last executing test programs: 21.196137421s ago: executing program 1 (id=437): socket$nl_crypto(0x10, 0x3, 0x15) socketpair$unix(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x4}, {0x6, 0xc8, 0x4}}}}, 0xa) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) 20.291100075s ago: executing program 1 (id=439): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000080)=r0) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) 20.189861415s ago: executing program 1 (id=440): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xccef40, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x24000021}, 0x8000) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r1, 0x5420, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04000418"], 0x7) 20.129521288s ago: executing program 1 (id=441): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000840)={0x4, 0x0, [{0x4, 0x1, 0x1, 0x0, @adapter={0xa, 0x5, 0x9bd, 0x2, 0x1ff}}, {0x6dd7, 0x0, 0x1, 0x0, @sint={0x101, 0x5}}, {0x9, 0x5, 0x0, 0x0, @msi={0x7, 0x1, 0x7}}, {0x6, 0x1, 0x0, 0x0, @adapter={0xe1, 0x28d, 0xbb, 0x3ff, 0xea3}}]}) 19.200307899s ago: executing program 1 (id=447): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 19.019421077s ago: executing program 1 (id=448): socket$nl_crypto(0x10, 0x3, 0x15) socketpair$unix(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x4}, {0x6, 0xc8, 0x4}}}}, 0xa) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) 4.146902238s ago: executing program 2 (id=543): socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = syz_io_uring_setup(0xd38, &(0x7f0000000280)={0x0, 0x7732, 0x80, 0x801, 0x350}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd, 0xffffffffffffff7f, 0x0, 0x0, 0x4, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 3.978145265s ago: executing program 32 (id=448): socket$nl_crypto(0x10, 0x3, 0x15) socketpair$unix(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x7}, @hci_rp_read_enc_key_size={{0x4}, {0x6, 0xc8, 0x4}}}}, 0xa) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) 3.928712882s ago: executing program 2 (id=546): bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/24, @ANYRES32, @ANYBLOB="ff92e4d264b43d0446479ee74b2ea6754423944fad26ca10f3c90d7d7a46a7e570c4062f99ac260eb9386c2d3e4c33e8525ece603d4b8e986efb77c01fef8eb1a439fbe9dc3e34952a354dfd8f91ddab59cc10078af644631433bc21cd85d14ae570b4980b331d"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='br_fdb_add\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'bridge0\x00'}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x11) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_pressure(r1, &(0x7f00000000c0)='cpu.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r2, &(0x7f0000000140)={'some', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x2f) r3 = openat$cgroup_procs(r1, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000005c0), 0x12) 3.779823226s ago: executing program 2 (id=548): r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0xf, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x6, {0x9, 0x1, 0x1, 0x1100}}) 3.619743766s ago: executing program 2 (id=549): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSW2(r2, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff}) r4 = fcntl$getown(0xffffffffffffffff, 0x9) tkill(r4, 0x27) r5 = socket$inet6(0xa, 0x3, 0x7) r6 = socket$netlink(0x10, 0x3, 0x5) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000140)}], 0x1) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0) 1.609281331s ago: executing program 0 (id=556): sendmmsg(0xffffffffffffffff, &(0x7f0000005800), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000340)={0x79, 0x0, 0xe64}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x4000003, 0xfc, 0x2, 0xc, 0xff, 0x8, 0x6, 0x1, 0x0, 0x7, 0x5, 0x4, 0x72, 0x7, 0xfa, '\x00', 0x3, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.359548486s ago: executing program 4 (id=544): openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x121000) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$userio(0xffffff9c, &(0x7f0000000040), 0x80, 0x0) socket$kcm(0xa, 0x5, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x34, 0x70, 0x9d, 0x40, 0x55f, 0xc230, 0xb6ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa7, 0xcc}}]}}]}}, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) inotify_init() syz_clone3(&(0x7f0000000080)={0x180801400, &(0x7f0000000000), 0x0, 0x0, {0x3d}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c00010429bd7000ffdbdf2507000000", @ANYRES32=r0, @ANYBLOB="e0ff8b0a0a0002"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x24040040) 899.403119ms ago: executing program 3 (id=557): r0 = socket$rxrpc(0x21, 0x2, 0x2) connect$rxrpc(r0, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e23, @local}}, 0x24) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000180)=0x2, 0x4) 839.121467ms ago: executing program 3 (id=558): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0xb6b9, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0x4, 0x100, 0x81, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0x9, "0adb3fb8"}, 0x5}) 838.773176ms ago: executing program 3 (id=559): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000007b00000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, @void, {@ipv6={0x86dd, @generic={0x1, 0x6, "b01b80", 0x0, 0x3d, 0x100, @rand_addr=' \x01\x00', @mcast2}}}}, 0x0) 773.952325ms ago: executing program 3 (id=560): sendmsg$L2TP_CMD_NOOP(0xffffffffffffffff, 0x0, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r0 = socket$phonet_pipe(0x23, 0x5, 0x2) r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x8e82, 0x100, 0x14, 0x2ac}, &(0x7f0000000100)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x2, 0x0, 0x0, 0x0) 599.810419ms ago: executing program 0 (id=561): socket$nl_route(0x10, 0x3, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)=@generic={0x0, 0x0, 0x18}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x23c101, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001680), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f0000001840)={0x0, 0x0, &(0x7f0000001800)={&(0x7f0000001700)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x80000000}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x40000) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) 595.909335ms ago: executing program 3 (id=562): socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = syz_io_uring_setup(0xd38, &(0x7f0000000280)={0x0, 0x7732, 0x80, 0x801, 0x350}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd, 0xffffffffffffff7f, 0x0, 0x0, 0x4, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 459.991568ms ago: executing program 0 (id=563): syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e0a0f0d"], 0xd) prlimit64(0x0, 0xe, 0x0, 0x0) 459.583532ms ago: executing program 2 (id=564): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000080)=r0) umount2(&(0x7f00000002c0)='./file0\x00', 0xb) 379.391505ms ago: executing program 0 (id=565): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) 378.583337ms ago: executing program 3 (id=566): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r1, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r1, r2], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000340)={0x0, 0x0, r1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, "b1eddb851ba62b00d8730000000000000000000800"}}) r4 = getpgrp(0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xff, 0xc, 0x68, 0x10, 0x46d, 0x840, 0x2c30, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x41, 0x0, 0x0, 0x9d, 0xe3, 0x84}}]}}]}}, 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]}) close_range(r8, 0xffffffffffffffff, 0x0) 378.337381ms ago: executing program 2 (id=567): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$netlink(0x10, 0x3, 0x0) r5 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r5, 0x4020565b, &(0x7f0000000000)={0x4, 0x2, 0x7}) 378.024527ms ago: executing program 0 (id=568): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000007b00000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}, @void, {@ipv6={0x86dd, @generic={0x1, 0x6, "b01b80", 0x0, 0x3d, 0x100, @rand_addr=' \x01\x00', @mcast2}}}}, 0x0) 269.248993ms ago: executing program 0 (id=569): sendmmsg(0xffffffffffffffff, &(0x7f0000005800), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000340)={0x79, 0x0, 0xe64}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x4000003, 0xfc, 0x2, 0xc, 0xff, 0x8, 0x6, 0x1, 0x0, 0x7, 0x5, 0x4, 0x72, 0x7, 0xfa, '\x00', 0x3, 0x3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 4 (id=570): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x90, 0x2c, 0xd27, 0x30bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {}, {0x7, 0x10}}, [@TCA_RATE={0x6, 0x5, {0x81, 0x7}}, @filter_kind_options=@f_route={{0xa}, {0x58, 0x2, [@TCA_ROUTE4_ACT={0x54, 0x6, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x3, 0x2, 0x6, 0x5, 0x7}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x40}, 0x2008c014) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:4633' (ED25519) to the list of known hosts. [ 58.714367][ T5932] cgroup: Unknown subsys name 'net' [ 58.899295][ T5932] cgroup: Unknown subsys name 'cpuset' [ 58.907403][ T5932] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 60.005545][ T5932] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 64.258508][ T5951] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.262678][ T5951] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.263523][ T5953] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 64.267459][ T5951] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.268666][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 64.272978][ T5951] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.274984][ T5953] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 64.280605][ T5953] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 64.283768][ T5953] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 64.284605][ T5951] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.286705][ T5954] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 64.288338][ T5954] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 64.292992][ T5953] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 64.295127][ T5954] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 64.304658][ T5946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 64.304716][ T5953] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 64.310374][ T5953] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 64.315846][ T5954] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 64.320068][ T5954] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.326156][ T5960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 64.658499][ T5943] chnl_net:caif_netlink_parms(): no params data found [ 64.700660][ T5947] chnl_net:caif_netlink_parms(): no params data found [ 64.781150][ T5957] chnl_net:caif_netlink_parms(): no params data found [ 64.916651][ T5952] chnl_net:caif_netlink_parms(): no params data found [ 64.925751][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.930636][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.933486][ T5943] bridge_slave_0: entered allmulticast mode [ 64.937996][ T5943] bridge_slave_0: entered promiscuous mode [ 64.952141][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.955640][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.958947][ T5943] bridge_slave_1: entered allmulticast mode [ 64.963225][ T5943] bridge_slave_1: entered promiscuous mode [ 65.040011][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.043465][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.048948][ T5947] bridge_slave_0: entered allmulticast mode [ 65.053227][ T5947] bridge_slave_0: entered promiscuous mode [ 65.067199][ T5943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.079641][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.082741][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.086090][ T5947] bridge_slave_1: entered allmulticast mode [ 65.090488][ T5947] bridge_slave_1: entered promiscuous mode [ 65.116995][ T5943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.171869][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.183246][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.188541][ T5957] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.191518][ T5957] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.194285][ T5957] bridge_slave_0: entered allmulticast mode [ 65.197224][ T5957] bridge_slave_0: entered promiscuous mode [ 65.206772][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.209124][ T5952] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.211674][ T5952] bridge_slave_0: entered allmulticast mode [ 65.215406][ T5952] bridge_slave_0: entered promiscuous mode [ 65.240854][ T5957] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.243440][ T5957] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.246602][ T5957] bridge_slave_1: entered allmulticast mode [ 65.250569][ T5957] bridge_slave_1: entered promiscuous mode [ 65.260456][ T5943] team0: Port device team_slave_0 added [ 65.262890][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.266024][ T5952] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.269006][ T5952] bridge_slave_1: entered allmulticast mode [ 65.272270][ T5952] bridge_slave_1: entered promiscuous mode [ 65.277786][ T5947] team0: Port device team_slave_0 added [ 65.290742][ T5943] team0: Port device team_slave_1 added [ 65.312989][ T5947] team0: Port device team_slave_1 added [ 65.332029][ T5957] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.353001][ T5952] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 65.364617][ T5957] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.380217][ T5952] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 65.384159][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.386922][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.397712][ T5943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.413015][ T5943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.416043][ T5943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.426131][ T5943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.431364][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.434143][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.443000][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.447450][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.449701][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.457780][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.502444][ T5957] team0: Port device team_slave_0 added [ 65.506288][ T5952] team0: Port device team_slave_0 added [ 65.509864][ T5952] team0: Port device team_slave_1 added [ 65.535126][ T5957] team0: Port device team_slave_1 added [ 65.557669][ T5943] hsr_slave_0: entered promiscuous mode [ 65.560991][ T5943] hsr_slave_1: entered promiscuous mode [ 65.574655][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.577119][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.586056][ T5952] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.596200][ T5952] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.598445][ T5952] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.607269][ T5952] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.618122][ T5947] hsr_slave_0: entered promiscuous mode [ 65.620485][ T5947] hsr_slave_1: entered promiscuous mode [ 65.622610][ T5947] debugfs: 'hsr0' already exists in 'hsr' [ 65.624699][ T5947] Cannot create hsr debugfs directory [ 65.626853][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 65.629146][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.637678][ T5957] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 65.666876][ T5957] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.669614][ T5957] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 65.679229][ T5957] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.726177][ T5952] hsr_slave_0: entered promiscuous mode [ 65.729445][ T5952] hsr_slave_1: entered promiscuous mode [ 65.732420][ T5952] debugfs: 'hsr0' already exists in 'hsr' [ 65.735070][ T5952] Cannot create hsr debugfs directory [ 65.798023][ T5957] hsr_slave_0: entered promiscuous mode [ 65.800311][ T5957] hsr_slave_1: entered promiscuous mode [ 65.802480][ T5957] debugfs: 'hsr0' already exists in 'hsr' [ 65.804210][ T5957] Cannot create hsr debugfs directory [ 66.083769][ T5943] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 66.089910][ T5943] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 66.103022][ T5943] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 66.108565][ T5943] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 66.137385][ T5947] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 66.145839][ T5947] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 66.155039][ T5947] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 66.171895][ T5947] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 66.237195][ T5952] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 66.250148][ T5952] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 66.257211][ T5952] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 66.268299][ T5952] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.325930][ T5959] Bluetooth: hci1: command tx timeout [ 66.325938][ T5960] Bluetooth: hci0: command tx timeout [ 66.382912][ T5957] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 66.395387][ T5957] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 66.404015][ T5957] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 66.405756][ T5959] Bluetooth: hci2: command tx timeout [ 66.407744][ T5960] Bluetooth: hci3: command tx timeout [ 66.417980][ T5957] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 66.498223][ T5943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.530308][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.582148][ T5943] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.593900][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.596505][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.604813][ T5947] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.625230][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.627684][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.632493][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.635400][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.647171][ T5952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.663925][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.666513][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.693452][ T5952] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.715652][ T5957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.722751][ T4703] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.726472][ T4703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.752774][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.756085][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.775244][ T5957] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.798926][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.801743][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.810250][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.813227][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.940626][ T5943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.982489][ T5943] veth0_vlan: entered promiscuous mode [ 67.002389][ T5943] veth1_vlan: entered promiscuous mode [ 67.041047][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.049496][ T5952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.054112][ T5943] veth0_macvtap: entered promiscuous mode [ 67.063230][ T5943] veth1_macvtap: entered promiscuous mode [ 67.090379][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.105171][ T5943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.123427][ T5957] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.131666][ T1140] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.135775][ T1140] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.142777][ T1140] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.146121][ T1140] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.163438][ T5947] veth0_vlan: entered promiscuous mode [ 67.180100][ T5952] veth0_vlan: entered promiscuous mode [ 67.193423][ T5952] veth1_vlan: entered promiscuous mode [ 67.208623][ T5947] veth1_vlan: entered promiscuous mode [ 67.237658][ T4306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.241053][ T4306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.296227][ T5957] veth0_vlan: entered promiscuous mode [ 67.300148][ T5952] veth0_macvtap: entered promiscuous mode [ 67.309879][ T4703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.313536][ T4703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.319621][ T5952] veth1_macvtap: entered promiscuous mode [ 67.328637][ T5947] veth0_macvtap: entered promiscuous mode [ 67.339812][ T5947] veth1_macvtap: entered promiscuous mode [ 67.344689][ T5957] veth1_vlan: entered promiscuous mode [ 67.366596][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.387186][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.387343][ T5943] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 67.391622][ T5952] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.420010][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.425871][ T4306] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.430197][ T4306] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.439657][ T4306] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.450888][ T4306] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.463706][ T4306] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.477947][ T4306] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.482376][ T5957] veth0_macvtap: entered promiscuous mode [ 67.500081][ T6034] capability: warning: `syz.1.2' uses deprecated v2 capabilities in a way that may be insecure [ 67.500553][ T4306] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.510109][ T4306] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.526120][ T5957] veth1_macvtap: entered promiscuous mode [ 67.569928][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.600191][ T5957] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.604558][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.607889][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.626775][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.630057][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.638881][ T4703] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.642852][ T4703] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.656709][ T4703] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.660434][ T4703] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.699708][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.702518][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.713425][ T4703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.716970][ T4703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.782751][ T5130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.792574][ T5130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.865899][ T5130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.871984][ T5130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.052502][ T6052] support for cryptoloop has been removed. Use dm-crypt instead. [ 68.095812][ T34] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 68.130658][ T6059] netlink: 'syz.2.7': attribute type 4 has an invalid length. [ 68.257605][ T34] usb 6-1: config 0 has no interfaces? [ 68.262253][ T34] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 68.267424][ T34] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.270929][ T34] usb 6-1: Product: syz [ 68.272838][ T34] usb 6-1: Manufacturer: syz [ 68.276628][ T34] usb 6-1: SerialNumber: syz [ 68.284946][ T34] usb 6-1: config 0 descriptor?? [ 68.408446][ T5960] Bluetooth: hci1: command tx timeout [ 68.408544][ T5959] Bluetooth: hci0: command tx timeout [ 68.475006][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.485299][ T5959] Bluetooth: hci3: command tx timeout [ 68.486246][ T5960] Bluetooth: hci2: command tx timeout [ 68.539859][ T6040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6'. [ 68.556434][ T34] usb 6-1: USB disconnect, device number 2 [ 70.079386][ T6084] Zero length message leads to an empty skb [ 70.484716][ T5960] Bluetooth: hci1: command tx timeout [ 70.494583][ T5960] Bluetooth: hci0: command tx timeout [ 70.564742][ T5960] Bluetooth: hci3: command tx timeout [ 70.574704][ T5960] Bluetooth: hci2: command tx timeout [ 71.636680][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.641287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.678255][ T6090] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 71.681105][ T6090] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 71.696272][ T6090] vhci_hcd vhci_hcd.0: Device attached [ 71.721943][ T6095] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 71.756897][ T6095] xt_CT: You must specify a L4 protocol and not use inversions on it [ 71.875294][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 71.965991][ T10] usb 42-1: SetAddress Request (2) to port 0 [ 71.968857][ T10] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd [ 72.047173][ T6102] xt_CT: You must specify a L4 protocol and not use inversions on it [ 72.167950][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 72.325624][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 72.334644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 72.565093][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 72.578836][ T5960] Bluetooth: hci0: command tx timeout [ 72.578857][ T5959] Bluetooth: hci1: command tx timeout [ 72.644744][ T5959] Bluetooth: hci3: command tx timeout [ 72.646476][ T5960] Bluetooth: hci2: command tx timeout [ 72.742535][ T6109] 9pnet_virtio: no channels available for device 127.0.0.1 [ 72.798329][ T6112] xt_CT: You must specify a L4 protocol and not use inversions on it [ 72.961851][ T6091] vhci_hcd: connection reset by peer [ 72.974670][ T1146] vhci_hcd vhci_hcd.2: stop threads [ 72.977355][ T1146] vhci_hcd vhci_hcd.2: release socket [ 72.980417][ T1146] vhci_hcd vhci_hcd.2: disconnect device [ 73.444716][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 73.616560][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 73.984989][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 74.144516][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 74.176500][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 74.179627][ T9] usb 5-1: can't read configurations, error -61 [ 74.195270][ T6131] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 74.198197][ T6131] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 74.243063][ T6131] vhci_hcd vhci_hcd.0: Device attached [ 74.314655][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 74.484617][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 74.488953][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 74.491871][ T9] usb 5-1: can't read configurations, error -61 [ 74.496213][ T9] usb usb5-port1: attempt power cycle [ 74.631250][ T6132] vhci_hcd: connection closed [ 74.633275][ T1139] vhci_hcd vhci_hcd.2: stop threads [ 74.637321][ T1139] vhci_hcd vhci_hcd.2: release socket [ 74.639646][ T1139] vhci_hcd vhci_hcd.2: disconnect device [ 74.844652][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 74.865130][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 74.869030][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 74.872330][ T9] usb 5-1: can't read configurations, error -61 [ 75.015137][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 75.059087][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 75.063726][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 75.067434][ T9] usb 5-1: can't read configurations, error -61 [ 75.073071][ T9] usb usb5-port1: unable to enumerate USB device [ 75.778190][ T6145] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 75.781264][ T6145] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 75.785394][ T6145] vhci_hcd vhci_hcd.0: Device attached [ 76.065065][ T6073] usb 44-1: SetAddress Request (2) to port 0 [ 76.067767][ T6073] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 76.707998][ T6147] vhci_hcd: connection reset by peer [ 76.714860][ T1142] vhci_hcd vhci_hcd.3: stop threads [ 76.754609][ T1142] vhci_hcd vhci_hcd.3: release socket [ 76.765777][ T1142] vhci_hcd vhci_hcd.3: disconnect device [ 77.047192][ T10] usb 42-1: device descriptor read/8, error -110 [ 77.199890][ T6161] binder: 6160:6161 ioctl c0306201 0 returned -14 [ 77.619308][ T10] usb usb42-port1: attempt power cycle [ 77.720199][ T6166] xt_CT: You must specify a L4 protocol and not use inversions on it [ 78.357412][ T10] usb usb42-port1: unable to enumerate USB device [ 79.162832][ T6189] vlan2: entered promiscuous mode [ 79.165808][ T6189] vlan2: entered allmulticast mode [ 79.168476][ T6189] hsr_slave_1: entered allmulticast mode [ 79.374549][ T6011] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 79.374639][ T6013] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 79.524617][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 79.526324][ T6013] usb 7-1: config 0 has no interfaces? [ 79.528294][ T6011] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 79.530448][ T6013] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 79.532367][ T6011] usb 6-1: can't read configurations, error -61 [ 79.535687][ T6013] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.540635][ T6013] usb 7-1: Product: syz [ 79.542043][ T6013] usb 7-1: Manufacturer: syz [ 79.543540][ T6013] usb 7-1: SerialNumber: syz [ 79.548032][ T6013] usb 7-1: config 0 descriptor?? [ 79.668039][ T6011] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 79.808353][ T6183] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.815839][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 79.819700][ T6011] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 79.822334][ T6011] usb 6-1: can't read configurations, error -61 [ 79.824978][ T6011] usb usb6-port1: attempt power cycle [ 79.869658][ T5944] usb 7-1: USB disconnect, device number 2 [ 80.164755][ T6011] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 80.202022][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 80.240676][ T6011] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 80.243735][ T6011] usb 6-1: can't read configurations, error -61 [ 80.382190][ T6203] xt_CT: You must specify a L4 protocol and not use inversions on it [ 80.385674][ T6011] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 80.434362][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 80.451686][ T6011] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 80.453785][ T6204] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 80.457348][ T6204] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 80.461908][ T6011] usb 6-1: can't read configurations, error -61 [ 80.466474][ T6204] vhci_hcd vhci_hcd.0: Device attached [ 80.471681][ T6011] usb usb6-port1: unable to enumerate USB device [ 81.097096][ T6205] vhci_hcd: connection closed [ 81.097969][ T1139] vhci_hcd vhci_hcd.3: stop threads [ 81.102428][ T1139] vhci_hcd vhci_hcd.3: release socket [ 81.109555][ T1139] vhci_hcd vhci_hcd.3: disconnect device [ 81.126031][ T6073] usb 44-1: device descriptor read/8, error -110 [ 81.186841][ T6212] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 81.189171][ T6212] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 81.193806][ T6212] vhci_hcd vhci_hcd.0: Device attached [ 81.457160][ T6013] usb 42-1: SetAddress Request (6) to port 0 [ 81.464349][ T6013] usb 42-1: new SuperSpeed USB device number 6 using vhci_hcd [ 81.474176][ T6224] xt_CT: You must specify a L4 protocol and not use inversions on it [ 81.631075][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 81.634319][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 81.686406][ T6213] vhci_hcd: connection reset by peer [ 81.694700][ T4079] vhci_hcd vhci_hcd.2: stop threads [ 81.696742][ T4079] vhci_hcd vhci_hcd.2: release socket [ 81.699076][ T4079] vhci_hcd vhci_hcd.2: disconnect device [ 81.774977][ T6227] binder: 6226:6227 ioctl c0306201 0 returned -14 [ 81.998287][ T6073] usb usb44-port1: attempt power cycle [ 82.353823][ T6234] FAULT_INJECTION: forcing a failure. [ 82.353823][ T6234] name failslab, interval 1, probability 0, space 0, times 1 [ 82.359688][ T6234] CPU: 2 UID: 0 PID: 6234 Comm: syz.0.48 Not tainted syzkaller #0 PREEMPT(full) [ 82.359711][ T6234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.359722][ T6234] Call Trace: [ 82.359729][ T6234] [ 82.359737][ T6234] dump_stack_lvl+0x16c/0x1f0 [ 82.359768][ T6234] should_fail_ex+0x512/0x640 [ 82.359785][ T6234] ? __kmalloc_noprof+0xca/0x910 [ 82.359804][ T6234] should_failslab+0xc2/0x120 [ 82.359822][ T6234] __kmalloc_noprof+0xeb/0x910 [ 82.359833][ T6234] ? trace_contention_end+0xdd/0x110 [ 82.359844][ T6234] ? __alloc_workqueue+0x112/0x1810 [ 82.359864][ T6234] ? __alloc_workqueue+0x112/0x1810 [ 82.359879][ T6234] __alloc_workqueue+0x112/0x1810 [ 82.359898][ T6234] ? __pfx___mutex_lock+0x10/0x10 [ 82.359918][ T6234] alloc_workqueue_noprof+0xd2/0x200 [ 82.359935][ T6234] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 82.359953][ T6234] ? __fget_files+0x204/0x3c0 [ 82.359975][ T6234] loop_configure+0xf86/0x15f0 [ 82.360002][ T6234] ? __lock_acquire+0x436/0x2890 [ 82.360014][ T6234] ? __pfx_loop_configure+0x10/0x10 [ 82.360044][ T6234] lo_ioctl+0x266/0x1cb0 [ 82.360056][ T6234] ? __pfx_lo_ioctl+0x10/0x10 [ 82.360069][ T6234] ? kasan_quarantine_put+0x10a/0x240 [ 82.360083][ T6234] ? lockdep_hardirqs_on+0x7c/0x110 [ 82.360099][ T6234] ? blk_get_meta_cap+0xbc/0x700 [ 82.360114][ T6234] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 82.360126][ T6234] ? find_held_lock+0x2b/0x80 [ 82.360140][ T6234] ? tomoyo_path_number_perm+0x295/0x580 [ 82.360173][ T6234] lo_compat_ioctl+0xb9/0x170 [ 82.360184][ T6234] ? __pfx_lo_compat_ioctl+0x10/0x10 [ 82.360194][ T6234] compat_blkdev_ioctl+0x2ee/0x7a0 [ 82.360247][ T6234] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 82.360260][ T6234] ? __fput_deferred+0x410/0x480 [ 82.360274][ T6234] ? __pfx_compat_blkdev_ioctl+0x10/0x10 [ 82.360288][ T6234] __ia32_compat_sys_ioctl+0x242/0x370 [ 82.360304][ T6234] __do_fast_syscall_32+0xe8/0x680 [ 82.360324][ T6234] do_fast_syscall_32+0x32/0x80 [ 82.360334][ T6234] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 82.360348][ T6234] RIP: 0023:0xf7fc6579 [ 82.360357][ T6234] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 82.360368][ T6234] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 82.360379][ T6234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c0a [ 82.360385][ T6234] RDX: 0000000080000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 82.360391][ T6234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 82.360397][ T6234] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 82.360403][ T6234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.360417][ T6234] [ 82.784803][ T6011] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 82.816254][ T6073] usb usb44-port1: unable to enumerate USB device [ 82.944651][ T6011] usb 7-1: Using ep0 maxpacket: 8 [ 82.948033][ T6011] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 82.951726][ T6011] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 82.955486][ T6011] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 82.958550][ T6011] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 82.963078][ T6011] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 82.966690][ T6011] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.178462][ T6011] usb 7-1: GET_CAPABILITIES returned 0 [ 83.180896][ T6011] usbtmc 7-1:16.0: can't read capabilities [ 83.583257][ T24] usb 7-1: USB disconnect, device number 3 [ 84.158266][ T6258] netlink: 12 bytes leftover after parsing attributes in process `syz.3.53'. [ 84.221171][ T6259] Bluetooth: MGMT ver 1.23 [ 85.413739][ T6073] IPVS: starting estimator thread 0... [ 85.556336][ T6287] IPVS: using max 25 ests per chain, 60000 per kthread [ 85.785932][ T6086] IPVS: stop unused estimator thread 0... [ 85.916299][ T6299] process 'syz.1.65' launched './mnt' with NULL argv: empty string added [ 85.972351][ T6301] input: syz1 as /devices/virtual/input/input5 [ 86.314699][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 86.464633][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 86.469929][ T10] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 86.474317][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.481594][ T10] usb 6-1: config 0 descriptor?? [ 86.487458][ T10] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 86.564740][ T6013] usb 42-1: device descriptor read/8, error -110 [ 86.914561][ T3243] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 86.955235][ T6013] usb usb42-port1: attempt power cycle [ 87.058115][ T6310] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 87.069350][ T3243] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 87.074082][ T3243] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 87.092799][ T3243] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 87.099748][ T3243] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.120604][ T6324] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 87.129855][ T3243] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 87.340312][ T3243] usb 8-1: USB disconnect, device number 2 [ 87.495254][ T10] gspca_sonixj: reg_w1 err -71 [ 87.524584][ T10] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 87.525488][ T6013] usb usb42-port1: unable to enumerate USB device [ 87.530468][ T10] usb 6-1: USB disconnect, device number 7 [ 88.244738][ T5960] Bluetooth: hci1: command 0x0401 tx timeout [ 88.485460][ T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 88.659620][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 88.665606][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.674821][ T10] usb 6-1: Product: syz [ 88.684547][ T10] usb 6-1: Manufacturer: syz [ 88.686786][ T10] usb 6-1: SerialNumber: syz [ 89.515258][ T6356] netlink: 'syz.0.85': attribute type 4 has an invalid length. [ 89.530235][ T6356] erofs (device loop0): cannot find valid erofs superblock [ 89.543987][ T6358] Bluetooth: MGMT ver 1.23 [ 89.714917][ T10] cdc_ncm 6-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 89.717188][ T10] cdc_ncm 6-1:1.0: setting rx_max = 16384 [ 89.915571][ T10] cdc_ncm 6-1:1.0: setting tx_max = 184 [ 89.939261][ T10] cdc_ncm 6-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 89.953057][ T10] usb 6-1: USB disconnect, device number 8 [ 89.958195][ T10] cdc_ncm 6-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 90.269137][ T6369] loop7: detected capacity change from 0 to 16384 [ 90.596180][ T6374] loop7: detected capacity change from 16384 to 0 [ 90.666784][ T6385] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 90.724657][ T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 90.751265][ T9] hid-generic 0005:0002:090A.0002: unknown main item tag 0x0 [ 90.760009][ T9] hid-generic 0005:0002:090A.0002: hidraw1: BLUETOOTH HID ve3.38 Device [syz1] on aa:aa:aa:aa:aa:aa [ 90.867545][ T6391] fido_id[6391]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci3/hci3:200/report_descriptor': No such file or directory [ 90.875283][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 90.928518][ T10] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 90.936301][ T10] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 90.939418][ T10] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 90.942252][ T10] usb 6-1: Product: syz [ 90.943763][ T10] usb 6-1: Manufacturer: syz [ 90.945981][ T10] usb 6-1: SerialNumber: syz [ 90.957274][ T10] usb 6-1: config 0 descriptor?? [ 90.962026][ T6383] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 90.980244][ T5960] Bluetooth: hci1: failed to read key size for handle 200 [ 90.983324][ T5960] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 91.461296][ T6403] netlink: 228 bytes leftover after parsing attributes in process `syz.0.101'. [ 91.903807][ T53] cfg80211: failed to load regulatory.db [ 93.548826][ T6011] usb 6-1: USB disconnect, device number 9 [ 95.714688][ T6013] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 95.889643][ T6013] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 95.893974][ T6013] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.897783][ T6013] usb 7-1: Product: syz [ 95.899574][ T6013] usb 7-1: Manufacturer: syz [ 95.901509][ T6013] usb 7-1: SerialNumber: syz [ 95.916238][ T6013] usb 7-1: config 0 descriptor?? [ 95.928439][ T6013] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 96.218127][ T6013] gspca_sunplus: reg_r err -71 [ 96.224872][ T6013] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 96.235528][ T6013] usb 7-1: USB disconnect, device number 4 [ 101.624574][ T53] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 101.784537][ T53] usb 8-1: Using ep0 maxpacket: 8 [ 101.796075][ T53] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 101.800363][ T53] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 101.800381][ T53] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 101.800393][ T53] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 101.800419][ T53] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 101.817116][ T5960] Bluetooth: hci1: failed to read key size for handle 200 [ 101.820066][ T5960] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 101.862236][ T6534] ptrace attach of "/syz-executor exec"[5952] was attempted by ""[6534] [ 101.894570][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.165984][ T53] usb 8-1: usb_control_msg returned -32 [ 102.168336][ T53] usbtmc 8-1:16.0: can't read capabilities [ 103.694533][ T53] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 103.846741][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.852283][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.857192][ T53] usb 6-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 103.860659][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.868057][ T53] usb 6-1: config 0 descriptor?? [ 104.365761][ T6011] usb 8-1: USB disconnect, device number 3 [ 104.478392][ T53] usbhid 6-1:0.0: can't add hid device: -71 [ 104.481020][ T53] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 104.486753][ T53] usb 6-1: USB disconnect, device number 10 [ 104.570505][ T6567] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 105.005329][ T6092] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 105.054317][ T6575] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.057733][ T6575] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.118585][ T6575] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.127424][ T6575] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.166516][ T6092] usb 5-1: config 6 has too many interfaces: 65, using maximum allowed: 32 [ 105.172352][ T6092] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 105.176784][ T6092] usb 5-1: config 6 has 1 interface, different from the descriptor's value: 65 [ 105.181224][ T6092] usb 5-1: config 6 has no interface number 0 [ 105.184783][ T6092] usb 5-1: config 6 interface 15 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 105.194054][ T6092] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 105.198551][ T6092] usb 5-1: New USB device strings: Mfr=17, Product=10, SerialNumber=3 [ 105.201724][ T6092] usb 5-1: Product: syz [ 105.203249][ T6092] usb 5-1: Manufacturer: syz [ 105.205464][ T6092] usb 5-1: SerialNumber: syz [ 105.223773][ T89] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.232868][ T89] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.236437][ T89] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.239203][ T89] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.426304][ T6092] usb 5-1: USB disconnect, device number 6 [ 106.405514][ T55] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 106.604712][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 106.749166][ T55] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 106.753810][ T55] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 106.767359][ T55] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 106.775438][ T55] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 106.797330][ T55] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 106.884916][ T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.889221][ T55] usb 5-1: Product: syz [ 106.891152][ T55] usb 5-1: Manufacturer: syz [ 106.893182][ T55] usb 5-1: SerialNumber: syz [ 106.920000][ C2] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 106.930118][ T55] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input6 [ 107.267408][ T6623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.167'. [ 107.277390][ T6623] netlink: 72 bytes leftover after parsing attributes in process `syz.1.167'. [ 107.324878][ T55] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 107.329160][ T55] (id 0x00) [ 107.394584][ T55] rc_core: IR keymap rc-imon-pad not found [ 107.396980][ T55] Registered IR keymap rc-empty [ 107.398997][ T55] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 107.402717][ T55] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 