.441422][T32518] process_scheduled_works+0xa2c/0x1830 [ 1348.448953][T32518] worker_thread+0x86d/0xd70 [ 1348.455558][T32518] kthread+0x2f0/0x390 [ 1348.461627][T32518] ret_from_fork+0x4b/0x80 [ 1348.468072][T32518] ret_from_fork_asm+0x1a/0x30 [ 1348.474834][T32518] SOFTIRQ-ON-R at: [ 1348.478981][T32518] lock_acquire+0x1ed/0x550 [ 1348.485487][T32518] _raw_read_lock+0x36/0x50 [ 1348.492010][T32518] __do_wait+0x12d/0x850 [ 1348.498249][T32518] do_wait+0x1e9/0x560 [ 1348.504310][T32518] kernel_wait+0xe9/0x240 [ 1348.510665][T32518] call_usermodehelper_exec_work+0xbd/0x230 [ 1348.518561][T32518] process_scheduled_works+0xa2c/0x1830 [ 1348.526140][T32518] worker_thread+0x86d/0xd70 [ 1348.532735][T32518] kthread+0x2f0/0x390 [ 1348.538796][T32518] ret_from_fork+0x4b/0x80 [ 1348.545203][T32518] ret_from_fork_asm+0x1a/0x30 [ 1348.551962][T32518] INITIAL USE at: [ 1348.556018][T32518] lock_acquire+0x1ed/0x550 [ 1348.562449][T32518] _raw_write_lock_irq+0xd3/0x120 [ 1348.569396][T32518] copy_process+0x228b/0x3dc0 [ 1348.575976][T32518] kernel_clone+0x226/0x8f0 [ 1348.582383][T32518] user_mode_thread+0x132/0x1a0 [ 1348.589154][T32518] rest_init+0x23/0x300 [ 1348.595210][T32518] start_kernel+0x47a/0x500 [ 1348.601634][T32518] x86_64_start_reservations+0x2a/0x30 [ 1348.609004][T32518] x86_64_start_kernel+0x99/0xa0 [ 1348.615863][T32518] common_startup_64+0x13e/0x147 [ 1348.622719][T32518] INITIAL READ USE at: [ 1348.627215][T32518] lock_acquire+0x1ed/0x550 [ 1348.634053][T32518] _raw_read_lock+0x36/0x50 [ 1348.640885][T32518] __do_wait+0x12d/0x850 [ 1348.647465][T32518] do_wait+0x1e9/0x560 [ 1348.653868][T32518] kernel_wait+0xe9/0x240 [ 1348.660539][T32518] call_usermodehelper_exec_work+0xbd/0x230 [ 1348.668765][T32518] process_scheduled_works+0xa2c/0x1830 [ 1348.676648][T32518] worker_thread+0x86d/0xd70 [ 1348.683588][T32518] kthread+0x2f0/0x390 [ 1348.689996][T32518] ret_from_fork+0x4b/0x80 [ 1348.696752][T32518] ret_from_fork_asm+0x1a/0x30 [ 1348.703858][T32518] } [ 1348.706515][T32518] ... key at: [] tasklist_lock+0x18/0x40 [ 1348.714399][T32518] ... acquired at: [ 1348.718358][T32518] lock_acquire+0x1ed/0x550 [ 1348.723033][T32518] _raw_read_lock+0x36/0x50 [ 1348.727723][T32518] send_sigurg+0xee/0x3c0 [ 1348.732219][T32518] sk_send_sigurg+0x75/0x2f0 [ 1348.736981][T32518] tcp_check_urg+0x207/0x740 [ 1348.741753][T32518] tcp_urg+0x15c/0x450 [ 1348.745999][T32518] tcp_rcv_established+0xfac/0x2020 [ 1348.751365][T32518] tcp_v6_do_rcv+0xabb/0x13b0 [ 1348.756211][T32518] __release_sock+0x1c8/0x350 [ 1348.761058][T32518] release_sock+0x61/0x1f0 [ 1348.765635][T32518] tcp_sendmsg+0x3a/0x50 [ 1348.770041][T32518] __sock_sendmsg+0xef/0x270 [ 1348.774798][T32518] __sys_sendto+0x3a4/0x4f0 [ 1348.779465][T32518] __x64_sys_sendto+0xde/0x100 [ 1348.784395][T32518] do_syscall_64+0xf3/0x230 [ 1348.789070][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1348.795133][T32518] [ 1348.797457][T32518] -> (&f->f_owner.lock){...