last executing test programs: 4.407523839s ago: executing program 2 (id=414): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020800000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd800000001a4824030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0xffffff58, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x2, 0x3, 0x80c}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0xffffffffffffff94, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x1}}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x20, 0x83, 0x2, "5b9e"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f0000000880)=ANY=[@ANYBLOB="40121c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.140294516s ago: executing program 0 (id=440): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x292e, r0}, 0x0) landlock_restrict_self(r1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x0) 2.075652627s ago: executing program 2 (id=441): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x2000000b}) 1.915092491s ago: executing program 0 (id=444): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000000)="d1", 0x1, 0x24004000, &(0x7f0000000100)={0xa, 0x4e24, 0x7f, @remote, 0x5}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0x82, &(0x7f00000000c0)={0x7, 0xfff, 0x8003, 0x0, 0x3, 0xb3, 0x7, 0x3}, &(0x7f0000000180)=0x20) 1.789505198s ago: executing program 2 (id=447): bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0500"/11, @ANYRES32, @ANYBLOB="25604e821f6b31dd33221ab890db4b6e1b25a54474b34f5996bab95155f10adc0f7b1439e0f2efbac8aa01db4bb474c0582c1020fbd6193a581549b127e6180309260ac96ec6"], 0x10) r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8) sendmsg$sock(r0, &(0x7f0000001540)={&(0x7f0000000500)=@pppoe={0x2a, 0x0, {0x0, @local, 'nicvf0\x00'}}, 0x80, 0x0}, 0x0) 1.671638032s ago: executing program 3 (id=448): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x18, &(0x7f0000000100)=0xc, 0x4) r1 = socket(0x1, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f00000001c0)="ff008400e01980000200977635e4e79cd34c0000000800890800348157b1115c4f94454c0600e5c16c92063d5dae253089f3419235f1a43c89962cc88d125ebe9ac8ed6f12a4beb57268b178e40c596607a0eab9d4c45506422da1bb64dc8a7879a155bf33a13de86e58347d96eb4ea1ee0ac55d3ed9cf861e20d60e6893fe61681e5a9d1056a39f6db6573f58e9c2e1", 0x90, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 1.63365408s ago: executing program 4 (id=449): sendmsg$AUDIT_USER(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000044}, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xffffffffffffff8a}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 1.581107931s ago: executing program 2 (id=451): bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001800)={&(0x7f00000017c0)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0) mount(0x0, &(0x7f0000000240)='./bus\x00', &(0x7f0000000040)='smb3\x00', 0x0, &(0x7f00000000c0)='rdma') 1.444591508s ago: executing program 3 (id=452): openat$bsg(0xffffff9c, &(0x7f0000004380), 0x8c00, 0x0) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x3, 0x400, 0x3, 0x4}, &(0x7f0000000340)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1.412997847s ago: executing program 1 (id=453): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='batadv0\x00', 0x10) sendto$inet6(r0, &(0x7f0000000180)="83470239b8ddb515367e91f1e5b7085990000000000000e5", 0x18, 0x0, 0x0, 0x0) 1.321494978s ago: executing program 2 (id=454): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0a000000040000000400000002"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) eventfd2(0x0, 0x0) 1.266552292s ago: executing program 4 (id=455): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0xc, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000300)='mm_collapse_huge_page_isolate\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) 1.208125655s ago: executing program 1 (id=456): mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000180)='proc\x00', 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) getdents64(r0, 0x0, 0x0) 1.205617131s ago: executing program 3 (id=457): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d40), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d80)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r1, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000e80)={&(0x7f0000000dc0)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0xc000) 1.097589742s ago: executing program 2 (id=458): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x401) syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) 983.135393ms ago: executing program 1 (id=459): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x34, r3, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0x4886) 897.382977ms ago: executing program 4 (id=460): r0 = fsopen(&(0x7f0000000080)='vxfs\x00', 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x8, 0x0, 0x0, 0x0) r2 = dup(r1) fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f0000000100)='\'\'@@^\x00', &(0x7f0000000140)='./file0\x00', r2) 837.562229ms ago: executing program 3 (id=461): set_mempolicy(0x3, &(0x7f0000000040)=0x401, 0x8) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r0 = syz_io_uring_setup(0x1114, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x21e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0) 837.129105ms ago: executing program 0 (id=462): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0) 701.024081ms ago: executing program 4 (id=463): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = syz_open_dev$radio(&(0x7f0000004100), 0x0, 0x2) r1 = epoll_create(0x6) r2 = dup3(r0, r1, 0x0) read$FUSE(r2, &(0x7f0000002080)={0x2020}, 0x2020) 673.519835ms ago: executing program 1 (id=464): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x2000000b}) 619.137387ms ago: executing program 0 (id=465): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 445.574572ms ago: executing program 4 (id=466): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000140)="f7", 0x1}], 0x1}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000040)=0x1000000, 0x4) 445.21522ms ago: executing program 3 (id=467): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f00000000c0)={[{@dyn}]}) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000240)='./file0\x00', 0x8c7) umount2(&(0x7f0000000040)='./file0\x00', 0xb) 444.918522ms ago: executing program 1 (id=468): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000002e80)={{r0, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000680)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r1, 0xffffffffffffffff}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x1c, &(0x7f00000003c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}], {{0x6, 0x1, 0xd, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)="9e36d448b388dd965f7a3312779a", 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50) 366.34139ms ago: executing program 0 (id=469): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x24, r2, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}]}]}]}, 0x24}}, 0x0) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x2c, r2, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6b32}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 1.218055ms ago: executing program 3 (id=470): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 848.34µs ago: executing program 4 (id=471): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4) sendmsg$can_raw(r2, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r1}, 0x10, &(0x7f0000000880)={&(0x7f0000000840)=@can={{}, 0x0, 0x0, 0x0, 0x0, "ded27feeba7ca62a"}, 0x10}}, 0x0) 174.598µs ago: executing program 0 (id=472): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r1, 0x11, 0x1, &(0x7f0000000000)=0x507, 0x4) sendmmsg$inet(r1, &(0x7f0000005d40)=[{{&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="10000000000000000000c0"], 0x10}}], 0x1, 0x2000c044) sendfile(r1, r0, 0x0, 0x20000023893) 0s ago: executing program 1 (id=473): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe) mount(0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)='gquota\x00\x00') r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f91", 0xc1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts. [ 74.546249][ T5811] cgroup: Unknown subsys name 'net' [ 74.628801][ T5811] cgroup: Unknown subsys name 'cpuset' [ 74.636900][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.153317][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.906251][ T5828] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.919518][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.927506][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.935684][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.943179][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.952636][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.960235][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.970856][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.970967][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.978538][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.986398][ T5841] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.995698][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.005985][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.014099][ T5832] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.021693][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.030743][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.038575][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.044584][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.046281][ T5832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.053502][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.060529][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.067334][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.076548][ T5826] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 