107.490686][ T6626] netlink: 32 bytes leftover after parsing attributes in process `syz.3.168'. [ 107.516821][ T55] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0 [ 107.536406][ T55] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input7 [ 107.545722][ T55] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:7> initialized [ 107.925929][ T6635] syz.2.170 (6635): /proc/6629/oom_adj is deprecated, please use /proc/6629/oom_score_adj instead. [ 108.677776][ T6639] vxcan1: entered promiscuous mode [ 108.818409][ T53] usb 5-1: USB disconnect, device number 7 [ 108.824779][ T6642] imon:send_packet: error submitting urb(-19) [ 108.845540][ T6642] imon:vfd_write: send packet #3 failed [ 110.124623][ T10] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 110.304492][ T10] usb 7-1: config 0 interface 0 altsetting 10 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.323170][ T10] usb 7-1: config 0 interface 0 has no altsetting 0 [ 110.326495][ T10] usb 7-1: New USB device found, idVendor=056a, idProduct=0335, bcdDevice= 0.00 [ 110.330534][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.337647][ T10] usb 7-1: config 0 descriptor?? [ 110.627302][ T6682] ISOFS: Unable to identify CD-ROM format. [ 110.758797][ T10] hid (null): usage index exceeded [ 110.770494][ T10] wacom 0003:056A:0335.0003: ignoring exceeding usage max [ 110.773910][ T10] wacom 0003:056A:0335.0003: ignoring exceeding usage max [ 110.777058][ T10] wacom 0003:056A:0335.0003: usage index exceeded [ 110.779489][ T10] wacom 0003:056A:0335.0003: item 0 0 2 2 parsing failed [ 110.784065][ T10] wacom 0003:056A:0335.0003: parse failed [ 110.787830][ T10] wacom 0003:056A:0335.0003: probe with driver wacom failed with error -22 [ 110.961326][ T10] usb 7-1: USB disconnect, device number 5 [ 111.116634][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.3.193'. [ 112.002880][ T6719] CIFS: VFS: Malformed UNC in devname [ 113.339881][ T6739] netlink: 8 bytes leftover after parsing attributes in process `syz.2.209'. [ 113.344057][ T6739] netlink: 20 bytes leftover after parsing attributes in process `syz.2.209'. [ 113.550643][ T6741] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 114.231451][ T6750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.210'. [ 115.868843][ T29] kernel read not supported for file /binder/transactions (pid: 29 comm: kworker/1:0) [ 115.936351][ T5960] Bluetooth: hci2: failed to read key size for handle 200 [ 115.973634][ T6783] netlink: 36 bytes leftover after parsing attributes in process `syz.2.223'. [ 115.978260][ T6783] netlink: 16 bytes leftover after parsing attributes in process `syz.2.223'. [ 115.982354][ T6783] netlink: 36 bytes leftover after parsing attributes in process `syz.2.223'. [ 115.996478][ T6783] netlink: 36 bytes leftover after parsing attributes in process `syz.2.223'. [ 116.469657][ T6794] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 116.948978][ T6802] tmpfs: Cannot retroactively limit inodes [ 117.474657][ T6011] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 117.624621][ T6011] usb 6-1: Using ep0 maxpacket: 16 [ 117.629677][ T6011] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 117.655193][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.664860][ T6011] usb 6-1: config 0 descriptor?? [ 117.668662][ T6011] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 117.899816][ T6814] capability: warning: `syz.2.236' uses 32-bit capabilities (legacy support in use) [ 118.753884][ T5960] Bluetooth: hci3: failed to read key size for handle 200 [ 119.514609][ T6011] gspca_sonixj: i2c_w8 err -71 [ 119.534621][ T6011] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 119.541446][ T6011] usb 6-1: USB disconnect, device number 11 [ 119.639067][ T6835] netlink: 4 bytes leftover after parsing attributes in process `syz.0.244'. [ 121.005619][ T6859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.254'. [ 121.231959][ T6856] fuse: Bad value for 'fd' [ 121.704576][ T6031] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 121.874554][ T6031] usb 6-1: Using ep0 maxpacket: 32 [ 121.878681][ T6031] usb 6-1: config index 0 descriptor too short (expected 28708, got 36) [ 121.882497][ T6031] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 121.893077][ T6031] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 121.897186][ T6031] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 121.901276][ T6031] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 121.914506][ T6031] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 121.919445][ T6031] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 121.923794][ T6031] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.931328][ T6031] usb 6-1: config 0 descriptor?? [ 122.090197][ T6879] affs: No valid root block on device nullb0 [ 122.139587][ T6031] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 122.154328][ T6031] usb 6-1: USB disconnect, device number 12 [ 122.159971][ T6031] usblp0: removed [ 122.675269][ T6031] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 122.832767][ T5959] Bluetooth: hci3: failed to read key size for handle 200 [ 122.834542][ T6031] usb 6-1: Using ep0 maxpacket: 32 [ 122.836153][ T5959] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 122.840160][ T6031] usb 6-1: config index 0 descriptor too short (expected 28708, got 36) [ 122.845877][ T6031] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 122.850072][ T6031] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 122.853736][ T6031] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 122.858157][ T6031] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 122.862516][ T6031] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 122.869214][ T6031] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 122.873162][ T6031] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.883389][ T6031] usb 6-1: config 0 descriptor?? [ 123.100868][ T6031] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 123.664534][ T6031] usb 6-1: USB disconnect, device number 13 [ 123.676261][ T6031] usblp0: removed [ 123.736314][ T6912] netlink: 32 bytes leftover after parsing attributes in process `syz.3.272'. [ 123.984580][ T6011] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 124.156460][ T6011] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 124.160493][ T6011] usb 7-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.00 [ 124.163714][ T6011] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.173076][ T6011] usb 7-1: config 0 descriptor?? [ 124.175521][ T6914] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 124.640845][ T6011] betop 0003:8380:1850.0004: hidraw1: USB HID v1.01 Device [HID 8380:1850] on usb-dummy_hcd.2-1/input0 [ 124.652566][ T6011] betop 0003:8380:1850.0004: no inputs found [ 124.817528][ T6011] usb 7-1: USB disconnect, device number 6 [ 124.970794][ T6949] hpfs: Bad magic ... probably not HPFS [ 125.537753][ T5959] Bluetooth: hci3: unexpected event for opcode 0x040d [ 125.888984][ T6964] Mount JFS Failure: -5 [ 125.984548][ T6011] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 126.165004][ T6011] usb 5-1: config 150 has an invalid interface number: 204 but max is 2 [ 126.168764][ T6011] usb 5-1: config 150 has 2 interfaces, different from the descriptor's value: 3 [ 126.172733][ T6011] usb 5-1: config 150 has no interface number 0 [ 126.178079][ T6011] usb 5-1: config 150 interface 204 has no altsetting 0 [ 126.190284][ T6011] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 126.194318][ T6011] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.204695][ T6011] usb 5-1: Product: syz [ 126.206572][ T6011] usb 5-1: Manufacturer: syz [ 126.208539][ T6011] usb 5-1: SerialNumber: syz [ 126.482831][ T6011] xr_serial 5-1:150.204: skipping garbage [ 126.486849][ T6011] xr_serial 5-1:150.204: xr_serial converter detected [ 126.885071][ T6011] xr_serial ttyUSB0: Failed to set reg 0x0c: -71 [ 126.887934][ T6011] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 126.914059][ T6011] usb 5-1: USB disconnect, device number 8 [ 126.942530][ T6011] xr_serial 5-1:150.204: device disconnected [ 127.030251][ T6977] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 128.414696][ T7009] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 128.480077][ T7007] syz.1.304: page allocation failure: order:1, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 128.487069][ T7007] CPU: 0 UID: 0 PID: 7007 Comm: syz.1.304 Not tainted syzkaller #0 PREEMPT(full) [ 128.487095][ T7007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.487107][ T7007] Call Trace: [ 128.487114][ T7007] [ 128.487123][ T7007] dump_stack_lvl+0x16c/0x1f0 [ 128.487161][ T7007] warn_alloc+0x248/0x3a0 [ 128.487188][ T7007] ? __pfx_warn_alloc+0x10/0x10 [ 128.487212][ T7007] ? __mutex_unlock_slowpath+0x161/0x790 [ 128.487263][ T7007] __alloc_frozen_pages_noprof+0xe9b/0x2430 [ 128.487300][ T7007] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 128.487325][ T7007] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.487355][ T7007] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 128.487380][ T7007] ? stack_depot_save_flags+0x3de/0x9b0 [ 128.487410][ T7007] ? __kasan_kmalloc+0xaa/0xb0 [ 128.487435][ T7007] ? __kmalloc_noprof+0x33d/0x910 [ 128.487454][ T7007] ? comedi_isadma_alloc+0x10d/0x6e0 [ 128.487482][ T7007] ? pcl812_attach+0xca8/0x2110 [ 128.487503][ T7007] ? comedi_device_attach+0x3b3/0x900 [ 128.487539][ T7007] __alloc_pages_noprof+0xb/0x1b0 [ 128.487562][ T7007] __dma_direct_alloc_pages.constprop.0+0x4c5/0x950 [ 128.487598][ T7007] ? __pfx___dma_direct_alloc_pages.constprop.0+0x10/0x10 [ 128.487631][ T7007] ? dma_alloc_from_dev_coherent+0x2e4/0x570 [ 128.487654][ T7007] dma_direct_alloc+0x8f/0x580 [ 128.487686][ T7007] dma_alloc_attrs+0x185/0x2b0 [ 128.487711][ T7007] ? __pfx_dma_alloc_attrs+0x10/0x10 [ 128.487735][ T7007] ? dma_direct_supported+0xca/0x220 [ 128.487769][ T7007] comedi_isadma_alloc+0x3de/0x6e0 [ 128.487833][ T7007] ? __pfx_comedi_isadma_alloc+0x10/0x10 [ 128.487864][ T7007] ? request_threaded_irq+0x2c8/0x3e0 [ 128.487889][ T7007] pcl812_attach+0xca8/0x2110 [ 128.487916][ T7007] comedi_device_attach+0x3b3/0x900 [ 128.487946][ T7007] do_devconfig_ioctl+0x1b1/0x710 [ 128.487973][ T7007] ? comedi_unlocked_ioctl+0x167/0x2eb0 [ 128.487991][ T7007] ? __pfx_do_devconfig_ioctl+0x10/0x10 [ 128.488037][ T7007] ? kasan_save_track+0x14/0x30 [ 128.488062][ T7007] ? kasan_save_free_info+0x3b/0x60 [ 128.488083][ T7007] ? __kasan_slab_free+0x5f/0x80 [ 128.488109][ T7007] ? kfree+0x2f8/0x6e0 [ 128.488127][ T7007] ? tomoyo_path_number_perm+0x470/0x580 [ 128.488149][ T7007] ? security_file_ioctl_compat+0x9b/0x240 [ 128.488171][ T7007] ? __ia32_compat_sys_ioctl+0xc3/0x370 [ 128.488194][ T7007] ? __do_fast_syscall_32+0xe8/0x680 [ 128.488229][ T7007] comedi_unlocked_ioctl+0x1582/0x2eb0 [ 128.488257][ T7007] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 128.488296][ T7007] ? kasan_quarantine_put+0x10a/0x240 [ 128.488320][ T7007] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.488351][ T7007] ? find_held_lock+0x2b/0x80 [ 128.488376][ T7007] ? tomoyo_path_number_perm+0x295/0x580 [ 128.488401][ T7007] ? tomoyo_path_number_perm+0x18d/0x580 [ 128.488425][ T7007] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 128.488449][ T7007] comedi_compat_ioctl+0x1ed/0xda0 [ 128.488468][ T7007] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 