-}-{2:2} { [ 1348.802923][T32518] IN-SOFTIRQ-R at: [ 1348.806973][T32518] lock_acquire+0x1ed/0x550 [ 1348.813285][T32518] _raw_read_lock_irqsave+0xdd/0x130 [ 1348.820424][T32518] send_sigurg+0x29/0x3c0 [ 1348.826578][T32518] sk_send_sigurg+0x75/0x2f0 [ 1348.833007][T32518] tcp_check_urg+0x207/0x740 [ 1348.839412][T32518] tcp_urg+0x15c/0x450 [ 1348.845296][T32518] tcp_rcv_established+0xfac/0x2020 [ 1348.852323][T32518] tcp_v4_do_rcv+0x965/0xc60 [ 1348.858731][T32518] tcp_v4_rcv+0x2d90/0x37b0 [ 1348.865045][T32518] ip_protocol_deliver_rcu+0x225/0x430 [ 1348.872315][T32518] ip_local_deliver_finish+0x33f/0x5f0 [ 1348.879588][T32518] NF_HOOK+0x3a4/0x450 [ 1348.885469][T32518] NF_HOOK+0x3a4/0x450 [ 1348.891350][T32518] __netif_receive_skb+0x2bf/0x650 [ 1348.898277][T32518] process_backlog+0x391/0x7d0 [ 1348.904955][T32518] __napi_poll+0xcb/0x490 [ 1348.911118][T32518] net_rx_action+0x7bb/0x10a0 [ 1348.917618][T32518] handle_softirqs+0x2c4/0x970 [ 1348.924206][T32518] run_ksoftirqd+0xca/0x130 [ 1348.930540][T32518] smpboot_thread_fn+0x544/0xa30 [ 1348.937316][T32518] kthread+0x2f0/0x390 [ 1348.943208][T32518] ret_from_fork+0x4b/0x80 [ 1348.949446][T32518] ret_from_fork_asm+0x1a/0x30 [ 1348.956050][T32518] INITIAL USE at: [ 1348.960019][T32518] lock_acquire+0x1ed/0x550 [ 1348.966262][T32518] _raw_write_lock_irq+0xd3/0x120 [ 1348.973023][T32518] f_modown+0x38/0x340 [ 1348.978815][T32518] generic_setlease+0xbdb/0x15a0 [ 1348.985492][T32518] fcntl_setlease+0x404/0x540 [ 1348.991931][T32518] do_fcntl+0x28f/0x1730 [ 1348.997898][T32518] __se_sys_fcntl+0xd2/0x1c0 [ 1349.004226][T32518] do_syscall_64+0xf3/0x230 [ 1349.010464][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.018089][T32518] INITIAL READ USE at: [ 1349.022490][T32518] lock_acquire+0x1ed/0x550 [ 1349.029171][T32518] _raw_read_lock_irqsave+0xdd/0x130 [ 1349.036638][T32518] send_sigio+0x33/0x360 [ 1349.043039][T32518] kill_fasync+0x23a/0x4d0 [ 1349.049613][T32518] sock_wake_async+0x147/0x170 [ 1349.056532][T32518] sock_def_error_report+0x321/0x380 [ 1349.063986][T32518] sk_error_report+0x43/0x2b0 [ 1349.070823][T32518] __mptcp_subflow_error_report+0x37e/0x490 [ 1349.078885][T32518] __mptcp_error_report+0xa6/0x100 [ 1349.086156][T32518] mptcp_release_cb+0xa14/0xb30 [ 1349.093200][T32518] release_sock+0x1aa/0x1f0 [ 1349.099865][T32518] sk_stream_wait_memory+0x762/0xfa0 [ 1349.107358][T32518] mptcp_sendmsg+0x10cb/0x1b10 [ 1349.114289][T32518] __sock_sendmsg+0x1a6/0x270 [ 1349.121146][T32518] ____sys_sendmsg+0x525/0x7d0 [ 1349.128079][T32518] __sys_sendmsg+0x2b0/0x3a0 [ 1349.134838][T32518] do_syscall_64+0xf3/0x230 [ 1349.141514][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.149595][T32518] } [ 1349.152172][T32518] ... key at: [] init_file.