80.083446][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.088615][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.095692][ T5843] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.109137][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.117598][ T5826] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.126474][ T5138] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.133984][ T5138] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.543275][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 80.629240][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 80.670284][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 80.758976][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 80.804894][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 80.814590][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.823381][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.833097][ T5830] bridge_slave_0: entered allmulticast mode [ 80.840787][ T5830] bridge_slave_0: entered promiscuous mode [ 80.850387][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.857708][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.864862][ T5830] bridge_slave_1: entered allmulticast mode [ 80.871844][ T5830] bridge_slave_1: entered promiscuous mode [ 81.002699][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.012391][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.023417][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.031354][ T5821] bridge_slave_0: entered allmulticast mode [ 81.038638][ T5821] bridge_slave_0: entered promiscuous mode [ 81.050010][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.057264][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.064413][ T5824] bridge_slave_0: entered allmulticast mode [ 81.071798][ T5824] bridge_slave_0: entered promiscuous mode [ 81.083811][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.093192][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.100737][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.112588][ T5821] bridge_slave_1: entered allmulticast mode [ 81.120261][ T5821] bridge_slave_1: entered promiscuous mode [ 81.153459][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.160778][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.168103][ T5824] bridge_slave_1: entered allmulticast mode [ 81.174846][ T5824] bridge_slave_1: entered promiscuous mode [ 81.229786][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.242545][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.249883][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.257135][ T5829] bridge_slave_0: entered allmulticast mode [ 81.263778][ T5829] bridge_slave_0: entered promiscuous mode [ 81.282186][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.306979][ T5830] team0: Port device team_slave_0 added [ 81.314477][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.328397][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.335769][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.343014][ T5829] bridge_slave_1: entered allmulticast mode [ 81.350515][ T5829] bridge_slave_1: entered promiscuous mode [ 81.359339][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.371642][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.378862][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.386387][ T5835] bridge_slave_0: entered allmulticast mode [ 81.393063][ T5835] bridge_slave_0: entered promiscuous mode [ 81.401671][ T5830] team0: Port device team_slave_1 added [ 81.442092][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.449526][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.457175][ T5835] bridge_slave_1: entered allmulticast mode [ 81.463912][ T5835] bridge_slave_1: entered promiscuous mode [ 81.502135][ T5821] team0: Port device team_slave_0 added [ 81.519083][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.551791][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.558850][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.584976][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.599352][ T5821] team0: Port device team_slave_1 added [ 81.607054][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.619084][ T5824] team0: Port device team_slave_0 added [ 81.635885][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.653880][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.660918][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.686905][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.707006][ T5824] team0: Port device team_slave_1 added [ 81.729532][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.750798][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.758121][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.784554][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.809076][ T5829] team0: Port device team_slave_0 added [ 81.831905][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.842501][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.869174][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.896383][ T5829] team0: Port device team_slave_1 added [ 81.902549][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.909607][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.936046][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.949119][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.956493][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.983258][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.006975][ T5835] team0: Port device team_slave_0 added [ 82.037337][ T5835] team0: Port device team_slave_1 added [ 82.048076][ T5830] hsr_slave_0: entered promiscuous mode [ 82.054293][ T5830] hsr_slave_1: entered promiscuous mode [ 82.073181][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.080234][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.106392][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.119231][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.126264][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.152214][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.196344][ T5828] Bluetooth: hci1: command tx timeout [ 82.196349][ T5138] Bluetooth: hci3: command tx timeout [ 82.196798][ T5828] Bluetooth: hci2: command tx timeout [ 82.202197][ T5138] Bluetooth: hci0: command tx timeout [ 82.207958][ T56] Bluetooth: hci4: command tx timeout [ 82.248717][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.257344][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.284897][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.297639][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.304697][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.330749][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.346774][ T5821] hsr_slave_0: entered promiscuous mode [ 82.352924][ T5821] hsr_slave_1: entered promiscuous mode [ 82.359162][ T5821] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.367023][ T5821] Cannot create hsr debugfs directory [ 82.376320][ T5824] hsr_slave_0: entered promiscuous mode [ 82.382483][ T5824] hsr_slave_1: entered promiscuous mode [ 82.388899][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.397352][ T5824] Cannot create hsr debugfs directory [ 82.468783][ T5829] hsr_slave_0: entered promiscuous mode [ 82.475115][ T5829] hsr_slave_1: entered promiscuous mode [ 82.481786][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.489675][ T5829] Cannot create hsr debugfs directory [ 82.579636][ T5835] hsr_slave_0: entered promiscuous mode [ 82.586308][ T5835] hsr_slave_1: entered promiscuous mode [ 82.593477][ T5835] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.602563][ T5835] Cannot create hsr debugfs directory [ 82.911692][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.923588][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.936729][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.961767][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.005586][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.022667][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.044232][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.070007][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.096577][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.119591][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.147257][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.161360][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.224034][ T5824] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 83.252391][ T5824] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 83.264829][ T5824] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 83.275058][ T5824] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 83.354247][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.371721][ T5835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.391850][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.404393][ T5835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.420677][ T5835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.433250][ T5835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.456954][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.491406][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.508749][ T3557] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.516079][ T3557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.546898][ T3557] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.554025][ T3557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.580991][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.611588][ T4531] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.619244][ T4531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.641010][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.679073][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.686190][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.749772][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.757006][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.788482][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.808687][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.815876][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.854015][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.899233][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.954105][ T4921] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.961269][ T4921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.972481][ T4921] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.979606][ T4921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.993120][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.019538][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.026708][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.051175][ T5829] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 84.061867][ T5829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 84.088011][ T2957] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.095158][ T2957] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.242790][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.275819][ T56] Bluetooth: hci0: command tx timeout [ 84.285843][ T56] Bluetooth: hci4: command tx timeout [ 84.291304][ T56] Bluetooth: hci2: command tx timeout [ 84.293076][ T5138] Bluetooth: hci3: command tx timeout [ 84.297883][ T56] Bluetooth: hci1: command tx timeout [ 84.433684][ T5821] veth0_vlan: entered promiscuous mode [ 84.492734][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.522295][ T5821] veth1_vlan: entered promiscuous mode [ 84.563512][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.644004][ T5821] veth0_macvtap: entered promiscuous mode [ 84.662743][ T5830] veth0_vlan: entered promiscuous mode [ 84.678330][ T5821] veth1_macvtap: entered promiscuous mode [ 84.707411][ T5830] veth1_vlan: entered promiscuous mode [ 84.725031][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.741406][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.753435][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.782260][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.802916][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.814926][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.827401][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.860131][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.902567][ T5829] veth0_vlan: entered promiscuous mode [ 84.941504][ T5830] veth0_macvtap: entered promiscuous mode [ 84.973187][ T5829] veth1_vlan: entered promiscuous mode [ 84.994004][ T5830] veth1_macvtap: entered promiscuous mode [ 85.055656][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.067167][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.081585][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.110667][ T5835] veth0_vlan: entered promiscuous mode [ 85.122614][ T4921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.140194][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.151260][ T4921] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.153148][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.170286][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.221817][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.232000][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.232575][ T4531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.244012][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.253738][ T4531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.265787][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.284408][ T5835] veth1_vlan: entered promiscuous mode [ 85.292885][ T5829] veth0_macvtap: entered promiscuous mode [ 85.317980][ T5829] veth1_macvtap: entered promiscuous mode [ 85.374215][ T5824] veth0_vlan: entered promiscuous mode [ 85.384543][ T5835] veth0_macvtap: entered promiscuous mode [ 85.414378][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.428487][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 85.435460][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.454258][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.464807][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.478161][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.502507][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.515115][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.525086][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.544018][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.556739][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.603149][ T5835] veth1_macvtap: entered promiscuous mode [ 85.632203][ T5824] veth1_vlan: entered promiscuous mode [ 85.657485][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.668266][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.684604][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.696527][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.709574][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.721002][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.732586][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.747896][ T5829] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.758759][ T5829] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.768913][ T5829] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.782149][ T5829] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.823950][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.843544][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.868643][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.896086][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.906023][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.916583][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.926550][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.937270][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.949098][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.993914][ T5835] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.015451][ T5835] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.024233][ T5835] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.038984][ T5835] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.065478][ T4921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.073713][ T4921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.083251][ T5824] veth0_macvtap: entered promiscuous mode [ 86.107425][ T5824] veth1_macvtap: entered promiscuous mode [ 86.186326][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.212672][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.223596][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.241267][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.251450][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.267111][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.291700][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.315537][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.329586][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.356988][ T5828] Bluetooth: hci0: command tx timeout [ 86.357264][ T5138] Bluetooth: hci3: command tx timeout [ 86.362437][ T56] Bluetooth: hci1: command tx timeout [ 86.367963][ T5843] Bluetooth: hci2: command tx timeout [ 86.373189][ T5828] Bluetooth: hci4: command tx timeout [ 86.422029][ T1310] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.427598][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.434171][ T1310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.455038][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.469394][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.482899][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.500289][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.513278][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.533576][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.544770][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.562629][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.576817][ T5912] batadv0: entered promiscuous mode [ 86.583255][ T5912] batadv_slave_0: entered promiscuous mode [ 86.589689][ T5912] batadv_slave_0: left promiscuous mode [ 86.596111][ T5912] batadv0: left promiscuous mode [ 86.666997][ T5824] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.704544][ T5824] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.720643][ T5824] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.745442][ T5824] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.797979][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.834346][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.919036][ T10] cfg80211: failed to load regulatory.db [ 86.949943][ T4921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.972167][ T4921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.015630][ T4531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.025798][ T4531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.103912][ T1310] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.153660][ T1310] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.222161][ T1310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.239237][ T1310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.489244][ T5932] input: syz0 as /devices/virtual/input/input5 [ 88.435819][ T56] Bluetooth: hci2: command tx timeout [ 88.442887][ T5826] Bluetooth: hci0: command tx timeout [ 88.448884][ T5138] Bluetooth: hci4: command tx timeout [ 88.448926][ T5138] Bluetooth: hci1: command tx timeout [ 88.460883][ T5828] Bluetooth: hci3: command tx timeout [ 89.178257][ T5963] syz.0.20 uses obsolete (PF_INET,SOCK_PACKET) [ 89.270236][ T5956] netlink: 24 bytes leftover after parsing attributes in process `syz.4.17'. [ 89.629500][ T5972] random: crng reseeded on system resumption [ 89.924362][ T5980] loop2: detected capacity change from 0 to 7 [ 89.939972][ T5980] Dev loop2: unable to read RDB block 7 [ 89.945963][ T5980] loop2: unable to read partition table [ 89.951880][ T5980] loop2: partition table beyond EOD, truncated [ 89.958934][ T5980] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 90.188188][ T5972] Restarting kernel threads ... done. [ 90.282431][ T5986] ======================================================= [ 90.282431][ T5986] WARNING: The mand mount option has been deprecated and [ 90.282431][ T5986] and is ignored by this kernel. Remove the mand [ 90.282431][ T5986] option from the mount to silence this warning. [ 90.282431][ T5986] ======================================================= [ 90.350381][ T5986] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 90.366632][ T5986] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 90.382497][ T5986] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 91.578980][ T6019] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.695740][ T5877] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 91.884565][ T5877] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 91.929256][ T5877] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 91.966944][ T5877] usb 2-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9 [ 91.975097][ T5877] usb 2-1: Manufacturer: syz [ 91.999986][ T5877] usb 2-1: SerialNumber: syz [ 92.037476][ T5877] usb 2-1: config 0 descriptor?? [ 92.116266][ T6036] loop9: detected capacity change from 0 to 7 [ 92.124804][ T6036] Dev loop9: unable to read RDB block 7 [ 92.132403][ T6036] loop9: unable to read partition table [ 92.139510][ T6036] loop9: partition table beyond EOD, truncated [ 92.146540][ T6036] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 92.215521][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.284673][ T5875] usb 2-1: USB disconnect, device number 2 [ 92.316410][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.368074][ T6039] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.398050][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 92.444559][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 92.464041][ T10] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 92.493122][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 92.563623][ T10] usb 4-1: SerialNumber: syz [ 92.888486][ T10] usb 4-1: 0:2 : does not exist [ 92.911217][ T10] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 92.974027][ T10] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 93.028397][ T10] usb 4-1: USB disconnect, device number 2 [ 93.077443][ T6047] warning: `syz.1.52' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 93.339132][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 93.600437][ T6059] overlayfs: workdir and upperdir must reside under the same mount [ 93.881651][ T5877] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 94.067251][ T5877] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 94.089672][ T5877] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 94.125712][ T5877] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 94.155932][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.185427][ T5877] usb 4-1: Product: syz [ 94.189794][ T5877] usb 4-1: Manufacturer: syz [ 94.194425][ T5877] usb 4-1: SerialNumber: syz [ 94.282166][ T6073] netlink: 4 bytes leftover after parsing attributes in process `syz.0.64'. [ 94.325297][ T6077] syzkaller1: entered promiscuous mode [ 94.336189][ T6077] syzkaller1: entered allmulticast mode [ 94.438223][ T5877] usb 4-1: 0:2 : does not exist [ 94.456605][ T5877] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 94.522605][ T5877] usb 4-1: USB disconnect, device number 3 [ 94.714644][ T5876] kernel write not supported for file /media3 (pid: 5876 comm: kworker/0:6) [ 94.745825][ T5825] udevd[5825]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 95.006457][ T5878] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 95.192483][ T5878] usb 2-1: Using ep0 maxpacket: 16 [ 95.217608][ T5878] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 95.262813][ T5878] usb 2-1: config 0 has no interface number 0 [ 95.278060][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.0.80'. [ 95.297363][ T5878] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 95.325078][ T5878] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 95.351791][ T5878] usb 2-1: config 0 interface 41 has no altsetting 0 [ 95.389025][ T5878] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 95.409719][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.426020][ T5878] usb 2-1: Product: syz [ 95.430386][ T5878] usb 2-1: Manufacturer: syz [ 95.435045][ T5878] usb 2-1: SerialNumber: syz [ 95.468732][ T5878] usb 2-1: config 0 descriptor?? [ 95.492271][ T6088] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.524039][ T6088] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.628610][ T876] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 95.774621][ T6088] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.784427][ T6088] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.800145][ T6124] input: syz0 as /devices/virtual/input/input6 [ 95.831277][ T876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.842615][ T6124] input: failed to attach handler leds to device input6, error: -6 [ 95.851496][ T876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.867126][ T876] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 95.895400][ T876] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 95.904560][ T876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.921164][ T876] usb 5-1: config 0 descriptor?? [ 95.926520][ T30] audit: type=1326 audit(1742195856.686:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 95.948357][ T30] audit: type=1326 audit(1742195856.706:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 95.969476][ C1] vkms_vblank_simulate: vblank timer overrun [ 96.047693][ T30] audit: type=1326 audit(1742195856.706:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.068835][ C1] vkms_vblank_simulate: vblank timer overrun [ 96.085320][ T30] audit: type=1326 audit(1742195856.706:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.200195][ T30] audit: type=1326 audit(1742195856.706:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.273820][ T30] audit: type=1326 audit(1742195856.706:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.345440][ T30] audit: type=1326 audit(1742195856.706:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.366598][ C1] vkms_vblank_simulate: vblank timer overrun [ 96.406068][ T876] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 96.423834][ T30] audit: type=1326 audit(1742195856.716:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.473850][ T30] audit: type=1326 audit(1742195856.716:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.506340][ T30] audit: type=1326 audit(1742195856.716:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6126 comm="syz.3.89" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f135938d169 code=0x7ffc0000 [ 96.507738][ T876] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 96.624853][ T5878] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 96.650161][ T5878] usb 2-1: USB disconnect, device number 3 [ 96.676296][ T5902] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 96.697543][ T876] usb 5-1: USB disconnect, device number 2 [ 96.836970][ T5902] usb 1-1: Using ep0 maxpacket: 32 [ 96.859769][ T5902] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 96.879565][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 96.896509][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 96.908464][ T5902] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 96.928161][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.950878][ T5902] usb 1-1: config 0 descriptor?? [ 96.966031][ T6137] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 96.981007][ T5902] hub 1-1:0.0: USB hub found [ 97.201836][ T5902] hub 1-1:0.0: 1 port detected [ 97.424625][ T5902] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 97.435409][ T5902] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 97.475101][ T5902] usbhid 1-1:0.0: can't add hid device: -71 [ 97.493947][ T5902] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 97.553825][ T6163] loop9: detected capacity change from 0 to 8 [ 97.554735][ T5902] usb 1-1: USB disconnect, device number 2 [ 97.588746][ T6163] Dev loop9: unable to read RDB block 8 [ 97.604893][ T6163] loop9: unable to read partition table [ 97.623878][ T6163] loop9: partition table beyond EOD, truncated [ 97.649721][ T6163] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5) [ 98.667004][ T6194] netlink: 'syz.0.120': attribute type 1 has an invalid length. [ 98.731390][ T6202] capability: warning: `syz.3.124' uses deprecated v2 capabilities in a way that may be insecure [ 99.342013][ T876] IPVS: starting estimator thread 0... [ 99.348257][ T6224] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 99.445656][ T6229] IPVS: using max 24 ests per chain, 57600 per kthread [ 99.610409][ T876] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 99.787904][ T876] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 99.807041][ T876] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 99.825524][ T876] usb 1-1: config 1 has no interface number 0 [ 99.831684][ T876] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.859395][ T876] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 99.875596][ T876] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 99.907518][ T876] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 99.925510][ T876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.933560][ T876] usb 1-1: Product: syz [ 99.945513][ T876] usb 1-1: Manufacturer: syz [ 99.950158][ T876] usb 1-1: SerialNumber: syz [ 100.688348][ T6261] netlink: 24 