128.488488][ T7007] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 128.488518][ T7007] ? do_vfs_ioctl+0x128/0x14f0 [ 128.488540][ T7007] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 128.488570][ T7007] ? find_held_lock+0x2b/0x80 [ 128.488594][ T7007] ? hook_file_ioctl_common+0x144/0x410 [ 128.488622][ T7007] ? __fget_files+0x20e/0x3c0 [ 128.488647][ T7007] ? __ia32_compat_sys_openat+0x130/0x210 [ 128.488676][ T7007] ? __pfx_comedi_compat_ioctl+0x10/0x10 [ 128.488696][ T7007] __ia32_compat_sys_ioctl+0x242/0x370 [ 128.488723][ T7007] __do_fast_syscall_32+0xe8/0x680 [ 128.488755][ T7007] do_fast_syscall_32+0x32/0x80 [ 128.488772][ T7007] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 128.488795][ T7007] RIP: 0023:0xf6ffd579 [ 128.488810][ T7007] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 128.488828][ T7007] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 128.488845][ T7007] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000040946400 [ 128.488857][ T7007] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 128.488867][ T7007] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 128.488877][ T7007] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 128.488888][ T7007] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 128.488913][ T7007] [ 128.488920][ T7007] Mem-Info: [ 128.666601][ T7007] active_anon:868 inactive_anon:7358 isolated_anon:0 [ 128.666601][ T7007] active_file:10266 inactive_file:12831 isolated_file:0 [ 128.666601][ T7007] unevictable:1768 dirty:195 writeback:0 [ 128.666601][ T7007] slab_reclaimable:6315 slab_unreclaimable:51089 [ 128.666601][ T7007] mapped:24033 shmem:4257 pagetables:1148 [ 128.666601][ T7007] sec_pagetables:308 bounce:0 [ 128.666601][ T7007] kernel_misc_reclaimable:0 [ 128.666601][ T7007] free:73586 free_pcp:0 free_cma:0 [ 128.684679][ T7007] Node 0 active_anon:460kB inactive_anon:0kB active_file:68kB inactive_file:188kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:12kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8880kB pagetables:1452kB sec_pagetables:1148kB all_unreclaimable? no Balloon:0kB [ 128.706397][ T7007] Node 0 DMA free:2348kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 128.718109][ T7007] lowmem_reserve[]: 0 289 289 289 289 [ 128.720094][ T7007] Node 0 DMA: 29*4kB (U) 3*8kB (U) 4*16kB (UM) 11*32kB (UM) 4*64kB (UM) 2*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2348kB [ 128.725477][ T7007] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 128.730221][ T7007] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 128.734044][ T7007] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 128.737906][ T7007] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 128.742083][ T7007] 27595 total pagecache pages [ 128.744252][ T7007] 242 pages in swap cache [ 128.747001][ T7007] Free swap = 120956kB [ 128.749057][ T7007] Total swap = 124996kB [ 128.750948][ T7007] 524155 pages RAM [ 128.752964][ T7007] 0 pages HighMem/MovableOnly [ 128.756093][ T7007] 209061 pages reserved [ 128.758103][ T7007] 0 pages cma reserved [ 129.214784][ T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 129.234582][ T29] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 129.364598][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 129.368698][ T10] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 129.372713][ T10] usb 7-1: config 0 has no interface number 0 [ 129.376110][ T10] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 129.380486][ T10] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 129.385183][ T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 129.388946][ T10] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 129.393355][ T10] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 129.394558][ T29] usb 6-1: Using ep0 maxpacket: 16 [ 129.397054][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.400407][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.406552][ T10] usb 7-1: config 0 descriptor?? [ 129.412829][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.418487][ T29] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 129.419535][ T10] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 129.428877][ T29] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 129.435815][ T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.451767][ T29] usb 6-1: config 0 descriptor?? [ 129.529280][ T7032] netlink: 'syz.3.313': attribute type 10 has an invalid length. [ 129.548779][ T7032] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 129.877871][ T29] input: HID 05ac:8241 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:05AC:8241.0005/input/input10 [ 129.969317][ T29] appleir 0003:05AC:8241.0005: input,hiddev1,hidraw1: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 130.068166][ T55] usb 6-1: USB disconnect, device number 14 [ 130.898610][ T5959] Bluetooth: hci3: failed to read key size for handle 200 [ 130.901617][ T5959] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 132.010879][ T55] usb 7-1: USB disconnect, device number 7 [ 132.028469][ T55] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 132.510938][ T5959] Bluetooth: hci1: failed to read key size for handle 200 [ 132.514195][ T5959] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 132.526263][ T5959] Bluetooth: hci3: unexpected event for opcode 0x040d [ 133.110319][ T7123] bridge0: entered promiscuous mode [ 133.117713][ T7123] bridge0: left promiscuous mode [ 133.134867][ T7124] syz.2.348 uses obsolete (PF_INET,SOCK_PACKET) [ 134.389461][ T5959] Bluetooth: hci1: failed to read key size for handle 200 [ 134.392275][ T5959] Bluetooth: hci1: unexpected event for opcode 0x1408 [ 134.774589][ T53] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 134.944680][ T53] usb 5-1: Using ep0 maxpacket: 32 [ 134.949271][ T53] usb 5-1: config 0 has an invalid interface number: 255 but max is 0 [ 134.952419][ T53] usb 5-1: config 0 has no interface number 0 [ 134.955129][ T53] usb 5-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 134.959082][ T53] usb 5-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 134.965174][ T53] usb 5-1: config 0 interface 255 has no altsetting 0 [ 134.967850][ T53] usb 5-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 134.970855][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.980895][ T53] usb 5-1: config 0 descriptor?? [ 135.190243][ T53] usb 5-1: string descriptor 0 read error: -71 [ 135.197375][ T53] usb 5-1: USB disconnect, device number 9 [ 135.270509][ T7171] overlayfs: failed to clone upperpath [ 136.007699][ T5959] Bluetooth: hci2: failed to read key size for handle 200 [ 136.928884][ T5959] Bluetooth: hci3: unexpected event for opcode 0x040d [ 137.645771][ T5959] Bluetooth: hci3: unexpected event for opcode 0x040d [ 139.184603][ T53] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 139.353413][ T53] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 139.356789][ T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.359293][ T53] usb 6-1: Product: syz [ 139.360639][ T53] usb 6-1: Manufacturer: syz [ 139.362695][ T53] usb 6-1: SerialNumber: syz [ 139.366518][ T53] usb 6-1: config 0 descriptor?? [ 139.378086][ T53] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 139.419027][ T5959] Bluetooth: hci3: unexpected event for opcode 0x1804 [ 139.612271][ T53] gspca_sunplus: reg_r err -71 [ 139.614686][ T53] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 139.653393][ T53] usb 6-1: USB disconnect, device number 15 [ 140.134693][ T54] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 140.294547][ T54] usb 7-1: Using ep0 maxpacket: 32 [ 140.302648][ T54] usb 7-1: config 0 has no interfaces? [ 140.306095][ T54] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 140.309517][ T54] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.318156][ T54] usb 7-1: config 0 descriptor?? [ 140.329319][ T5959] Bluetooth: hci2: failed to read key size for handle 200 [ 140.659165][ T10] usb 7-1: USB disconnect, device number 8 [ 141.923626][ T5959] Bluetooth: hci0: failed to read key size for handle 200 [ 142.255327][ T6011] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 142.406858][ T6011] usb 7-1: config 0 has an invalid interface number: 166 but max is 0 [ 142.410846][ T6011] usb 7-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 142.424757][ T6011] usb 7-1: config 0 has an invalid descriptor of length 128, skipping remainder of the config [ 142.428256][ T6011] usb 7-1: config 0 has no interface number 0 [ 142.430582][ T6011] usb 7-1: config 0 interface 166 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 142.454649][ T6011] usb 7-1: New USB device found, idVendor=10c4, idProduct=f001, bcdDevice=3e.33 [ 142.457782][ T6011] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.461642][ T6011] usb 7-1: config 0 descriptor?? [ 142.514697][ T6011] hub 7-1:0.166: bad descriptor, ignoring hub [ 142.517364][ T6011] hub 7-1:0.166: probe with driver hub failed with error -5 [ 142.521141][ T6011] cp210x 7-1:0.166: cp210x converter detected [ 142.756689][ T7355] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 143.049379][ T1414] ieee802154 phy0 wpan0: encryption failed: -22 [ 143.052923][ T1414] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.252153][ T7364] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'. [ 143.255215][ T7364] netlink: 16 bytes leftover after parsing attributes in process `syz.3.444'. [ 143.258249][ T7364] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'. [ 143.261286][ T7364] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'. [ 143.464718][ T5959] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 143.467498][ T5959] Bluetooth: hci3: Injecting HCI hardware error event [ 144.510237][ T6011] cp210x 7-1:0.166: failed to get vendor val 0x370b size 1: -71 [ 144.514575][ T6011] cp210x 7-1:0.166: querying part number failed [ 144.519169][ T6011] usb 7-1: cp210x converter now attached to ttyUSB0 [ 144.548218][ T6011] usb 7-1: USB disconnect, device number 9 [ 144.552408][ T6011] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 144.579220][ T6011] cp210x 7-1:0.166: device disconnected [ 145.261056][ T40] audit: type=1800 audit(1767909197.416:2): pid=7389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.455" name="/" dev="fuse" ino=9 res=0 errno=0 [ 145.344646][ T6011] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 145.437629][ T7406] netlink: 48 bytes leftover after parsing attributes in process `syz.3.460'. [ 145.495961][ T6011] usb 7-1: Using ep0 maxpacket: 8 [ 145.502765][ T6011] usb 7-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 145.507035][ T6011] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.510213][ T6011] usb 7-1: Product: syz [ 145.512158][ T6011] usb 7-1: Manufacturer: syz [ 145.514262][ T6011] usb 7-1: SerialNumber: syz [ 145.522721][ T6011] usb 7-1: config 0 descriptor?? [ 145.534729][ T6011] radio-usb-si4713 7-1:0.0: Si4713 development board discovered: (10C4:8244) [ 146.150476][ T6011] radio-usb-si4713 7-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 146.158710][ T6011] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 146.163656][ T6011] usb 7-1: USB disconnect, device number 10 [ 146.724739][ T5959] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 146.730255][ T5959] Bluetooth: hci0: Injecting HCI hardware error event [ 