last executing test programs: 7.919052575s ago: executing program 4 (id=2967): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r0, 0x6, 0x19, 0xfffffffffffffffd, &(0x7f0000000100)=0x2) 7.425720646s ago: executing program 2 (id=2969): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) syz_usb_disconnect(r0) poll(&(0x7f0000000740)=[{r1}], 0x1, 0x0) 7.047426274s ago: executing program 4 (id=2972): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x47, 0x0, 0x0) mkdir(0x0, 0x0) add_key$fscrypt_provisioning(0x0, &(0x7f0000001140)={'syz', 0x2}, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f000000e280)={0x2020}, 0x2020) syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x444c40) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000006c0)={0xffffffffffffffff, &(0x7f0000000500), 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x5393, &(0x7f0000000000)=ANY=[]) syz_open_dev$usbmon(0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000900)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) socket$inet6(0xa, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) r4 = syz_open_pts(r3, 0x141601) fcntl$setstatus(r4, 0x4, 0x102800) write(r4, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x3) close_range(r2, 0xffffffffffffffff, 0x0) 6.271519413s ago: executing program 2 (id=2976): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x30, 0x2, {{}, [@TCA_NETEM_ECN={0x8}, @TCA_NETEM_JITTER64={0xc}]}}}]}, 0x60}}, 0x0) 5.867497346s ago: executing program 2 (id=2979): r0 = syz_open_procfs(0x0, &(0x7f0000000240)='pagemap\x00') r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) r2 = syz_io_uring_setup(0x690a, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000140)=0x0) socketpair(0x0, 0xa, 0x1, &(0x7f0000000100)) syz_io_uring_setup(0x13c7, &(0x7f0000000280), &(0x7f0000000440)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0x184c, 0x0, 0x0, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_PDP_HASHSIZE={0x8}, @IFLA_GTP_ROLE={0x8, 0x4, 0x2}]}}}]}, 0x40}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'dvmrp1\x00'}) 5.783835537s ago: executing program 0 (id=2980): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x882) r1 = syz_io_uring_setup(0x4072, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000200)="5f894eca7aef1b308458dded34900a60c5c619df9a9456872690491d", 0x1c}], 0x1}) io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0) 5.617371121s ago: executing program 4 (id=2981): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_UID={0x8, 0x19, 0xffffffffffffffff}]}, 0x24}}, 0x0) 5.415855442s ago: executing program 0 (id=2982): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) epoll_create(0x47f) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x0, 0x40000002, 0x67fa}) r3 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640), 0x0, 0x0}) syz_fuse_handle_req(r0, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x11, 0x3, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100}, 0x90) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000093183d6e86ddf4387fdc23dd5371669cf531551f32fd3ad9383afbef35f3ac018adf7f4f35cfff4105aed11c42c6bc757048e6177da4c8b14a2b5e29b7553801e50e75540de739215961b96ad2cf31196491be4d7e8427e4d829786928fae6a4930b98f60aac9e50cde60bb8ab5595226db5999160b9cfb1beb986fc511f443caeafa5289e7fe869af0b7625f85245fcd0dd53b6b08"], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x9d, &(0x7f0000000000)=""/157}, 0x80) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='block_bio_remap\x00', r5}, 0x10) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000023c0)={r6, 0x87, &(0x7f0000000800)}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe40, 0x0, &(0x7f0000000240)="5cdd3086ddff0066b3c9bbac88a8862c00dffd0013dd00000000000000008100f5df86dd", 0x0, 0x15d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) close_range(0xffffffffffffffff, r0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) sendmsg$inet(r7, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) preadv(r8, &(0x7f00000002c0)=[{0x0}, {&(0x7f00000000c0)=""/46, 0x2e}], 0x2, 0xc6, 0x3) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x2d, &(0x7f0000000940)=ANY=[@ANYBLOB="120100006f8db40882057a003fc70102030109021b0001000000000904000001fff14c0009050d03"], 0x0) 5.196026628s ago: executing program 3 (id=2983): prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ff9000/0x4000)=nil) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0x40405515, 0x0) setxattr$system_posix_acl(0x0, 0x0, 0x0, 0x24, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r4, 0x82e0, 0xff39, 0x0) openat$cgroup_ro(r4, &(0x7f0000000040)='memory.current\x00', 0x0, 0x0) sendmsg$nl_xfrm(r3, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=@newsa={0x14c, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@local, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x6c}, @in=@empty, {0x0, 0x0, 0x0, 0xfffffff7ffffffff}, {0x0, 0x4}, {}, 0x0, 0x0, 0x2, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @XFRMA_IF_ID={0x8, 0x1f, 0x3}, @mark={0xc, 0x15, {0x35075a, 0x1}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x20, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x20}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=@deltaction={0x14}, 0x14}}, 0x0) getsockname$packet(r7, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYRES32, @ANYBLOB="030000007f00000020001280080001007369740014000280080001", @ANYRES32], 0x40}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 5.195160691s ago: executing program 2 (id=2984): socket$inet6_tcp(0xa, 0x1, 0x0) dup(0xffffffffffffffff) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x2b, 0x0, @loopback, @loopback, [], "1e520b4c951ee12e"}}}}}}}, 0x0) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f00000002c0)={0x20, 0x0, 0x0, 0x8001, 0x3}) setsockopt$MRT6_DONE(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000100)='./file0\x00', 0xa0ff, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x703881, 0x40) fcntl$setlease(r1, 0x400, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="3af69c30fdf94d64e67a36", @ANYRESHEX=r1], 0x50}}, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000280)) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6(0xa, 0xa, 0x1) connect$inet6(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000140)=[{0x25, 0x0, 0x1}, {0x2}, {0x6}]}) bpf$PROG_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600707, 0x19) socket$kcm(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0xfc, 