__key+0x0/0x20 [ 1349.160070][T32518] ... acquired at: [ 1349.163956][T32518] lock_acquire+0x1ed/0x550 [ 1349.168631][T32518] _raw_read_lock_irqsave+0xdd/0x130 [ 1349.174080][T32518] send_sigio+0x33/0x360 [ 1349.178498][T32518] kill_fasync+0x23a/0x4d0 [ 1349.183157][T32518] sock_wake_async+0x147/0x170 [ 1349.188151][T32518] sock_def_error_report+0x321/0x380 [ 1349.193609][T32518] sk_error_report+0x43/0x2b0 [ 1349.198450][T32518] __mptcp_subflow_error_report+0x37e/0x490 [ 1349.204506][T32518] __mptcp_error_report+0xa6/0x100 [ 1349.209799][T32518] mptcp_release_cb+0xa14/0xb30 [ 1349.214815][T32518] release_sock+0x1aa/0x1f0 [ 1349.219481][T32518] sk_stream_wait_memory+0x762/0xfa0 [ 1349.224937][T32518] mptcp_sendmsg+0x10cb/0x1b10 [ 1349.229870][T32518] __sock_sendmsg+0x1a6/0x270 [ 1349.234729][T32518] ____sys_sendmsg+0x525/0x7d0 [ 1349.239687][T32518] __sys_sendmsg+0x2b0/0x3a0 [ 1349.244450][T32518] do_syscall_64+0xf3/0x230 [ 1349.249121][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.255190][T32518] [ 1349.257501][T32518] -> (&new->fa_lock){...-}-{2:2} { [ 1349.262616][T32518] IN-SOFTIRQ-R at: [ 1349.266582][T32518] lock_acquire+0x1ed/0x550 [ 1349.272743][T32518] _raw_read_lock_irqsave+0xdd/0x130 [ 1349.279669][T32518] kill_fasync+0x19e/0x4d0 [ 1349.285729][T32518] sock_wake_async+0x147/0x170 [ 1349.292133][T32518] sk_stream_write_space+0x3ce/0x5a0 [ 1349.299070][T32518] smc_fback_forward_wakeup+0x20a/0x590 [ 1349.306266][T32518] smc_fback_write_space+0x94/0xb0 [ 1349.313032][T32518] tcp_check_space+0x657/0xb00 [ 1349.319454][T32518] tcp_write_xmit+0x18db/0x69d0 [ 1349.325946][T32518] __tcp_push_pending_frames+0x9b/0x360 [ 1349.333162][T32518] tcp_rcv_established+0x1023/0x2020 [ 1349.340102][T32518] tcp_v4_do_rcv+0x965/0xc60 [ 1349.346363][T32518] tcp_v4_rcv+0x2d90/0x37b0 [ 1349.352511][T32518] ip_protocol_deliver_rcu+0x225/0x430 [ 1349.359618][T32518] ip_local_deliver_finish+0x33f/0x5f0 [ 1349.366738][T32518] NF_HOOK+0x3a4/0x450 [ 1349.372452][T32518] NF_HOOK+0x3a4/0x450 [ 1349.378226][T32518] __netif_receive_skb+0x2bf/0x650 [ 1349.384993][T32518] process_backlog+0x391/0x7d0 [ 1349.391408][T32518] __napi_poll+0xcb/0x490 [ 1349.397387][T32518] net_rx_action+0x7bb/0x10a0 [ 1349.403708][T32518] handle_softirqs+0x2c4/0x970 [ 1349.410109][T32518] do_softirq+0x11b/0x1e0 [ 1349.416090][T32518] __local_bh_enable_ip+0x1bb/0x200 [ 1349.422959][T32518] tcp_sendmsg+0x3a/0x50 [ 1349.428847][T32518] __sock_sendmsg+0x1a6/0x270 [ 1349.435173][T32518] __sys_sendto+0x3a4/0x4f0 [ 1349.441342][T32518] __x64_sys_sendto+0xde/0x100 [ 1349.447754][T32518] do_syscall_64+0xf3/0x230 [ 1349.453901][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.461444][T32518] INITIAL USE at: [ 1349.465338][T32518] lock_acquire+0x1ed/0x550 [ 1349.471410][T32518] _raw_write_lock_irq+0xd3/0x120 [ 1349.477985][T32518] fasync_remove_entry+0xff/0x1d0 [ 1349.484587][T32518] sock_fasync+0x8a/0x100 [ 1349.490568][T32518] __fput+0x745/0x8b0 [ 1349.496108][T32518] task_work_run+0x24f/0x310 [ 1349.502260][T32518] syscall_exit_to_user_mode+0x168/0x370 [ 1349.509454][T32518] do_syscall_64+0x100/0x230 [ 1349.515603][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.523053][T32518] INITIAL READ USE at: [ 1349.527369][T32518] lock_acquire+0x1ed/0x550 [ 1349.533872][T32518] _raw_read_lock_irqsave+0xdd/0x130 [ 