bytes leftover after parsing attributes in process `syz.3.149'. [ 100.748745][ T6261] netlink: 24 bytes leftover after parsing attributes in process `syz.3.149'. [ 100.812346][ T876] cdc_ncm 1-1:1.1: bind() failure [ 101.034663][ T5876] usb 1-1: USB disconnect, device number 3 [ 101.304959][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314220][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314350][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314381][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314406][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314432][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314459][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314486][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 101.314513][ T6280] ip6_tunnel: non-ECT from fc01:0000:0000:0000:0000:0000:00fb:a200 with DS=0x5 [ 102.012113][ T6296] sctp: [Deprecated]: syz.0.164 (pid 6296) Use of struct sctp_assoc_value in delayed_ack socket option. [ 102.012113][ T6296] Use struct sctp_sack_info instead [ 103.125539][ T876] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 103.308002][ T876] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 103.341691][ T876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D is Bulk; changing to Interrupt [ 103.365704][ T876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt [ 103.383210][ T876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 103.405162][ T876] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 103.418605][ T876] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 103.428084][ T876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.439245][ T876] usb 4-1: config 0 descriptor?? [ 103.446413][ T6332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 103.693482][ T10] usb 4-1: USB disconnect, device number 4 [ 103.763702][ T6361] usb usb1: usbfs: process 6361 (syz.4.194) did not claim interface 0 before use [ 104.146600][ T6373] IPv6: NLM_F_REPLACE set, but no existing node found! [ 104.549818][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 104.549836][ T30] audit: type=1400 audit(1742195865.306:15): lsm=SMACK fn=smk_curacc_shm action=denied subject="w" object="_" requested=rw pid=6383 comm="syz.0.205" ipc_key=0 [ 105.746106][ T6415] tipc: Started in network mode [ 105.784425][ T6415] tipc: Node identity ac14142f, cluster identity 4711 [ 105.815282][ T6415] tipc: New replicast peer: 0.0.0.0 [ 105.830424][ T6415] tipc: Enabled bearer , priority 10 [ 105.892869][ T6419] netlink: 'syz.0.220': attribute type 1 has an invalid length. [ 105.914108][ T6422] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000 [ 105.938188][ T6419] netlink: 134708 bytes leftover after parsing attributes in process `syz.0.220'. [ 105.988684][ T6424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.222'. [ 106.066160][ T6424] netlink: 'syz.1.222': attribute type 2 has an invalid length. [ 106.073887][ T6424] netlink: 4 bytes leftover after parsing attributes in process `syz.1.222'. [ 106.376748][ T6435] Zero length message leads to an empty skb [ 106.506389][ T876] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 106.667674][ T876] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 106.698724][ T876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 106.745686][ T876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 106.784488][ T876] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 106.813638][ T876] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 106.849914][ T876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.916874][ T876] usb 3-1: config 0 descriptor?? [ 106.922578][ T6430] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 106.966956][ T48] tipc: Node number set to 2886997039 [ 106.969916][ T30] audit: type=1326 audit(1742195867.736:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6448 comm="syz.1.235" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7a3f8d169 code=0x0 [ 107.365820][ T876] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 107.389187][ T876] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 107.420493][ T876] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 108.215743][ T5902] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 108.404053][ T5902] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 108.420889][ T6487] netlink: 48 bytes leftover after parsing attributes in process `syz.4.252'. [ 108.421697][ T5902] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 108.449399][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 108.479072][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 108.509863][ T5902] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 108.545831][ T5902] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 108.565276][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.576091][ T5902] usb 4-1: config 0 descriptor?? [ 108.581937][ T6477] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 108.930792][ T6503] netlink: 16 bytes leftover after parsing attributes in process `syz.0.259'. [ 108.944374][ T6503] netlink: 16 bytes leftover after parsing attributes in process `syz.0.259'. [ 109.028750][ T5902] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 109.060116][ T5902] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 109.101436][ T5902] plantronics 0003:047F:FFFF.0003: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 109.384317][ T5876] usb 4-1: USB disconnect, device number 5 [ 109.467873][ T48] usb 3-1: USB disconnect, device number 2 [ 109.533889][ T6520] netlink: 71 bytes leftover after parsing attributes in process `syz.0.266'. [ 109.668319][ T30] audit: type=1326 audit(1742195870.436:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 109.723979][ T30] audit: type=1326 audit(1742195870.436:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 109.812283][ T30] audit: type=1326 audit(1742195870.436:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 109.852301][ T30] audit: type=1326 audit(1742195870.436:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 109.908570][ T30] audit: type=1326 audit(1742195870.436:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 109.935608][ T48] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 109.959436][ T30] audit: type=1326 audit(1742195870.436:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 109.998424][ T30] audit: type=1326 audit(1742195870.436:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 110.068334][ T30] audit: type=1326 audit(1742195870.436:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 110.125705][ T48] usb 3-1: Using ep0 maxpacket: 16 [ 110.138342][ T48] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 78, changing to 10 [ 110.165633][ T30] audit: type=1326 audit(1742195870.436:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 110.186944][ T48] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 110.186976][ T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.192076][ T48] usb 3-1: config 0 descriptor?? [ 110.249221][ T30] audit: type=1326 audit(1742195870.436:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6526 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a1f18d169 code=0x7ffc0000 [ 110.690418][ T48] samsung 0003:0419:0600.0004: hidraw0: USB HID v0.04 Device [HID 0419:0600] on usb-dummy_hcd.2-1/input0 [ 110.934560][ T48] usb 3-1: USB disconnect, device number 3 [ 111.794711][ T6580] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 112.506367][ T5878] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 112.684797][ T5878] usb 5-1: config 0 has no interfaces? [ 112.690581][ T5878] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 112.731320][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.758099][ T5878] usb 5-1: config 0 descriptor?? [ 112.988152][ T6594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.028886][ T6594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.046903][ T6594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.082969][ T6594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.119796][ T5875] usb 5-1: USB disconnect, device number 3 [ 113.570699][ T5875] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 113.757032][ T5875] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 113.794851][ T5875] usb 5-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 113.816241][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.846792][ T5875] usb 5-1: Product: syz [ 113.865467][ T5902] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 113.865601][ T5875] usb 5-1: Manufacturer: syz [ 113.895599][ T5875] usb 5-1: SerialNumber: syz [ 114.037208][ T5902] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 114.075090][ T5902] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 114.093821][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.110370][ T5875] cdc_ncm 5-1:1.0: bind() failure [ 114.118950][ T5902] usb 2-1: Product: syz [ 114.130217][ T5902] usb 2-1: Manufacturer: syz [ 114.135033][ T5902] usb 2-1: SerialNumber: syz [ 114.285513][ T5875] usb 5-1: USB disconnect, device number 4 [ 114.378211][ T5902] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 114.577146][ T6647] udevd[6647]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 114.592424][ T5902] usb 2-1: USB disconnect, device number 4 [ 114.640727][ T5902] usblp0: removed [ 115.013658][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 115.013678][ T30] audit: type=1326 audit(1742195875.776:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6664 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 115.064780][ T30] audit: type=1326 audit(1742195875.776:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6664 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 115.155752][ T30] audit: type=1326 audit(1742195875.776:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6664 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 