0x0}}, 0x10, 0x0}, 0x0) sendmsg$rds(r3, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000100)=""/74, 0x4a}], 0x1}, 0x0) 5.087538645s ago: executing program 4 (id=2985): r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000040)={0x1, @pix_mp={0x0, 0x0, 0x32314742}}) 4.409837388s ago: executing program 4 (id=2986): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x0) 4.210541037s ago: executing program 3 (id=2987): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="850000006c00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) 4.094513749s ago: executing program 1 (id=2988): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)='\x00\x00', 0x2}], 0x1}, 0x8001) ioctl$SIOCSIFHWADDR(r0, 0x8905, &(0x7f0000000340)={'veth0_to_bond\x00', @remote}) 3.804652226s ago: executing program 3 (id=2989): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000600)='fd/4\x00') socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='westwood\x00', 0x9) getsockopt$inet6_tcp_buf(r7, 0x6, 0x1a, 0x0, &(0x7f0000000080)) ioctl$EXT4_IOC_GROUP_EXTEND(r3, 0x800c6613, &(0x7f0000000240)=0x1fffffffffffffff) 3.786110105s ago: executing program 1 (id=2990): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) unlink(&(0x7f0000000100)='./file0/file0\x00') stat(0x0, 0x0) 3.595210283s ago: executing program 4 (id=2991): socket(0x0, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0x62, &(0x7f0000000240)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x2c, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}, @md5sig={0x13, 0x12, "9b113ff4c4385514c5bc5149cf7f48c8"}]}}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc5, &(0x7f0000000180)=""/197, 0x0, 0x0, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2600}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) recvmmsg(0xffffffffffffffff, &(0x7f0000004200)=[{{0x0, 0x0, &(0x7f0000002000)=[{0x0}, {&(0x7f0000001f40)=""/158, 0x9e}], 0x2}}], 0x1, 0x0, &(0x7f0000002040)={0x0, 0x989680}) setsockopt$sock_int(r4, 0x1, 0x10, &(0x7f0000000080)=0x8, 0x4) sendmmsg(r4, &(0x7f0000001e00), 0x3fffffffffffe36, 0x0) 2.413549403s ago: executing program 1 (id=2992): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={'nr', 0x0}, 0x0, 'syz0\x00', @default, 0x0, 0x0, [@bcast, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) 2.409502487s ago: executing program 3 (id=2993): mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000140)) 2.095497615s ago: executing program 0 (id=2994): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x5e, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fc020000000000000000000000000000fe8000000000000000000000000000aa8700faff"], 0x0) 1.994836342s ago: executing program 3 (id=2995): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x1}) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x40006, 0x2}) socket(0x8, 0x800, 0x81) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x1000000}) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$can_bcm(0x1d, 0x2, 0x2) write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '\xff\xff\xff\xff\xff\xff'}], 0xa, ';'}, 0x13) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r3}, 0x10) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r4, 0x2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) r6 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000040)={0x5, r5}) ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f0000000100)=0x5) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)) 1.63548581s ago: executing program 1 (id=2996): r0 = syz_io_uring_setup(0x6908, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)=0x0) r2 = syz_io_uring_setup(0x1868, &(0x7f0000000280), &(0x7f00000000c0)=0x0, &(0x7f0000000180)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff, 0xffffffffffffffff, r2, r0], 0x4}) syz_io_uring_submit(r3, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r2, 0x0, 0x0}) io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0) r4 = io_uring_setup(0x7058, &(0x7f0000000040)) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r5) 1.584456724s ago: executing program 0 (id=2997): socket$kcm(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="740000001300"/16, @ANYRES32=0x0, @ANYBLOB="024205000000000008000c00040007003eff1a804800008014000700ff01000000000000000000000000000114000700fc01000000000000000000000000000014000700fe8000000000000000000000000000000500080065a20000"], 0x74}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x2, 0x0) r3 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r3, 0x2285, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) writev(r3, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9d85e447511703d", 0x31}], 0x2) io_submit(0x0, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) fchown(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000780)={0x0, 0x0, 0x0}, &(0x7f00000007c0)=0xc) chown(&(0x7f0000000740)='./file0\x00', 0x0, r4) recvfrom$unix(r1, 0x0, 0x0, 0x0, 0x0, 0xfe29) unshare(0x400) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYRES8=0x0], &(0x7f0000000000)='GPL\x00'}, 0x90) shutdown(r1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000a00)=ANY=[@ANYBLOB="9feb010018000000000000003800000038000000020000000000000001000004ff000000000000000300000000000000000000000100004d000000000000000900ffffff000001000000000a000000000000128e7eab5699f252b4812d05f592caad9a09f531c8305d60456b0645061c3ced2bc0efb9af48fc36467cec811dfeab8a9d4b46c7363a50ccf353fb0753e4de95e91663f47a1a56851a"], &(0x7f0000000340)=""/5, 0x52, 0x5, 0x1}, 0x20) write$binfmt_script(r3, &(0x7f0000000580)={'#! ', './file0/file0', [{0x20, '\'{^'}, {0x20, '-\xb8\x00'}, {0x20, '\''}], 0xa, "4ab2ae3e2e3da0dbf64632c9461ab9a1b52b8d29c2392e3ec6fb396c04a16f79102a632d0cd884d57bdd113a4926e0ba4e0e1f1b78dd7af50f47844d67214edf5fffc818b151bdf2"}, 0x63) syz_open_dev$tty20(0xc, 0x4, 0x0) r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r5, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000c}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0}, 0x90) 1.214617656s ago: executing program 1 (id=2998): capset(&(0x7f00000005c0)={0x20071026}, &(0x7f0000000600)) pivot_root(0x0, 0x0) 1.053395923s ago: executing program 2 (id=2999): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ab9fd540501d6f60d414000000010902"], 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB], 0x114}], 