1349.541163][T32518] kill_fasync+0x19e/0x4d0 [ 1349.547573][T32518] sock_wake_async+0x147/0x170 [ 1349.554331][T32518] sock_def_error_report+0x321/0x380 [ 1349.561607][T32518] sk_error_report+0x43/0x2b0 [ 1349.568269][T32518] __mptcp_subflow_error_report+0x37e/0x490 [ 1349.576178][T32518] __mptcp_error_report+0xa6/0x100 [ 1349.583277][T32518] mptcp_release_cb+0xa14/0xb30 [ 1349.590119][T32518] release_sock+0x1aa/0x1f0 [ 1349.596611][T32518] sk_stream_wait_memory+0x762/0xfa0 [ 1349.603892][T32518] mptcp_sendmsg+0x10cb/0x1b10 [ 1349.610652][T32518] __sock_sendmsg+0x1a6/0x270 [ 1349.617335][T32518] ____sys_sendmsg+0x525/0x7d0 [ 1349.624084][T32518] __sys_sendmsg+0x2b0/0x3a0 [ 1349.630663][T32518] do_syscall_64+0xf3/0x230 [ 1349.637156][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.645053][T32518] } [ 1349.647572][T32518] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1349.656236][T32518] ... acquired at: [ 1349.660019][T32518] lock_acquire+0x1ed/0x550 [ 1349.664678][T32518] _raw_read_lock_irqsave+0xdd/0x130 [ 1349.670122][T32518] kill_fasync+0x19e/0x4d0 [ 1349.674706][T32518] evdev_pass_values+0x58a/0xad0 [ 1349.679812][T32518] evdev_events+0x1c2/0x300 [ 1349.684478][T32518] input_pass_values+0x84d/0x1200 [ 1349.689661][T32518] input_event_dispose+0x36c/0x650 [ 1349.694941][T32518] input_handle_event+0xa71/0xbe0 [ 1349.700146][T32518] input_inject_event+0x22f/0x340 [ 1349.705356][T32518] evdev_write+0x672/0x7c0 [ 1349.709941][T32518] vfs_write+0x2a2/0xc90 [ 1349.714346][T32518] ksys_write+0x1a0/0x2c0 [ 1349.718835][T32518] do_syscall_64+0xf3/0x230 [ 1349.723503][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.729560][T32518] [ 1349.731882][T32518] [ 1349.731882][T32518] stack backtrace: [ 1349.737754][T32518] CPU: 1 PID: 32518 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00164-g66cc544fd75c #0 [ 1349.748238][T32518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1349.758282][T32518] Call Trace: [ 1349.761565][T32518] [ 1349.764481][T32518] dump_stack_lvl+0x241/0x360 [ 1349.769177][T32518] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1349.774375][T32518] ? __pfx__printk+0x10/0x10 [ 1349.778963][T32518] ? print_shortest_lock_dependencies+0xf2/0x160 [ 1349.785279][T32518] validate_chain+0x4de0/0x5900 [ 1349.790166][T32518] ? mark_lock+0x9a/0x350 [ 1349.794507][T32518] ? __pfx_validate_chain+0x10/0x10 [ 1349.799707][T32518] ? rcu_is_watching+0x15/0xb0 [ 1349.804463][T32518] ? __pfx_validate_chain+0x10/0x10 [ 1349.809651][T32518] ? trace_pelt_se_tp+0x3d/0x140 [ 1349.814585][T32518] ? register_lock_class+0x102/0x980 [ 1349.819862][T32518] ? __pfx_register_lock_class+0x10/0x10 [ 1349.825496][T32518] ? look_up_lock_class+0x77/0x160 [ 1349.830605][T32518] ? mark_lock+0x9a/0x350 [ 1349.834923][T32518] __lock_acquire+0x1346/0x1fd0 [ 1349.839768][T32518] lock_acquire+0x1ed/0x550 [ 1349.844259][T32518] ? kill_fasync+0x19e/0x4d0 [ 1349.848840][T32518] ? __pfx_lock_acquire+0x10/0x10 [ 1349.853861][T32518] ? __pfx_lock_acquire+0x10/0x10 [ 