115.243678][ T30] audit: type=1326 audit(1742195875.776:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6664 comm="syz.2.331" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 115.955601][ T5876] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 116.117103][ T5876] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 116.136370][ T5875] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.160331][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.179432][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.193319][ T5876] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 116.215249][ T5876] usb 3-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 116.224738][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.247532][ T5876] usb 3-1: config 0 descriptor?? [ 116.317690][ T5875] usb 1-1: config 4 has an invalid interface number: 196 but max is 0 [ 116.332027][ T5875] usb 1-1: config 4 has no interface number 0 [ 116.345101][ T5875] usb 1-1: config 4 interface 196 has no altsetting 0 [ 116.345224][ T6709] Driver unsupported XDP return value 0 on prog (id 45) dev N/A, expect packet loss! [ 116.358417][ T5875] usb 1-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice=f3.03 [ 116.376273][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.384450][ T5875] usb 1-1: Product: syz [ 116.390318][ T5875] usb 1-1: Manufacturer: syz [ 116.395115][ T5875] usb 1-1: SerialNumber: syz [ 116.421350][ T5875] keyspan 1-1:4.196: Keyspan 1 port adapter converter detected [ 116.438964][ T5875] keyspan 1-1:4.196: found no endpoint descriptor for endpoint 84 [ 116.469979][ T5875] keyspan 1-1:4.196: found no endpoint descriptor for endpoint 81 [ 116.488068][ T5875] keyspan 1-1:4.196: found no endpoint descriptor for endpoint 82 [ 116.497140][ T5875] keyspan 1-1:4.196: found no endpoint descriptor for endpoint 1 [ 116.507763][ T5875] keyspan 1-1:4.196: found no endpoint descriptor for endpoint 2 [ 116.516057][ T5875] keyspan 1-1:4.196: found no endpoint descriptor for endpoint 83 [ 116.524072][ T5875] keyspan 1-1:4.196: found no endpoint descriptor for endpoint 3 [ 116.536885][ T5875] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 116.639744][ T5875] usb 1-1: USB disconnect, device number 4 [ 116.661934][ T5875] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 116.680947][ T5876] kye 0003:0458:0153.0005: unknown main item tag 0x0 [ 116.699995][ T5875] keyspan 1-1:4.196: device disconnected [ 116.727570][ T5876] kye 0003:0458:0153.0005: hidraw0: USB HID v0.00 Device [HID 0458:0153] on usb-dummy_hcd.2-1/input0 [ 116.883609][ T48] usb 3-1: USB disconnect, device number 4 [ 117.315878][ T5875] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 117.346301][ T6727] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 117.496664][ T5875] usb 5-1: Using ep0 maxpacket: 16 [ 117.518074][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.543861][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 117.571843][ T5875] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 117.591138][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.627033][ T5875] usb 5-1: config 0 descriptor?? [ 118.045661][ T5875] appleir 0003:05AC:8241.0006: No inputs registered, leaving [ 118.068071][ T5875] appleir 0003:05AC:8241.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0 [ 118.213660][ T6753] team0: No ports can be present during mode change [ 118.235796][ T5876] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 118.328654][ T48] usb 5-1: USB disconnect, device number 5 [ 118.426786][ T5876] usb 2-1: Using ep0 maxpacket: 8 [ 118.455184][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.499863][ T5876] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.535780][ T5876] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 118.545097][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.566422][ T5876] usb 2-1: config 0 descriptor?? [ 118.731880][ T6768] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 118.795538][ T5876] usbhid 2-1:0.0: can't add hid device: -71 [ 118.801600][ T5876] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 118.849842][ T5876] usb 2-1: USB disconnect, device number 5 [ 119.301071][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 119.477521][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 119.500032][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7 [ 119.519401][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 119.541015][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.569995][ T10] usb 5-1: Product: syz [ 119.583492][ T10] usb 5-1: Manufacturer: syz [ 119.595446][ T10] usb 5-1: SerialNumber: syz [ 119.629859][ T10] usb 5-1: config 0 descriptor?? [ 119.666661][ T6795] random: crng reseeded on system resumption [ 119.896734][ T10] usb 5-1: USB disconnect, device number 6 [ 120.144986][ T6140] udevd[6140]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 120.332681][ T6811] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.346390][ T6811] batadv_slave_0: entered promiscuous mode [ 120.505603][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 120.645599][ T5878] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 120.665541][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 120.678947][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.689626][ T10] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 120.700884][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.715072][ T10] usb 4-1: config 0 descriptor?? [ 120.731013][ T10] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 120.805611][ T5878] usb 1-1: Using ep0 maxpacket: 16 [ 120.814783][ T5878] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 120.845722][ T5878] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 120.896777][ T5878] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 120.907033][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.915089][ T5878] usb 1-1: Product: syz [ 120.942738][ T5878] usb 1-1: Manufacturer: syz [ 120.949965][ T5878] usb 1-1: SerialNumber: syz [ 121.238799][ T6836] net_ratelimit: 55 callbacks suppressed [ 121.238821][ T6836] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 121.344274][ T10] gspca_vc032x: reg_r err -32 [ 121.365549][ T10] vc032x 4-1:0.0: probe with driver vc032x failed with error -32 [ 121.374523][ T5878] usb 1-1: 0:2 : does not exist [ 121.376771][ T10] usb 4-1: USB disconnect, device number 6 [ 121.990251][ T5878] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 122.031475][ T6854] netlink: set zone limit has 8 unknown bytes [ 122.067771][ T6857] netlink: zone id is out of range [ 122.075895][ T6857] netlink: zone id is out of range [ 122.097985][ T5878] usb 1-1: USB disconnect, device number 5 [ 122.111067][ T6857] netlink: zone id is out of range [ 122.123095][ T6857] netlink: zone id is out of range [ 122.143662][ T6857] netlink: zone id is out of range [ 122.152108][ T6857] netlink: zone id is out of range [ 122.163503][ T6857] netlink: zone id is out of range [ 122.193140][ T6857] netlink: del zone limit has 4 unknown bytes [ 122.336689][ T6647] udevd[6647]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 122.352732][ T5876] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 122.505530][ T5876] usb 3-1: Using ep0 maxpacket: 16 [ 122.512805][ T5876] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 122.528845][ T5876] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.550018][ T5876] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 122.583252][ T5876] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 122.616315][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.639309][ T5876] usb 3-1: Product: syz [ 122.644188][ T5876] usb 3-1: Manufacturer: syz [ 122.658898][ T5876] usb 3-1: SerialNumber: syz [ 123.116998][ T5876] usb 3-1: 0:2 : does not exist [ 123.757777][ T5876] usb 3-1: 1:0: failed to get current value for ch 0 (-22) [ 123.791280][ T6904] Cannot find add_set index 0 as target [ 123.822572][ T5876] usb 3-1: USB disconnect, device number 5 [ 124.062542][ T6647] udevd[6647]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 124.906458][ T6944] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 124.956827][ T6944] CIFS mount error: No usable UNC path provided in device string! [ 124.956827][ T6944] [ 124.968349][ T6944] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 125.184457][ T30] audit: type=1326 audit(1742195885.946:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.2.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 125.247766][ T30] audit: type=1326 audit(1742195885.976:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.2.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 125.325961][ T30] audit: type=1326 audit(1742195885.976:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.2.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 125.405805][ T30] audit: type=1326 audit(1742195885.976:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.2.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 125.436626][ T30] audit: type=1326 audit(1742195885.976:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.2.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 125.469567][ T30] audit: type=1326 audit(1742195885.976:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.2.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 125.593379][ T30] audit: type=1326 audit(1742195885.976:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6951 comm="syz.2.