0x1}, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000880)=ANY=[@ANYBLOB="7a0af8ff7525736cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000f700000000b2595285fa97ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5956fc4a33ca263e2b5d47b2b00000000b1a297cfddd73f30f2382f6c2d3ffdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000010000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc70bb30d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e3841bef895c5a637b0bf2eac3cb07b74a72291a1a2b523dd81b6651b1ee29e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e90000000001000000b6b2f25ddb8c640ab321a402058c92cdfbea882b0b18914781ceb10814cf4ee23ddb79fff5eb156e0a000000000000f2bd164a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8fdf3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0aa390d0da6972ed719d7e0efb2bb713d1890e317c8de105c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b9c66200349e62d4d0ab1a1dc51907c980000cfb215af2c1a3c22243cce23b00000a857d61b0d66c3f6da8aed31027c33204ea0fa0620111920d3f24980e9995a510bd87b06440a0a26130098b901c53a02cfbfd8bcbdec9f34542c3c9652adefde555ecd28ebc88082bab431ee3e1adb5b0ad14c79dd4411ecc96c512f3b72a9b3a0c3e07ec6b427bdc0bf3963e9f802a5feab82a989db62d8d1339f842b3f593d6c24fe015ec63c658ba7c4fae17514f802709ab4fa5caa932d4b65a5ecfc422899513ddde6ec04974f9981a8c155c26e2e3b8f2d0da70e524832ab04dec9ce66a62ceffbb15b1857c93666fe043a266a451f9a1e1f054211b9ae566b58f4f356c7a4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xd}, 0x48) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$drirender128(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f00000000c0)={0x13}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0x0, "571a0a0da4c642c2"}) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mknodat(r4, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) unlink(&(0x7f0000000140)='./file1\x00') ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) 995.595675ms ago: executing program 1 (id=3000): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x35, 0x19, 0x30, 0x40, 0x1645, 0x8, 0xcf36, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf4, 0xfa, 0xdc}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 684.476644ms ago: executing program 3 (id=3001): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[], 0x234) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) io_uring_setup(0x0, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) add_key$user(&(0x7f0000000a40), 0x0, &(0x7f00000002c0)='\x00', 0x1, 0xfffffffffffffffe) add_key$user(0x0, &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000000300)="9ab62427b7d15f8d4be6fca4f85d8efd11e5740d80105a2557f38c9ff948993d3e3b61e55f61d3f88f1114bd8b31990044954c8e78cde65be9fc6590782e5019857c7db4a0a3429a270102ee5884e8644a00d9c384e4f22a6b", 0x59, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x1c, 0x40, 0x9, 0x0, 0x0, {0x2}, [@typed={0x8, 0x2, 0x0, 0x0, @u32}]}, 0x1c}}, 0x0) r3 = dup(r0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x5c, 0x2, 0x6, 0x3, 0x0, 0xf0ffff, {}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}]}, 0x5c}}, 0x0) 499.072788ms ago: executing program 0 (id=3002): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r1, 0x0, 0x0}, 0x20) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r4 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, 0x0, 0x0) write(r4, &(0x7f0000000280)="1c0000001a", 0x5) preadv2(r1, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$smc(0x0, r4) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000680)={0x4c, 0x12, 0x4, 0x70bd25, 0x25dfdbfb, {0x29, 0xa0, 0xff, 0xf, {0x4e21, 0x4e20, [0x0, 0xffffffd4, 0x4, 0x40000], [0xff, 0x0, 0x802, 0x7fffffff], 0x0, [0x6]}, 0x2}}, 0x4c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000000) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x1000, 0x2, 0x0, 0x0, {0x0, 0x894, 0x0, 0x7, 0x0, 0x0, 0x1}, 0x6, 0x800, 0x90}}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x25}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}]]}, 0x5c}}, 0x0) 89.850043ms ago: executing program 0 (id=3003): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = socket$inet6(0xa, 0x802, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000080)=0x3, 0x4) sendto$inet(r2, &(0x7f0000000040)="0d02", 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200020000", 0x1c) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000040)="ff02040000000001000000000000329e4fb001b45a1c0205", 0x18) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @private1}, 0x1c) r4 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000005c0)=[{{&(0x7f0000003080)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10000000000000001701"], 0x10}}], 0x2, 0x0) sendmmsg$unix(r4, &(0x7f00000005c0), 0x2, 0x0) syz_emit_ethernet(0x9a, &(0x7f00000000c0)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "ecff80", 0x64, 0x11, 0x0, @private0, @mcast2, {[], {0x0, 0x4e22, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "2de3ee0885c2bf5f423809a17f11f37eb85740f418518225e668e40b3056c37a", "23066bc7387081244d0948b691377456", {"4ae5c071b05454933cad8dd0a2521e66", "ed4fb52fd9890990af7581ba3577075c"}}}}}}}}, 0x0) 0s ago: executing program 2 (id=3004): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f00000026c0)={0x0, 0x0, &(0x7f0000002680)={&(0x7f0000000b00)={0x20, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_NAN_FUNC={0x4}]}, 0x20}}, 0x0) kernel console output (not intermixed with test programs): the config [ 579.866312][ T5283] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 579.940981][ T5283] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 579.987157][ T5283] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 580.211442][ T5283] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b5.89 [ 580.987045][ T5283] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.041257][ T5283] usb 1-1: Product: syz [ 581.046855][ T5283] usb 1-1: Manufacturer: syz [ 581.102433][ T5283] usb 1-1: SerialNumber: syz [ 581.154383][ T5283] usb 1-1: config 0 descriptor?? [ 581.200451][ T5283] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 582.263848][ T5283] gspca_pac7302: reg_w() failed i: ff v: 01 error -110 [ 582.615766][ T5283] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -110 [ 582.871549][ T5283] usb 1-1: USB disconnect, device number 40 [ 583.200795][T12492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 583.231425][T12492] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.054078][T12504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2298'. [ 