146.734860][ T5959] Bluetooth: hci0: hardware error 0x00 [ 146.966667][ T7423] netlink: 36 bytes leftover after parsing attributes in process `syz.2.469'. [ 147.514551][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 147.664511][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 147.669506][ T24] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 147.674555][ T24] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 147.678739][ T24] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 147.682352][ T24] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 147.688597][ T24] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 147.691641][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.694629][ T24] usb 5-1: Product: syz [ 147.696135][ T24] usb 5-1: Manufacturer: syz [ 147.698469][ T24] usb 5-1: SerialNumber: syz [ 147.707765][ C2] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 147.713976][ T24] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input11 [ 147.944531][ T24] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 147.948429][ T24] (id 0x00) [ 148.004634][ T24] rc_core: IR keymap rc-imon-pad not found [ 148.014142][ T24] Registered IR keymap rc-empty [ 148.016830][ T24] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 148.021348][ T24] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 148.147832][ T24] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0 [ 148.158679][ T24] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input12 [ 148.169993][ T24] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:10> initialized [ 148.250155][ T7452] input: syz1 as /devices/virtual/input/input13 [ 148.515545][ T7465] syz.3.482: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 148.521708][ T7465] CPU: 1 UID: 0 PID: 7465 Comm: syz.3.482 Not tainted syzkaller #0 PREEMPT(full) [ 148.521729][ T7465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 148.521737][ T7465] Call Trace: [ 148.521741][ T7465] [ 148.521747][ T7465] dump_stack_lvl+0x16c/0x1f0 [ 148.521770][ T7465] warn_alloc+0x248/0x3a0 [ 148.521787][ T7465] ? __pfx_warn_alloc+0x10/0x10 [ 148.521801][ T7465] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 148.521819][ T7465] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.521837][ T7465] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 148.521858][ T7465] ? kasan_save_stack+0x42/0x60 [ 148.521873][ T7465] ? kasan_save_stack+0x33/0x60 [ 148.521886][ T7465] ? kasan_save_track+0x14/0x30 [ 148.521902][ T7465] ? xskq_create+0xfb/0x1d0 [ 148.521916][ T7465] __vmalloc_node_range_noprof+0x12c2/0x16b0 [ 148.521933][ T7465] ? xskq_create+0xfb/0x1d0 [ 148.521949][ T7465] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 148.521967][ T7465] ? xskq_create+0xfb/0x1d0 [ 148.521979][ T7465] vmalloc_user_noprof+0x9e/0xe0 [ 148.521990][ T7465] ? xskq_create+0xfb/0x1d0 [ 148.522003][ T7465] xskq_create+0xfb/0x1d0 [ 148.522032][ T7465] xsk_setsockopt+0x932/0xc00 [ 148.522046][ T7465] ? __pfx_xsk_setsockopt+0x10/0x10 [ 148.522063][ T7465] ? aa_sock_opt_perm+0xfd/0x1b0 [ 148.522083][ T7465] ? __pfx_xsk_setsockopt+0x10/0x10 [ 148.522098][ T7465] do_sock_setsockopt+0xf3/0x1d0 [ 148.522119][ T7465] __sys_setsockopt+0x120/0x1a0 [ 148.522135][ T7465] __ia32_sys_setsockopt+0xbc/0x160 [ 148.522148][ T7465] ? __do_fast_syscall_32+0x9a/0x680 [ 148.522166][ T7465] ? lockdep_hardirqs_on+0x7c/0x110 [ 148.522183][ T7465] __do_fast_syscall_32+0xe8/0x680 [ 148.522203][ T7465] do_fast_syscall_32+0x32/0x80 [ 148.522213][ T7465] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 148.522228][ T7465] RIP: 0023:0xf70cd579 [ 148.522237][ T7465] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 148.522248][ T7465] RSP: 002b:00000000f547b55c EFLAGS: 00000296 ORIG_RAX: 000000000000016e [ 148.522259][ T7465] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 000000000000011b [ 148.522266][ T7465] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004 [ 148.522274][ T7465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 148.522283][ T7465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.522292][ T7465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 148.522313][ T7465] [ 148.522407][ T7465] Mem-Info: [ 148.622190][ T7465] active_anon:3365 inactive_anon:7352 isolated_anon:0 [ 148.622190][ T7465] active_file:10254 inactive_file:12863 isolated_file:0 [ 148.622190][ T7465] unevictable:1768 dirty:356 writeback:0 [ 148.622190][ T7465] slab_reclaimable:5938 slab_unreclaimable:53346 [ 148.622190][ T7465] mapped:26937 shmem:7114 pagetables:1096 [ 148.622190][ T7465] sec_pagetables:313 bounce:0 [ 148.622190][ T7465] kernel_misc_reclaimable:0 [ 148.622190][ T7465] free:58383 free_pcp:13588 free_cma:0 [ 148.638665][ T7465] Node 0 active_anon:36kB inactive_anon:4kB active_file:20kB inactive_file:268kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:12kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8832kB pagetables:1376kB sec_pagetables:1148kB all_unreclaimable? no Balloon:0kB [ 148.648834][ T7465] Node 1 active_anon:13524kB inactive_anon:29404kB active_file:40996kB inactive_file:51184kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:107684kB dirty:1412kB writeback:0kB shmem:24920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4576kB pagetables:3008kB sec_pagetables:104kB all_unreclaimable? no Balloon:0kB [ 148.660384][ T7465] Node 0 DMA free:2068kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:268kB local_pcp:44kB free_cma:0kB [ 148.670586][ T7465] lowmem_reserve[]: 0 289 289 289 289 [ 148.672483][ T7465] Node 0 DMA32 free:16660kB boost:0kB min:13332kB low:16664kB high:19996kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:4kB active_file:20kB inactive_file:268kB unevictable:3536kB writepending:12kB zspages:0kB present:1032196kB managed:296804kB mlocked:0kB bounce:0kB free_pcp:13180kB local_pcp:4036kB free_cma:0kB [ 148.683326][ T7465] lowmem_reserve[]: 0 0 0 0 0 [ 148.685482][ T7465] Node 1 DMA32 free:214804kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13624kB inactive_anon:29404kB active_file:40996kB inactive_file:51184kB unevictable:3536kB writepending:1412kB zspages:1904kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:40636kB local_pcp:6816kB free_cma:0kB [ 148.698378][ T7465] lowmem_reserve[]: 0 0 0 0 0 [ 148.700106][ T7465] Node 0 DMA: 1*4kB (M) 4*8kB (UM) 3*16kB (U) 10*32kB (UM) 2*64kB (UM) 2*128kB (M) 1*256kB (M) 0*512kB 1*1024kB (M) 0*2048kB 0*4096kB = 2068kB [ 148.704968][ T7465] Node 0 DMA32: 289*4kB (UME) 78*8kB (UME) 20*16kB (UME) 39*32kB (E) 18*64kB (ME) 21*128kB (ME) 9*256kB (ME) 6*512kB (UM) 4*1024kB (UM) 0*2048kB 0*4096kB = 16660kB [ 148.711166][ T7465] Node 1 DMA32: 665*4kB (UME) 36*8kB (UME) 199*16kB (UME) 425*32kB (UME) 294*64kB (ME) 237*128kB (UME) 88*256kB (UME) 51*512kB (UME) 19*1024kB (UME) 8*2048kB (M) 15*4096kB (M) = 214804kB [ 148.718806][ T7465] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 148.722656][ T7465] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 148.726383][ T7465] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 148.730214][ T7465] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 148.733634][ T7465] 30469 total pagecache pages [ 148.735821][ T7465] 242 pages in swap cache [ 148.737754][ T7465] Free swap = 120956kB [ 148.739377][ T7465] Total swap = 124996kB [ 148.741087][ T7465] 524155 pages RAM [ 148.742516][ T7465] 0 pages HighMem/MovableOnly [ 148.744694][ T7465] 209061 pages reserved [ 148.746213][ T7465] 0 pages cma reserved [ 148.804620][ T5959] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 149.221581][ T24] usb 5-1: USB disconnect, device number 10 [ 149.224865][ T7467] imon:send_packet: packet tx failed (-71) [ 149.244523][ T7467] imon:vfd_write: send packet #2 failed [ 150.104838][ T7483] binder: 7482:7483 ioctl c0306201 80000c80 returned -14 [ 150.143760][ T7483] loop6: detected capacity change from 0 to 2640 [ 150.149268][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.152293][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.164745][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.169563][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.173017][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.177710][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.181456][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.186846][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.191233][ T7483] ldm_validate_partition_table(): Disk read failed. [ 150.193790][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.197145][ T7483] Buffer I/O error on dev loop6, logical block 0, async page read [ 150.199788][ T7483] Dev loop6: unable to read RDB block 0 [ 150.201821][ T7483] loop6: unable to read partition table [ 150.212249][ T7483] loop_reread_partitions: partition scan of loop6 (3„ ¾‚³˜) failed (rc=-5) [ 150.223710][ T5353] ldm_validate_partition_table(): Disk read failed. [ 150.225651][ T7487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.490'. [ 150.228018][ T5353] Dev loop6: unable to read RDB block 0 [ 150.235431][ T5353] loop6: unable to read partition table [ 150.614501][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 150.766993][ T10] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 150.770530][ T10] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 150.774116][ T10] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 150.778689][ T10] usb 5-1: config 220 has no interface number 2 [ 150.781345][ T10] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 150.786630][ T10] usb 5-1: config 220 interface 0 has no altsetting 0 [ 150.789538][ T10] usb 5-1: config 220 interface 76 has no altsetting 0 [ 150.792446][ T10] usb 5-1: config 220 interface 1 has no altsetting 0 [ 150.797643][ T10] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 150.801575][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.804898][ T10] usb 5-1: Product: syz [ 150.806622][ T10] usb 5-1: Manufacturer: syz [ 150.808672][ T10] usb 5-1: SerialNumber: syz [ 151.027498][ T10] usb 5-1: selecting invalid altsetting 0 [ 151.037369][ T10] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 151.040732][ T10] uvcvideo 5-1:220.0: No valid video chain found. [ 151.050279][ T10] usb 5-1: selecting invalid altsetting 0 [ 151.053193][ T10] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 151.059630][ T10] usb 5-1: USB disconnect, device number 11 [ 151.457173][ T7508] netlink: 'syz.3.497': attribute type 10 has an invalid length. [ 151.464344][ T7508] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 151.579734][ T7510] netlink: 28 bytes leftover after parsing attributes in process `syz.0.498'. [ 151.681298][ T7514] netlink: 36 bytes leftover after parsing attributes in process `syz.0.500'. [ 151.684148][ T7514] netlink: 16 bytes leftover after parsing attributes in process `syz.0.500'. [ 151.687446][ T7514] netlink: 36 bytes leftover after parsing attributes in process `syz.0.500'. [ 151.690842][ T7514] netlink: 36 bytes leftover after parsing attributes in process `syz.0.500'. [ 155.264681][ T53] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 155.359493][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.520'. [ 155.404206][ T5959] Bluetooth: hci3: unexpected event for opcode 0x0000 [ 155.489247][ T53] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 155.492714][ T53] usb 7-1: config 0 interface 0 has no altsetting 0 [ 155.507110][ T53] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 155.510282][ T53] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 155.513550][ T53] usb 7-1: Product: syz [ 155.526403][ T53] usb 7-1: Manufacturer: syz [ 155.528084][ T53] usb 7-1: SerialNumber: syz [ 155.536503][ T53] usb 7-1: config 0 descriptor?? [ 155.567988][ T53] usb 7-1: selecting invalid altsetting 0 [ 156.054321][ T7581] input: syz1 as /devices/virtual/input/input14 [ 156.184995][ T6031] usb 7-1: USB disconnect, device number 11 [ 157.666383][ T40] audit: type=1804 audit(1767909209.826:3): pid=7612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.535" name="bus" dev="ramfs" ino=16501 res=1 errno=0 [ 158.868748][ T7632] netlink: 20 bytes leftover after parsing attributes in process `syz.0.542'. [ 159.187670][ T5304] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 159.193307][ T5304] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 159.198905][ T5304] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 159.210470][ T5304] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 159.217168][ T5304] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 159.448993][ T5304] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 159.451839][ T5304] Bluetooth: hci3: Injecting HCI hardware error event [ 159.637090][ T7643] chnl_net:caif_netlink_parms(): no params data found [ 159.849457][ T7643] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.877767][ T7643] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.886108][ T7643] bridge_slave_0: entered allmulticast mode [ 159.898027][ T7643] bridge_slave_0: entered promiscuous mode [ 159.906716][ T7643] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.910196][ T7643] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.912974][ T7643] bridge_slave_1: entered allmulticast mode [ 159.926634][ T7643] bridge_slave_1: entered promiscuous mode [ 159.978328][ T7643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.991399][ T7643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.038092][ T7643] team0: Port device team_slave_0 added [ 160.041914][ T7643] team0: Port device team_slave_1 added [ 160.083282][ T7643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.090941][ T7643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 160.099184][ T7643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.115427][ T7643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.117718][ T7643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 160.130261][ T7643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.231127][ T7643] hsr_slave_0: entered promiscuous mode [ 160.237370][ T7643] hsr_slave_1: entered promiscuous mode [ 160.240195][ T7643] debugfs: 'hsr0' already exists in 'hsr' [ 160.242351][ T7643] Cannot create hsr debugfs directory [ 160.530142][ T7643] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 160.538372][ T7643] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 160.546417][ T7643] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 160.556039][ T7643] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 160.691618][ T7643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.715021][ T7643] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.727986][ T6237] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.730350][ T6237] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.752655][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.755184][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.040118][ T7643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.242152][ T7643] veth0_vlan: entered promiscuous mode [ 161.250071][ T7643] veth1_vlan: entered promiscuous mode [ 161.280417][ T7643] veth0_macvtap: entered promiscuous mode [ 161.288958][ T7643] veth1_macvtap: entered promiscuous mode [ 161.294847][ T5304] Bluetooth: hci0: command tx timeout [ 161.309025][ T7643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.317174][ T7643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 161.325545][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.330357][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.333427][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.338066][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.405571][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.408679][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.428398][ T6237] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.431359][ T6237] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.845353][ T6011] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 161.998228][ T6011] usb 9-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 162.002529][ T6011] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.007138][ T6011] usb 9-1: Product: syz [ 162.010795][ T6011] usb 9-1: Manufacturer: syz [ 162.013023][ T6011] usb 9-1: SerialNumber: syz [ 162.018834][ T6011] usb 9-1: config 0 descriptor?? [ 162.024215][ T6011] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 162.270095][ T6011] gspca_sunplus: reg_r err -71 [ 162.275882][ T6011] sunplus 9-1:0.0: probe with driver sunplus failed with error -71 [ 162.288041][ T6011] usb 9-1: USB disconnect, device number 2 [ 162.420152][ T7711] fuse: Bad value for 'fd' [ 162.885694][ T5960] Bluetooth: hci3: hardware error 0x00 [ 162.890838][ T55] ------------[ cut here ]------------ [ 162.893466][ T55] workqueue: cannot queue hci_conn_timeout on wq hci3 [ 162.896339][ T55] WARNING: kernel/workqueue.c:2251 at __queue_work+0xc9d/0x10e0, CPU#2: kworker/2:1/55 [ 162.900567][ T55] Modules linked in: [ 162.902816][ T55] CPU: 2 UID: 0 PID: 55 Comm: kworker/2:1 Not tainted syzkaller #0 PREEMPT(full) [ 162.907051][ T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 162.911748][ T55] Workqueue: events l2cap_chan_timeout [ 162.914040][ T55] RIP: 0010:__queue_work+0xca1/0x10e0 [ 162.916455][ T55] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d f3 86 07 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 f0 13 3a 00 90 0f 0b 90 e9 15 f6 [ 162.925261][ T55] RSP: 0018:ffffc9000076f9c8 EFLAGS: 00010046 [ 162.927920][ T55] RAX: dffffc0000000000 RBX: ffff88801b49e000 RCX: 1ffff1100462a14b [ 162.931538][ T55] RDX: ffff888013469178 RSI: ffffffff8a6ca450 RDI: ffffffff908bddd0 [ 162.934976][ T55] RBP: ffff888023150a40 R08: 0000000000000005 R09: 0000000000000000 [ 162.938506][ T55] R10: 0000000000200000 R11: ffff888020680b30 R12: 0000000000000000 [ 162.942032][ T55] R13: ffff888013469000 R14: ffff888023150a88 R15: ffff888013469000 [ 162.945893][ T55] FS: 0000000000000000(0000) GS:ffff8880978fc000(0000) knlGS:0000000000000000 [ 162.950182][ T55] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 162.953185][ T55] CR2: 0000000000000000 CR3: 000000004a684000 CR4: 0000000000352ef0 [ 162.956592][ T55] Call Trace: [ 162.958095][ T55] [ 162.959488][ T55] ? __cancel_work+0x2c8/0x340 [ 162.961636][ T55] ? clear_pending_if_disabled+0xa8/0x210 [ 162.964236][ T55] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 162.967382][ T55] __queue_delayed_work+0x35b/0x460 [ 162.970035][ T55] queue_delayed_work_on+0x1b5/0x200 [ 162.972463][ T55] l2cap_chan_del+0x5a0/0x940 [ 162.974546][ T55] l2cap_chan_close+0xfe/0xa80 [ 162.976672][ T55] ? __pfx_l2cap_chan_close+0x10/0x10 [ 162.979057][ T55] l2cap_chan_timeout+0x196/0x340 [ 162.981458][ T55] process_one_work+0x9ba/0x1b20 [ 162.983783][ T55] ? __pfx_process_one_work+0x10/0x10 [ 162.986422][ T55] ? assign_work+0x1a0/0x250 [ 162.988859][ T55] worker_thread+0x6c8/0xf10 [ 162.991128][ T55] ? __pfx_worker_thread+0x10/0x10 [ 162.993539][ T55] kthread+0x3c5/0x780 [ 162.995329][ T55] ? __pfx_kthread+0x10/0x10 [ 162.997311][ T55] ? rcu_is_watching+0x12/0xc0 [ 162.999365][ T55] ? __pfx_kthread+0x10/0x10 [ 163.001344][ T55] ret_from_fork+0x983/0xb10 [ 163.003247][ T55] ? __pfx_ret_from_fork+0x10/0x10 [ 163.005325][ T55] ? __switch_to+0x7af/0x10d0 [ 163.007216][ T55] ? __pfx_kthread+0x10/0x10 [ 163.009260][ T55] ret_from_fork_asm+0x1a/0x30 [ 163.011330][ T55] [ 163.012696][ T55] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 163.015811][ T55] CPU: 2 UID: 0 PID: 55 Comm: kworker/2:1 Not tainted syzkaller #0 PREEMPT(full) [ 163.019660][ T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.024055][ T55] Workqueue: events l2cap_chan_timeout [ 163.026103][ T55] Call Trace: [ 163.027492][ T55] [ 163.028796][ T55] dump_stack_lvl+0x3d/0x1f0 [ 163.030648][ T55] vpanic+0x640/0x6f0 [ 163.032393][ T55] ? __queue_work+0xc9d/0x10e0 [ 163.034581][ T55] panic+0xca/0xd0 [ 163.036271][ T55] ? __pfx_panic+0x10/0x10 [ 163.038098][ T55] ? check_panic_on_warn+0x1f/0xb0 [ 163.040191][ T55] check_panic_on_warn+0xab/0xb0 [ 163.042349][ T55] __warn+0x108/0x3c0 [ 163.044075][ T55] __report_bug+0x2a0/0x520 [ 163.045953][ T55] ? __queue_work+0xc9d/0x10e0 [ 163.048094][ T55] ? __pfx___report_bug+0x10/0x10 [ 163.050585][ T55] ? do_raw_spin_unlock+0x172/0x230 [ 163.053011][ T55] ? __pfx_hci_conn_timeout+0x10/0x10 [ 163.054847][ T55] ? __pfx_debug_object_assert_init+0x10/0x10 [ 163.057178][ T55] ? trace_sched_exit_tp+0xd1/0x110 [ 163.059550][ T55] report_bug_entry+0xe1/0x290 [ 163.061539][ T55] ? __queue_work+0xca1/0x10e0 [ 163.063498][ T55] handle_bug+0x18a/0x260 [ 163.065287][ T55] exc_invalid_op+0x17/0x50 [ 163.067230][ T55] asm_exc_invalid_op+0x1a/0x20 [ 163.069379][ T55] RIP: 0010:__queue_work+0xca1/0x10e0 [ 163.071813][ T55] Code: 78 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 0c 04 00 00 48 8d 3d f3 86 07 0f 48 8b 75 18 <67> 48 0f b9 3a e9 90 f7 ff ff e8 f0 13 3a 00 90 0f 0b 90 e9 15 f6 [ 163.080245][ T55] RSP: 0018:ffffc9000076f9c8 EFLAGS: 00010046 [ 163.083037][ T55] RAX: dffffc0000000000 RBX: ffff88801b49e000 RCX: 1ffff1100462a14b [ 163.086613][ T55] RDX: ffff888013469178 RSI: ffffffff8a6ca450 RDI: ffffffff908bddd0 [ 163.090100][ T55] RBP: ffff888023150a40 R08: 0000000000000005 R09: 0000000000000000 [ 163.093359][ T55] R10: 0000000000200000 R11: ffff888020680b30 R12: 0000000000000000 [ 163.096924][ T55] R13: ffff888013469000 R14: ffff888023150a88 R15: ffff888013469000 [ 163.100685][ T55] ? __pfx_hci_conn_timeout+0x10/0x10 [ 163.103133][ T55] ? __queue_work+0xc70/0x10e0 [ 163.105138][ T55] ? __cancel_work+0x2c8/0x340 [ 163.107157][ T55] ? clear_pending_if_disabled+0xa8/0x210 [ 163.109504][ T55] ? __pfx_clear_pending_if_disabled+0x10/0x10 [ 163.112021][ T55] __queue_delayed_work+0x35b/0x460 [ 163.114181][ T55] queue_delayed_work_on+0x1b5/0x200 [ 163.116530][ T55] l2cap_chan_del+0x5a0/0x940 [ 163.118492][ T55] l2cap_chan_close+0xfe/0xa80 [ 163.120499][ T55] ? __pfx_l2cap_chan_close+0x10/0x10 [ 163.122724][ T55] l2cap_chan_timeout+0x196/0x340 [ 163.124823][ T55] process_one_work+0x9ba/0x1b20 [ 163.127105][ T55] ? __pfx_process_one_work+0x10/0x10 [ 163.129771][ T55] ? assign_work+0x1a0/0x250 [ 163.131868][ T55] worker_thread+0x6c8/0xf10 [ 163.133891][ T55] ? __pfx_worker_thread+0x10/0x10 [ 163.136106][ T55] kthread+0x3c5/0x780 [ 163.137895][ T55] ? __pfx_kthread+0x10/0x10 [ 163.139759][ T55] ? rcu_is_watching+0x12/0xc0 [ 163.141797][ T55] ? __pfx_kthread+0x10/0x10 [ 163.143811][ T55] ret_from_fork+0x983/0xb10 [ 163.145821][ T55] ? __pfx_ret_from_fork+0x10/0x10 [ 163.148085][ T55] ? __switch_to+0x7af/0x10d0 [ 163.150168][ T55] ? __pfx_kthread+0x10/0x10 [ 163.152378][ T55] ret_from_fork_asm+0x1a/0x30 [ 163.154766][ T55] [ 163.157198][ T55] Kernel Offset: disabled [ 163.159145][ T55] Rebooting in 86400 seconds..