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f535118d169 code=0x7ffc0000 [ 125.695428][ T48] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 125.885743][ T48] usb 3-1: Using ep0 maxpacket: 8 [ 125.892670][ T48] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 125.911324][ T48] usb 3-1: config 179 has no interface number 0 [ 125.945389][ T48] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 125.995522][ T48] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 126.055466][ T48] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 126.108744][ T48] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 126.145589][ T48] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 126.181833][ T48] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 126.228147][ T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.240814][ T6983] tipc: Started in network mode [ 126.255787][ T6983] tipc: Node identity 7, cluster identity 4711 [ 126.260135][ T6959] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 126.285499][ T6983] tipc: Node number set to 7 [ 126.593659][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 126.593663][ T5822] usb 3-1: USB disconnect, device number 6 [ 126.608002][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 126.616904][ C1] ================================================================== [ 126.624994][ C1] BUG: KASAN: slab-use-after-free in register_lock_class+0x8db/0x980 [ 126.633094][ C1] Read of size 1 at addr ffff88807ad95891 by task syz.0.472/6987 [ 126.640797][ C1] [ 126.643125][ C1] CPU: 1 UID: 0 PID: 6987 Comm: syz.0.472 Not tainted 6.14.0-rc7-syzkaller #0 [ 126.643140][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 126.643149][ C1] Call Trace: [ 126.643155][ C1] [ 126.643160][ C1] dump_stack_lvl+0x241/0x360 [ 126.643178][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.643192][ C1] ? __pfx__printk+0x10/0x10 [ 126.643215][ C1] ? _printk+0xd5/0x120 [ 126.643235][ C1] ? __virt_addr_valid+0x183/0x530 [ 126.643258][ C1] ? __virt_addr_valid+0x183/0x530 [ 126.643280][ C1] print_report+0x16e/0x5b0 [ 126.643302][ C1] ? __virt_addr_valid+0x183/0x530 [ 126.643323][ C1] ? __virt_addr_valid+0x183/0x530 [ 126.643343][ C1] ? __virt_addr_valid+0x45f/0x530 [ 126.643365][ C1] ? __phys_addr+0xba/0x170 [ 126.643386][ C1] ? register_lock_class+0x8db/0x980 [ 126.643432][ C1] kasan_report+0x143/0x180 [ 126.643455][ C1] ? register_lock_class+0x8db/0x980 [ 126.643482][ C1] register_lock_class+0x8db/0x980 [ 126.643505][ C1] ? __pfx_register_lock_class+0x10/0x10 [ 126.643528][ C1] ? __lock_acquire+0x1397/0x2100 [ 126.643550][ C1] __lock_acquire+0xf3/0x2100 [ 126.643570][ C1] ? mark_lock+0x9a/0x360 [ 126.643593][ C1] ? __lock_acquire+0x1397/0x2100 [ 126.643616][ C1] lock_acquire+0x1ed/0x550 [ 126.643635][ C1] ? __wake_up_common_lock+0x25/0x1e0 [ 126.643659][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 126.643684][ C1] ? kcov_remote_stop+0x78/0x6f0 [ 126.643703][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 126.643720][ C1] ? __pfx_lock_release+0x10/0x10 [ 126.643742][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 126.643760][ C1] ? __wake_up_common_lock+0x25/0x1e0 [ 126.643780][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 126.643803][ C1] __wake_up_common_lock+0x25/0x1e0 [ 126.643826][ C1] __usb_hcd_giveback_urb+0x4ff/0x6e0 [ 126.643849][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 126.643876][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 126.643898][ C1] dummy_timer+0x849/0x4640 [ 126.643919][ C1] ? debug_object_deactivate+0x2d5/0x390 [ 126.643942][ C1] ? __pfx_lock_release+0x10/0x10 [ 126.643969][ C1] ? mark_lock+0x9a/0x360 [ 126.643996][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 126.644017][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 126.644036][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 126.644053][ C1] __hrtimer_run_queues+0x59b/0xd30 [ 126.644068][ C1] ? ktime_get_update_offsets_now+0x2d/0x3b0 [ 126.644094][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 126.644109][ C1] ? read_tsc+0x9/0x20 [ 126.644124][ C1] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 126.644147][ C1] hrtimer_run_softirq+0x19a/0x2c0 [ 126.644163][ C1] handle_softirqs+0x2d4/0x9b0 [ 126.644182][ C1] ? __irq_exit_rcu+0xf7/0x220 [ 126.644198][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 126.644215][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 126.644238][ C1] __irq_exit_rcu+0xf7/0x220 [ 126.644253][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 126.644271][ C1] irq_exit_rcu+0x9/0x30 [ 126.644285][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 126.644306][ C1] [ 126.644311][ C1] [ 126.644316][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 126.644346][ C1] RIP: 0010:folio_try_get+0x11a/0x350 [ 126.644368][ C1] Code: 01 00 00 41 8b 1f 31 ff 89 de e8 21 23 c7 ff 85 db 0f 84 8c 00 00 00 4c 89 ff be 04 00 00 00 e8 6c d3 2b 00 42 0f b6 44 25 00 <84> c0 0f 85 3f 01 00 00 41 8b 1f 31 ed 31 ff 89 de e8 f0 22 c7 ff [ 126.644380][ C1] RSP: 0000:ffffc900035df740 EFLAGS: 00000256 [ 126.644394][ C1] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff81fac0a4 [ 126.644404][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffea000138cf34 [ 126.644413][ C1] RBP: 1ffffd40002719e6 R08: ffffea000138cf37 R09: 1ffffd40002719e6 [ 126.644424][ C1] R10: dffffc0000000000 R11: fffff940002719e7 R12: dffffc0000000000 [ 126.644435][ C1] R13: dffffc0000000000 R14: ffffffff81fabfae R15: ffffea000138cf34 [ 126.644446][ C1] ? folio_try_get+0x1e/0x350 [ 126.644467][ C1] ? folio_try_get+0x114/0x350 [ 126.644490][ C1] next_uptodate_folio+0xd3/0x5f0 [ 126.644515][ C1] filemap_map_pages+0x12d0/0x1900 [ 126.644538][ C1] ? filemap_map_pages+0x231/0x1900 [ 126.644568][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 126.644590][ C1] ? __handle_mm_fault+0x19e1/0x6ef0 [ 126.644607][ C1] ? __pfx_lock_release+0x10/0x10 [ 126.644629][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 126.644648][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 126.644670][ C1] ? __handle_mm_fault+0x2fa1/0x6ef0 [ 126.644686][ C1] __handle_mm_fault+0x3f51/0x6ef0 [ 126.644712][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 126.644729][ C1] ? lock_vma_under_rcu+0x34b/0x790 [ 126.644751][ C1] ? __pfx_reacquire_held_locks+0x10/0x10 [ 126.644784][ C1] ? mtree_range_walk+0x6fd/0x8e0 [ 126.644803][ C1] ? lock_vma_under_rcu+0x1dd/0x790 [ 126.644820][ C1] ? __pfx_lock_release+0x10/0x10 [ 126.644838][ C1] ? lock_vma_under_rcu+0x34b/0x790 [ 126.644865][ C1] ? lock_vma_under_rcu+0x1dd/0x790 [ 126.644882][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 126.644897][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 126.644919][ C1] handle_mm_fault+0x2c1/0x7e0 [ 126.644938][ C1] exc_page_fault+0x459/0x8b0 [ 126.644959][ C1] asm_exc_page_fault+0x26/0x30 [ 126.644978][ C1] RIP: 0033:0x7f33be86d4cd [ 126.644993][ C1] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 7b 32 [ 126.645004][ C1] RSP: 002b:00007ffd9f679770 EFLAGS: 00010202 [ 126.645016][ C1] RAX: 000000110c270000 RBX: 00007f33bf6d5720 RCX: 0000000000000003 [ 126.645025][ C1] RDX: 00000000000010d8 RSI: 0000000000003643 RDI: 0000000000000008 [ 126.645034][ C1] RBP: ffffffff822d90d8 R08: 00007f33beba6038 R09: 00007f33beb92000 [ 126.645044][ C1] R10: 00007f33bdfff008 R11: 0000000000000000 R12: 0000000000000000 [ 126.645052][ C1] R13: 0000000000000000 R14: ffffffff822d9779 R15: 000000000000004d [ 126.645062][ C1] ? page_counter_charge+0x29/0x1b0 [ 126.645079][ C1] ? release_pte_folio+0xd8/0x200 [ 126.645098][ C1] [ 126.645103][ C1] [ 127.239391][ C1] Allocated by task 48: [ 127.243549][ C1] kasan_save_track+0x3f/0x80 [ 127.248226][ C1] __kasan_kmalloc+0x98/0xb0 [ 127.252812][ C1] __kmalloc_cache_noprof+0x243/0x390 [ 127.258172][ C1] xpad_probe+0x3f3/0x1d80 [ 127.262583][ C1] usb_probe_interface+0x641/0xbb0 [ 127.267690][ C1] really_probe+0x2b9/0xad0 [ 127.272203][ C1] __driver_probe_device+0x1a2/0x390 [ 127.277485][ C1] driver_probe_device+0x50/0x430 [ 127.282501][ C1] __device_attach_driver+0x2d6/0x530 [ 127.287880][ C1] bus_for_each_drv+0x24e/0x2e0 [ 127.292750][ C1] __device_attach+0x333/0x520 [ 127.297537][ C1] bus_probe_device+0x189/0x260 [ 127.302403][ C1] device_add+0x856/0xbf0 [ 127.306761][ C1] usb_set_configuration+0x1976/0x1fb0 [ 127.312244][ C1] usb_generic_driver_probe+0x88/0x140 [ 127.317698][ C1] usb_probe_device+0x1b8/0x380 [ 127.322554][ C1] really_probe+0x2b9/0xad0 [ 127.327051][ C1] __driver_probe_device+0x1a2/0x390 [ 127.332342][ C1] driver_probe_device+0x50/0x430 [ 127.337361][ C1] __device_attach_driver+0x2d6/0x530 [ 127.342743][ C1] bus_for_each_drv+0x24e/0x2e0 [ 127.347609][ C1] __device_attach+0x333/0x520 [ 127.352362][ C1] bus_probe_device+0x189/0x260 [ 127.357224][ C1] device_add+0x856/0xbf0 [ 127.361571][ C1] usb_new_device+0x104a/0x19a0 [ 127.366428][ C1] hub_event+0x2d6d/0x5150 [ 127.370921][ C1] process_scheduled_works+0xabe/0x18e0 [ 127.376489][ C1] worker_thread+0x870/0xd30 [ 127.381096][ C1] kthread+0x7a9/0x920 [ 127.385165][ C1] ret_from_fork+0x4b/0x80 [ 127.389581][ C1] ret_from_fork_asm+0x1a/0x30 [ 127.394362][ C1] [ 127.396680][ C1] Freed by task 5822: [ 127.400655][ C1] kasan_save_track+0x3f/0x80 [ 127.405350][ C1] kasan_save_free_info+0x40/0x50 [ 127.410373][ C1] __kasan_slab_free+0x59/0x70 [ 127.415136][ C1] kfree+0x196/0x430 [ 127.419034][ C1] xpad_disconnect+0x359/0x490 [ 127.423808][ C1] usb_unbind_interface+0x25b/0x940 [ 127.429003][ C1] device_release_driver_internal+0x503/0x7c0 [ 127.435063][ C1] bus_remove_device+0x34f/0x420 [ 127.439995][ C1] device_del+0x57a/0x9b0 [ 127.444311][ C1] usb_disable_device+0x3bf/0x850 [ 127.449326][ C1] usb_disconnect+0x340/0x950 [ 127.454008][ C1] hub_event+0x1ebc/0x5150 [ 127.458415][ C1] process_scheduled_works+0xabe/0x18e0 [ 127.463975][ C1] worker_thread+0x870/0xd30 [ 127.468562][ C1] kthread+0x7a9/0x920 [ 127.472634][ C1] ret_from_fork+0x4b/0x80 [ 127.477044][ C1] ret_from_fork_asm+0x1a/0x30 [ 127.481799][ C1] [ 127.484114][ C1] The buggy address belongs to the object at ffff88807ad95800 [ 127.484114][ C1] which belongs to the cache kmalloc-1k of size 1024 [ 127.498252][ C1] The buggy address is located 145 bytes inside of [ 127.498252][ C1] freed 1024-byte region [ffff88807ad95800, ffff88807ad95c00) [ 127.512240][ C1] [ 127.514554][ C1] The buggy address belongs to the physical page: [ 127.520962][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ad90 [ 127.529714][ C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 127.538198][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 127.545731][ C1] page_type: f5(slab) [ 127.549730][ C1] raw: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 127.558316][ C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 127.566909][ C1] head: 00fff00000000040 ffff88801b041dc0 dead000000000100 dead000000000122 [ 127.575566][ C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 127.584222][ C1] head: 00fff00000000003 ffffea0001eb6401 ffffffffffffffff 0000000000000000 [ 127.592879][ C1] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 127.601637][ C1] page dumped because: kasan: bad access detected [ 127.608060][ C1] page_owner tracks the page as allocated [ 127.613761][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1310, tgid 1310 (kworker/u8:5), ts 86706837212, free_ts 86653670597 [ 127.633200][ C1] post_alloc_hook+0x1f4/0x240 [ 127.637968][ C1] get_page_from_freelist+0x3651/0x37a0 [ 127.643597][ C1] __alloc_frozen_pages_noprof+0x292/0x710 [ 127.649394][ C1] alloc_pages_mpol+0x311/0x660 [ 127.654238][ C1] allocate_slab+0x8f/0x3a0 [ 127.658746][ C1] ___slab_alloc+0xc27/0x14a0 [ 127.663412][ C1] __slab_alloc+0x58/0xa0 [ 127.667728][ C1] __kmalloc_noprof+0x2e6/0x4c0 [ 127.672566][ C1] ieee802_11_parse_elems_full+0x166/0x2ef0 [ 127.678451][ C1] ieee80211_inform_bss+0x15f/0x10d0 [ 127.683723][ C1] cfg80211_inform_single_bss_data+0xf63/0x1ee0 [ 127.689957][ C1] cfg80211_inform_bss_data+0x3c3/0x5820 [ 127.695578][ C1] cfg80211_inform_bss_frame_data+0x3bb/0x720 [ 127.701637][ C1] ieee80211_bss_info_update+0x8a7/0xbc0 [ 127.707267][ C1] ieee80211_ibss_rx_queued_mgmt+0x1993/0x2e00 [ 127.713519][ C1] ieee80211_iface_work+0x8dc/0xf90 [ 127.718714][ C1] page last free pid 5830 tgid 5830 stack trace: [ 127.725027][ C1] free_frozen_pages+0xe04/0x10e0 [ 127.730058][ C1] __slab_free+0x2c2/0x380 [ 127.734468][ C1] qlist_free_all+0x9a/0x140 [ 127.739162][ C1] kasan_quarantine_reduce+0x14f/0x170 [ 127.744615][ C1] __kasan_slab_alloc+0x23/0x80 [ 127.749461][ C1] kmem_cache_alloc_noprof+0x1d9/0x380 [ 127.754956][ C1] __pmd_alloc+0x111/0x420 [ 127.759387][ C1] copy_pmd_range+0x7366/0x77b0 [ 127.764232][ C1] copy_page_range+0x99f/0xe90 [ 127.769009][ C1] copy_mm+0x1269/0x2160 [ 127.773247][ C1] copy_process+0x17d1/0x3cf0 [ 127.777919][ C1] kernel_clone+0x223/0x870 [ 127.782418][ C1] __x64_sys_clone+0x267/0x2e0 [ 127.787181][ C1] do_syscall_64+0xf3/0x230 [ 127.791687][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.797692][ C1] [ 127.800009][ C1] Memory state around the buggy address: [ 127.805643][ C1] ffff88807ad95780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 127.813716][ C1] ffff88807ad95800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 127.821884][ C1] >ffff88807ad95880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 127.829937][ C1] ^ [ 127.834520][ C1] ffff88807ad95900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 127.842659][ C1] ffff88807ad95980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 127.850718][ C1] ================================================================== [ 127.858792][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 127.865993][ C1] CPU: 1 UID: 0 PID: 6987 Comm: syz.0.472 Not tainted 6.14.0-rc7-syzkaller #0 [ 127.874840][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 127.884887][ C1] Call Trace: [ 127.888160][ C1] [ 127.891005][ C1] dump_stack_lvl+0x241/0x360 [ 127.895713][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.900904][ C1] ? __pfx__printk+0x10/0x10 [ 127.905490][ C1] ? rcu_is_watching+0x15/0xb0 [ 127.910247][ C1] ? lock_release+0xbf/0xa30 [ 127.914838][ C1] ? vscnprintf+0x5d/0x90 [ 127.919162][ C1] panic+0x349/0x880 [ 127.923053][ C1] ? check_panic_on_warn+0x21/0xb0 [ 127.928165][ C1] ? __pfx_panic+0x10/0x10 [ 127.932595][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 127.937835][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 127.943738][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 127.950072][ C1] ? print_report+0x519/0x5b0 [ 127.954773][ C1] check_panic_on_warn+0x86/0xb0 [ 127.959718][ C1] ? register_lock_class+0x8db/0x980 [ 127.965002][ C1] end_report+0x77/0x160 [ 127.969246][ C1] kasan_report+0x154/0x180 [ 127.973752][ C1] ? register_lock_class+0x8db/0x980 [ 127.979046][ C1] register_lock_class+0x8db/0x980 [ 127.984157][ C1] ? __pfx_register_lock_class+0x10/0x10 [ 127.989789][ C1] ? __lock_acquire+0x1397/0x2100 [ 127.994820][ C1] __lock_acquire+0xf3/0x2100 [ 127.999516][ C1] ? mark_lock+0x9a/0x360 [ 128.003846][ C1] ? __lock_acquire+0x1397/0x2100 [ 128.008889][ C1] lock_acquire+0x1ed/0x550 [ 128.013390][ C1] ? __wake_up_common_lock+0x25/0x1e0 [ 128.018761][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 128.023806][ C1] ? kcov_remote_stop+0x78/0x6f0 [ 128.028735][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 128.033765][ C1] ? __pfx_lock_release+0x10/0x10 [ 128.038784][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 128.044077][ C1] ? __wake_up_common_lock+0x25/0x1e0 [ 128.049477][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 128.055365][ C1] __wake_up_common_lock+0x25/0x1e0 [ 128.060562][ C1] __usb_hcd_giveback_urb+0x4ff/0x6e0 [ 128.065932][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 128.071824][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 128.077021][ C1] dummy_timer+0x849/0x4640 [ 128.081524][ C1] ? debug_object_deactivate+0x2d5/0x390 [ 128.087156][ C1] ? __pfx_lock_release+0x10/0x10 [ 128.092188][ C1] ? mark_lock+0x9a/0x360 [ 128.096527][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 128.102417][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 128.107353][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 128.112283][ C1] __hrtimer_run_queues+0x59b/0xd30 [ 128.117489][ C1] ? ktime_get_update_offsets_now+0x2d/0x3b0 [ 128.123473][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 128.129185][ C1] ? read_tsc+0x9/0x20 [ 128.133251][ C1] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 128.139319][ C1] hrtimer_run_softirq+0x19a/0x2c0 [ 128.144442][ C1] handle_softirqs+0x2d4/0x9b0 [ 128.149242][ C1] ? __irq_exit_rcu+0xf7/0x220 [ 128.154002][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 128.159283][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 128.164502][ C1] __irq_exit_rcu+0xf7/0x220 [ 128.169089][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 128.174284][ C1] irq_exit_rcu+0x9/0x30 [ 128.178532][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 128.184165][ C1] [ 128.187094][ C1] [ 128.190017][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 128.195997][ C1] RIP: 0010:folio_try_get+0x11a/0x350 [ 128.201367][ C1] Code: 01 00 00 41 8b 1f 31 ff 89 de e8 21 23 c7 ff 85 db 0f 84 8c 00 00 00 4c 89 ff be 04 00 00 00 e8 6c d3 2b 00 42 0f b6 44 25 00 <84> c0 0f 85 3f 01 00 00 41 8b 1f 31 ed 31 ff 89 de e8 f0 22 c7 ff [ 128.220965][ C1] RSP: 0000:ffffc900035df740 EFLAGS: 00000256 [ 128.227029][ C1] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff81fac0a4 [ 128.234992][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffea000138cf34 [ 128.242955][ C1] RBP: 1ffffd40002719e6 R08: ffffea000138cf37 R09: 1ffffd40002719e6 [ 128.250919][ C1] R10: dffffc0000000000 R11: fffff940002719e7 R12: dffffc0000000000 [ 128.258901][ C1] R13: dffffc0000000000 R14: ffffffff81fabfae R15: ffffea000138cf34 [ 128.266865][ C1] ? folio_try_get+0x1e/0x350 [ 128.271562][ C1] ? folio_try_get+0x114/0x350 [ 128.276327][ C1] next_uptodate_folio+0xd3/0x5f0 [ 128.281375][ C1] filemap_map_pages+0x12d0/0x1900 [ 128.286572][ C1] ? filemap_map_pages+0x231/0x1900 [ 128.291785][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 128.297243][ C1] ? __handle_mm_fault+0x19e1/0x6ef0 [ 128.302526][ C1] ? __pfx_lock_release+0x10/0x10 [ 128.307553][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 128.312754][ C1] ? __pfx_filemap_map_pages+0x10/0x10 [ 128.318228][ C1] ? __handle_mm_fault+0x2fa1/0x6ef0 [ 128.323518][ C1] __handle_mm_fault+0x3f51/0x6ef0 [ 128.328637][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 128.334090][ C1] ? lock_vma_under_rcu+0x34b/0x790 [ 128.339300][ C1] ? __pfx_reacquire_held_locks+0x10/0x10 [ 128.345021][ C1] ? mtree_range_walk+0x6fd/0x8e0 [ 128.350044][ C1] ? lock_vma_under_rcu+0x1dd/0x790 [ 128.355239][ C1] ? __pfx_lock_release+0x10/0x10 [ 128.360262][ C1] ? lock_vma_under_rcu+0x34b/0x790 [ 128.365479][ C1] ? lock_vma_under_rcu+0x1dd/0x790 [ 128.370674][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 128.376214][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 128.382193][ C1] handle_mm_fault+0x2c1/0x7e0 [ 128.386958][ C1] exc_page_fault+0x459/0x8b0 [ 128.391658][ C1] asm_exc_page_fault+0x26/0x30 [ 128.396509][ C1] RIP: 0033:0x7f33be86d4cd [ 128.400928][ C1] Code: ff 48 83 e8 01 48 89 ee bf 01 00 00 00 48 c1 e0 0e 48 c1 ee 06 48 01 c8 48 89 e9 81 e6 ff 3f 00 00 48 c1 e9 03 83 e1 07 d3 e7 <40> 84 bc 06 20 20 00 00 0f 85 11 fd ff ff e9 c0 fd ff ff e8 7b 32 [ 128.420531][ C1] RSP: 002b:00007ffd9f679770 EFLAGS: 00010202 [ 128.426604][ C1] RAX: 000000110c270000 RBX: 00007f33bf6d5720 RCX: 0000000000000003 [ 128.434575][ C1] RDX: 00000000000010d8 RSI: 0000000000003643 RDI: 0000000000000008 [ 128.442537][ C1] RBP: ffffffff822d90d8 R08: 00007f33beba6038 R09: 00007f33beb92000 [ 128.450501][ C1] R10: 00007f33bdfff008 R11: 0000000000000000 R12: 0000000000000000 [ 128.458462][ C1] R13: 0000000000000000 R14: ffffffff822d9779 R15: 000000000000004d [ 128.466428][ C1] ? page_counter_charge+0x29/0x1b0 [ 128.471624][ C1] ? release_pte_folio+0xd8/0x200 [ 128.476647][ C1] [ 129.609905][ C1] Shutting down cpus with NMI [ 129.614791][ C1] Kernel Offset: disabled [ 129.619115][ C1] Rebooting in 86400 seconds..