585.148791][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 585.160053][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 585.179457][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 585.191320][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 585.201469][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 585.213499][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 585.699437][T12509] netlink: 448 bytes leftover after parsing attributes in process `syz.1.2300'. [ 585.898680][T12529] vivid-001: disconnect [ 585.920480][T12528] vivid-001: reconnect [ 586.320488][T12541] rtc_cmos 00:00: Alarms can be up to one day in the future [ 587.289273][ T5231] Bluetooth: hci3: command tx timeout [ 587.384384][T12508] chnl_net:caif_netlink_parms(): no params data found [ 587.646107][ T5307] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 587.745534][T12556] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 587.938948][T12508] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.963665][T12508] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.993605][T12508] bridge_slave_0: entered allmulticast mode [ 588.003570][ T5307] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 588.043076][T12508] bridge_slave_0: entered promiscuous mode [ 588.200145][ T5307] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.212180][T12508] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.298601][T12561] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 589.108404][T12508] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.109419][ T5307] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 589.124113][T12508] bridge_slave_1: entered allmulticast mode [ 589.139560][T12508] bridge_slave_1: entered promiscuous mode [ 589.204709][T12563] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2315'. [ 589.228681][ T5307] usb 1-1: string descriptor 0 read error: -71 [ 589.236463][T12541] rtc_cmos 00:00: Alarms can be up to one day in the future [ 589.253965][ T5307] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 589.273861][T12563] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2315'. [ 589.286945][ T5307] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.302646][T12563] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2315'. [ 589.318281][ T5307] usb 1-1: can't set config #1, error -71 [ 589.342597][T12508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 589.353833][ T5307] usb 1-1: USB disconnect, device number 41 [ 589.363537][ T5231] Bluetooth: hci3: command tx timeout [ 589.414660][T12508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 589.611084][T12508] team0: Port device team_slave_0 added [ 589.646217][T12508] team0: Port device team_slave_1 added [ 589.662479][ T5270] rtc_cmos 00:00: Alarms can be up to one day in the future [ 589.703737][ T5270] rtc_cmos 00:00: Alarms can be up to one day in the future [ 589.727724][ T5270] rtc_cmos 00:00: Alarms can be up to one day in the future [ 589.746209][ T5270] rtc_cmos 00:00: Alarms can be up to one day in the future [ 589.763511][ T5270] rtc rtc0: __rtc_set_alarm: err=-22 [ 589.766087][T12508] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 589.799450][T12508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.834723][T12508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 589.847951][T12508] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 589.855509][T12508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 589.883681][T12508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 589.956184][T12508] hsr_slave_0: entered promiscuous mode [ 589.977195][T12508] hsr_slave_1: entered promiscuous mode [ 590.003663][ T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 590.013757][T12508] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 590.031671][T12508] Cannot create hsr debugfs directory [ 590.103483][ T5270] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 590.193612][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 590.208791][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 590.223719][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.253215][ T9] usb 2-1: Product: syz [ 590.267490][ T9] usb 2-1: Manufacturer: syz [ 590.272076][ T9] usb 2-1: SerialNumber: syz [ 590.285498][ T5270] usb 4-1: Using ep0 maxpacket: 8 [ 590.306806][ T5270] usb 4-1: config 1 interface 0 altsetting 119 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 590.324855][ T5270] usb 4-1: config 1 interface 0 altsetting 119 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 590.338956][ T9] usb 2-1: config 0 descriptor?? [ 590.344249][ T5270] usb 4-1: config 1 interface 0 has no altsetting 0 [ 590.354910][T12508] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.364555][ T5270] usb 4-1: New USB device found, idVendor=046d, idProduct=c091, bcdDevice= 0.40 [ 590.383500][ T5270] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.398584][ T5270] usb 4-1: Product: 《 [ 590.403559][ T5270] usb 4-1: Manufacturer: ఌ [ 590.422634][ T5270] usb 4-1: SerialNumber: syz [ 590.560371][T12508] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.566819][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 590.669143][T12508] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.780651][ T5270] usbhid 4-1:1.0: can't add hid device: -71 [ 590.793795][ T5270] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 590.802141][T12508] bond0: (slave netdevsim0): Releasing backup interface [ 590.812937][ T5270] usb 4-1: USB disconnect, device number 29 [ 590.844968][T12508] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 591.356223][T12508] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 591.366892][T12508] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 591.390865][T12508] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 591.409635][T12508] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 591.443663][ T5231] Bluetooth: hci3: command tx timeout [ 591.718652][T12508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 591.767886][T12508] 8021q: adding VLAN 0 to HW filter on device team0 [ 591.793638][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.800812][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 591.818588][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.825759][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 592.017520][ T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 592.036287][ T9] usb 2-1: USB disconnect, device number 31 [ 592.179744][T12508] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 592.518279][T12508] veth0_vlan: entered promiscuous mode [ 592.529645][T12508] veth1_vlan: entered promiscuous mode [ 592.627225][T12508] veth0_macvtap: entered promiscuous mode [ 592.655150][T12508] veth1_macvtap: entered promiscuous mode [ 592.692067][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.745259][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.756905][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.773548][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.847472][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.859173][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.872399][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 592.884200][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.904591][T12508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 592.948691][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.962059][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.973416][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 592.984252][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 592.994153][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.004610][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.014542][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.033521][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.053561][T12508] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 593.073553][T12508] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 593.117849][T12508] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 593.177582][T12508] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.193469][T12508] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.203741][T12508] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.212413][T12508] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.321386][ T6269] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.333420][ T6269] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.410907][ T6269] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 593.439761][ T6269] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 593.523727][ T5231] Bluetooth: hci3: command tx timeout [ 593.726889][T12599] xt_l2tp: invalid flags combination: 0 [ 594.923714][T12612] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2323'. [ 595.080282][ T29] audit: type=1326 audit(1723089615.375:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.245551][ T29] audit: type=1326 audit(1723089615.375:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.311892][ T29] audit: type=1326 audit(1723089615.405:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.426518][ T29] audit: type=1326 audit(1723089615.405:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.482055][ T29] audit: type=1326 audit(1723089615.405:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.589483][T12614] netlink: 448 bytes leftover after parsing attributes in process `syz.4.2322'. [ 595.604016][ T29] audit: type=1326 audit(1723089615.405:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.690342][ T29] audit: type=1326 audit(1723089615.405:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.813469][ T29] audit: type=1326 audit(1723089615.405:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.892628][ T29] audit: type=1326 audit(1723089615.405:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 595.966345][ T29] audit: type=1326 audit(1723089615.405:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12604 comm="syz.2.2323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5d7779f9 code=0x7ffc0000 [ 596.653480][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 596.863455][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 596.901670][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.936854][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.963822][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 596.972973][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.995229][ T9] usb 3-1: Product: syz [ 596.999422][ T9] usb 3-1: Manufacturer: syz [ 597.020658][ T9] usb 3-1: SerialNumber: syz [ 597.153491][ T58] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 597.380697][ T58] usb 2-1: Using ep0 maxpacket: 32 [ 597.405669][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 597.440026][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 597.451831][ T58] usb 2-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.00 [ 597.481279][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.502988][ T58] usb 2-1: config 0 descriptor?? [ 597.512754][T12637] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 597.782914][T12643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2328'. [ 597.940598][ T58] hid-rmi 0003:0461:4E72.0017: hidraw0: USB HID v0.00 Device [HID 0461:4e72] on usb-dummy_hcd.1-1/input0 [ 598.057553][ T9] cdc_ncm 3-1:1.0: SET_CRC_MODE failed [ 598.103803][ T9] cdc_ncm 3-1:1.0: bind() failure [ 598.112586][ T9] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 598.139979][ T58] usb 2-1: USB disconnect, device number 32 [ 598.169613][ T9] cdc_ncm 3-1:1.1: bind() failure [ 598.204510][ T9] usb 3-1: USB disconnect, device number 26 [ 598.365133][T12650] Bluetooth: MGMT ver 1.23 [ 598.400170][T12650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2341'. [ 598.430409][T12650] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2341'. [ 598.574489][ T25] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 598.804055][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 598.813581][ T25] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 598.829440][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.855744][ T25] usb 1-1: config 0 descriptor?? [ 598.933285][T12662] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2342'. [ 599.666706][ T25] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 599.703609][ T25] asix 1-1:0.0: probe with driver asix failed with error -71 [ 599.732864][ T25] usb 1-1: USB disconnect, device number 42 [ 600.432639][ T5231] Bluetooth: hci3: Opcode 0x1407 failed: -110 [ 600.447622][ T5231] Bluetooth: hci3: command 0x1407 tx timeout [ 603.159316][ T942] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 603.405727][ T942] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 603.428958][ T942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.476459][ T942] usb 2-1: config 0 descriptor?? [ 603.485305][ T942] cp210x 2-1:0.0: cp210x converter detected [ 603.563533][ T25] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 603.577715][ T9] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 603.776416][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 603.790120][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.793467][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 603.815229][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 603.840881][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 603.855204][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 603.873436][ T9] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 603.891983][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.901072][ T942] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 603.908977][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 603.937586][ T9] usb 1-1: config 0 descriptor?? [ 603.946859][ T942] usb 2-1: cp210x converter now attached to ttyUSB0 [ 603.959560][ T25] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 603.988993][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 604.029554][ T25] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 604.063248][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 604.090113][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.119751][ T25] usb 3-1: config 0 descriptor?? [ 604.145810][ T942] usb 2-1: USB disconnect, device number 33 [ 604.166888][ T5234] Bluetooth: hci6: urb ffff88801c74c400 submission failed (90) [ 604.186644][ T942] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 604.225255][ T942] cp210x 2-1:0.0: device disconnected [ 604.362605][ T25] usb 3-1: USB disconnect, device number 27 [ 604.384386][ T9] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0018/input/input30 [ 604.556567][ T9] microsoft 0003:045E:07DA.0018: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 604.622056][ T9] usb 1-1: USB disconnect, device number 43 [ 605.195033][ T25] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 605.293703][ T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 605.415408][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 605.502829][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.523527][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 605.546104][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 605.595693][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 605.613571][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 605.650853][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 605.817333][ T25] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 605.866954][ T9] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=96.bc [ 605.897033][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.897121][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.973562][ T9] usb 3-1: Product: syz [ 605.976567][ T25] usb 2-1: config 0 descriptor?? [ 606.007575][ T9] usb 3-1: Manufacturer: syz [ 606.038308][ T9] usb 3-1: SerialNumber: syz [ 606.089701][ T5231] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 606.114235][ T5231] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 606.124978][ T9] usb 3-1: config 0 descriptor?? [ 606.134267][ T9] adutux 3-1:0.0: interrupt endpoints not found [ 606.157315][ T5231] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 606.166486][ T5231] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 606.176046][ T5231] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 606.183830][ T5231] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 606.352910][ T29] kauditd_printk_skb: 54 callbacks suppressed [ 606.352927][ T29] audit: type=1326 audit(1723089626.645:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12712 comm="syz.0.2363" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x0 [ 606.421956][ T5283] usb 3-1: USB disconnect, device number 28 [ 607.837008][ T25] usbhid 2-1:0.0: can't add hid device: -71 [ 607.853720][ T25] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 607.879746][ T25] usb 2-1: USB disconnect, device number 34 [ 608.049497][T12735] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 608.107972][T12735] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1) [ 608.204498][T12735] bridge_slave_0: default FDB implementation only supports local addresses [ 608.324076][ T5234] Bluetooth: hci6: command tx timeout [ 608.435945][T12715] chnl_net:caif_netlink_parms(): no params data found [ 608.524702][T12753] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2371'. [ 608.679266][T12715] bridge0: port 1(bridge_slave_0) entered blocking state [ 608.737075][T12715] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.765212][T12715] bridge_slave_0: entered allmulticast mode [ 608.788079][T12715] bridge_slave_0: entered promiscuous mode [ 608.796975][ T58] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 608.826204][T12715] bridge0: port 2(bridge_slave_1) entered blocking state [ 608.833510][T12715] bridge0: port 2(bridge_slave_1) entered disabled state [ 608.861002][T12715] bridge_slave_1: entered allmulticast mode [ 608.882685][T12715] bridge_slave_1: entered promiscuous mode [ 609.018653][ T58] usb 3-1: Using ep0 maxpacket: 16 [ 609.052956][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 609.079753][T12715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 609.102188][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 609.117414][T12715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.126721][ T58] usb 3-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00 [ 609.152248][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 609.218986][ T58] usb 3-1: config 0 descriptor?? [ 609.365487][T12763] netlink: 'syz.0.2376': attribute type 7 has an invalid length. [ 609.439868][T12715] team0: Port device team_slave_0 added [ 609.481908][T12715] team0: Port device team_slave_1 added [ 609.794522][T12772] xt_time: unknown flags 0xc [ 610.136760][ T58] hid-alps 0003:044E:120C.0019: hidraw0: USB HID v0.00 Device [HID 044e:120c] on usb-dummy_hcd.2-1/input0 [ 610.563580][ T5234] Bluetooth: hci6: command tx timeout [ 610.594211][ T58] usb 3-1: USB disconnect, device number 29 [ 610.782502][T12715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 610.813688][T12715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 610.880255][T12715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 