1349.858878][T32518] _raw_read_lock_irqsave+0xdd/0x130 [ 1349.864153][T32518] ? kill_fasync+0x19e/0x4d0 [ 1349.868748][T32518] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1349.874633][T32518] kill_fasync+0x19e/0x4d0 [ 1349.879039][T32518] ? kill_fasync+0x55/0x4d0 [ 1349.883530][T32518] evdev_pass_values+0x58a/0xad0 [ 1349.888456][T32518] ? evdev_pass_values+0x531/0xad0 [ 1349.893567][T32518] evdev_events+0x1c2/0x300 [ 1349.898076][T32518] ? evdev_events+0x6f/0x300 [ 1349.902685][T32518] ? __pfx_evdev_events+0x10/0x10 [ 1349.907704][T32518] input_pass_values+0x84d/0x1200 [ 1349.912723][T32518] ? input_pass_values+0x9d/0x1200 [ 1349.917822][T32518] input_event_dispose+0x36c/0x650 [ 1349.922927][T32518] input_handle_event+0xa71/0xbe0 [ 1349.927948][T32518] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 1349.933407][T32518] ? __pfx_input_handle_event+0x10/0x10 [ 1349.938953][T32518] input_inject_event+0x22f/0x340 [ 1349.943967][T32518] ? input_inject_event+0xd6/0x340 [ 1349.949074][T32518] evdev_write+0x672/0x7c0 [ 1349.953493][T32518] ? __pfx_evdev_write+0x10/0x10 [ 1349.958422][T32518] ? bpf_lsm_file_permission+0x9/0x10 [ 1349.963781][T32518] ? security_file_permission+0x7f/0xa0 [ 1349.969333][T32518] ? rw_verify_area+0x1d2/0x6b0 [ 1349.974171][T32518] ? __pfx_evdev_write+0x10/0x10 [ 1349.979096][T32518] vfs_write+0x2a2/0xc90 [ 1349.983338][T32518] ? __pfx_vfs_write+0x10/0x10 [ 1349.988090][T32518] ? do_futex+0x33b/0x560 [ 1349.992429][T32518] ? __fget_files+0x29/0x470 [ 1349.997015][T32518] ? __fget_files+0x3f6/0x470 [ 1350.001685][T32518] ? __fget_files+0x29/0x470 [ 1350.006273][T32518] ksys_write+0x1a0/0x2c0 [ 1350.010596][T32518] ? __pfx_ksys_write+0x10/0x10 [ 1350.015433][T32518] ? do_syscall_64+0x100/0x230 [ 1350.020188][T32518] ? do_syscall_64+0xb6/0x230 [ 1350.024860][T32518] do_syscall_64+0xf3/0x230 [ 1350.029361][T32518] ? clear_bhb_loop+0x35/0x90 [ 1350.034041][T32518] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1350.039945][T32518] RIP: 0033:0x7fc22be7d0a9 [ 1350.044364][T32518] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 1350.064007][T32518] RSP: 002b:00007fc22cbf90c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1350.072412][T32518] RAX: ffffffffffffffda RBX: 00007fc22bfb3f80 RCX: 00007fc22be7d0a9 [ 1350.080378][T32518] RDX: 0000000000002778 RSI: 0000000020000040 RDI: 0000000000000005 [ 1350.088335][T32518] RBP: 00007fc22beec074 R08: 0000000000000000 R09: 0000000000000000 [ 1350.096303][T32518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1350.104281][T32518] R13: 000000000000000b R14: 00007fc22bfb3f80 R15: 00007fc22c0dfaa8 [ 1350.112254][T32518] [ 1350.133649][ T3701] veth1_macvtap: left promiscuous mode [ 1350.136519][ T5113] Bluetooth: hci6: command tx timeout 2024/06/21 22:34:54 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 1350.220401][ T3701] veth0_macvtap: left promiscuous mode [ 1350.261774][ T3701] veth1_vlan: left promiscuous mode [ 1350.293814][ T3701] veth0_vlan: left promiscuous mode