610.972320][T12715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 611.011414][T12715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 611.124017][T12715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 611.213795][T12787] tmpfs: Bad value for 'mpol' [ 611.311316][T12715] hsr_slave_0: entered promiscuous mode [ 611.393798][T12715] hsr_slave_1: entered promiscuous mode [ 611.431014][T12715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 611.453863][T12715] Cannot create hsr debugfs directory [ 611.490426][T12796] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2381'. [ 611.697481][T12796] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2381'. [ 612.321664][ T942] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 612.587915][ T942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 612.643429][ T942] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 612.644525][ T5234] Bluetooth: hci6: command tx timeout [ 612.696039][ T942] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 612.775317][ T942] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 612.843336][ T942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.879254][ T942] usb 1-1: config 0 descriptor?? [ 612.910019][T12793] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 612.920852][T12715] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 612.943055][T12715] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.174321][T12815] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 614.208702][T12715] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 614.232693][T12823] input: syz1 as /devices/virtual/input/input31 [ 614.243323][T12715] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.260113][ T942] plantronics 0003:047F:FFFF.001A: unknown main item tag 0xd [ 614.314146][ T942] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 614.362669][ T942] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 614.516578][T12715] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 614.565925][T12715] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.723502][ T5234] Bluetooth: hci6: command tx timeout [ 615.521003][T12715] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 615.554043][T12715] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.842436][T12715] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 615.886106][T12715] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 615.923554][ T942] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 615.980253][T12715] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 616.015549][T12715] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 616.127223][ T942] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 616.158058][ T942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 616.200968][ T942] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 616.242796][ T942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 616.292800][ T942] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 0 [ 616.318872][T12715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 616.336419][ T942] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 616.374908][ T942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.423997][ T942] usb 2-1: Product: syz [ 616.430082][T12715] 8021q: adding VLAN 0 to HW filter on device team0 [ 616.443546][ T942] usb 2-1: Manufacturer: syz [ 616.448170][ T942] usb 2-1: SerialNumber: syz [ 616.472534][ T942] usb 2-1: config 0 descriptor?? [ 616.479558][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.486722][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 616.499325][ T8642] usb 1-1: USB disconnect, device number 44 [ 616.518375][ T942] usb 2-1: ucan: probing device on interface #0 [ 616.537902][ T942] usb 2-1: ucan: invalid endpoint configuration [ 616.558155][ T942] usb 2-1: ucan: probe failed; try to update the device firmware [ 616.728178][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.731254][ T5270] usb 2-1: USB disconnect, device number 35 [ 616.735353][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 617.233723][ T8642] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 617.590924][ T8642] usb 1-1: Using ep0 maxpacket: 8 [ 617.632748][ T8642] usb 1-1: config index 0 descriptor too short (expected 1581, got 45) [ 617.651304][T12715] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 617.671903][ T8642] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 617.697026][ T8642] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 197 [ 617.743901][ T8642] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 617.793259][ T8642] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 617.843341][ T8642] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 617.893541][ T8642] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 617.902622][ T8642] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.970567][ T8642] usb 1-1: config 0 descriptor?? [ 617.996976][T12855] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 618.088002][T12879] netlink: 'syz.1.2414': attribute type 48 has an invalid length. [ 618.361848][ T8642] usb 1-1: USB disconnect, device number 45 [ 618.376814][T12715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 618.488814][T12715] veth0_vlan: entered promiscuous mode [ 618.512658][T12715] veth1_vlan: entered promiscuous mode [ 618.605371][T12715] veth0_macvtap: entered promiscuous mode [ 618.655558][T12715] veth1_macvtap: entered promiscuous mode [ 618.721391][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.753780][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.783530][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.820127][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.850861][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.874109][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.893716][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.916993][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.951820][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 618.972541][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 618.995662][T12715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 619.083290][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.113461][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.134973][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.156335][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.177367][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.227773][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.272589][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.321276][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.357075][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.383449][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.408311][T12715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 619.430166][T12715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 619.459094][T12715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 619.486316][T12715] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.505934][T12715] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.526112][T12715] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.579576][T12715] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.866818][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.890174][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 620.114176][ T6273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 620.122030][ T6273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 621.456519][T12941] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2361'. [ 621.788927][ T29] audit: type=1326 audit(1723089642.085:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 621.839448][ T29] audit: type=1326 audit(1723089642.105:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 621.924024][T12950] fuse: Unknown parameter ' ګ)5k+?s TDq%7ˁ$}jfn+` [ 621.924024][T12950] K!i.:fZHYI~GY36^ycs*^bG-zYAi9 [ 621.924024][T12950] +/mFf?I^hNBBmG{L`-*Qj;e1Paj%7TY1b I'8ާCsכ(9C%sfIh+qz-Ŀ#tOf?^2uQ~aYij H:Tjy҆Nq5]q~ϭۓ]p0x0000000000000008' [ 621.937481][ T29] audit: type=1326 audit(1723089642.155:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 621.985755][ T29] audit: type=1326 audit(1723089642.155:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 622.011130][ T29] audit: type=1326 audit(1723089642.155:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 622.063208][T12955] binder_alloc: binder_alloc_mmap_handler: 12949 20ffc000-20ffd000 already mapped failed -16 [ 622.409953][ T29] audit: type=1326 audit(1723089642.185:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 622.474290][ T29] audit: type=1326 audit(1723089642.185:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 622.553152][T12959] : renamed from ipvlan1 [ 622.649059][ T29] audit: type=1326 audit(1723089642.185:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 622.775994][ T29] audit: type=1326 audit(1723089642.185:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb557f76390 code=0x7ffc0000 [ 622.834400][T12963] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2443'. [ 622.901015][ T29] audit: type=1326 audit(1723089642.185:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12929 comm="syz.3.2361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x7ffc0000 [ 623.008185][T12963] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 623.085977][T12963] team0: Port device batadv1 added [ 623.273152][T12966] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 623.298075][ T5270] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 623.515660][ T5270] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.544627][ T5270] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.598194][ T5270] usb 3-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00 [ 623.653438][ T5270] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.687440][ T5270] usb 3-1: config 0 descriptor?? [ 624.149915][ T5270] wacom 0003:056A:0027.001B: unknown main item tag 0x0 [ 624.206996][ T5270] wacom 0003:056A:0027.001B: Unknown device_type for 'HID 056a:0027'. Assuming pen. [ 624.324329][ T5270] wacom 0003:056A:0027.001B: hidraw0: USB HID v0.00 Device [HID 056a:0027] on usb-dummy_hcd.2-1/input0 [ 624.375756][ T5270] input: Wacom Intuos5 touch M Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:0027.001B/input/input33 [ 624.493691][ T5270] usb 3-1: USB disconnect, device number 30 [ 625.484097][ T5234] Bluetooth: hci6: SCO packet for unknown connection handle 0 [ 630.729586][T13060] fuse: Unknown parameter 'fUs0x0000000000000006' [ 630.825442][T13067] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 630.874649][T13060] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 632.407441][T13077] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2479'. [ 632.704489][ T29] kauditd_printk_skb: 47 callbacks suppressed [ 632.704506][ T29] audit: type=1326 audit(1723089653.005:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 632.796520][ T29] audit: type=1326 audit(1723089653.095:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 632.857876][ T29] audit: type=1326 audit(1723089653.095:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 633.103679][ T29] audit: type=1326 audit(1723089653.095:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 633.155286][ T29] audit: type=1326 audit(1723089653.095:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 633.183553][ T5270] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 633.191175][ T29] audit: type=1326 audit(1723089653.135:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 633.229990][T13104] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2488'. [ 633.556321][ T29] audit: type=1326 audit(1723089653.135:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 633.557254][ T5270] usb 2-1: config 0 has an invalid interface number: 185 but max is 0 [ 633.587774][ T5270] usb 2-1: config 0 has an invalid interface association descriptor of length 5, skipping [ 633.599310][ T5270] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 633.611817][ T5270] usb 2-1: config 0 has no interface number 0 [ 633.718674][ T5270] usb 2-1: config 0 interface 185 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 633.729780][ T5270] usb 2-1: config 0 interface 185 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 16 [ 633.750623][ T29] audit: type=1326 audit(1723089653.135:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 633.789338][ T5270] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=d2.82 [ 633.932349][ T5270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.944567][ T5270] usb 2-1: Product: syz [ 633.950420][ T5270] usb 2-1: Manufacturer: syz [ 633.958335][ T5270] usb 2-1: SerialNumber: syz [ 634.004939][ T5270] usb 2-1: config 0 descriptor?? [ 634.012497][ T5270] cdc_ether 2-1:0.185: skipping garbage [ 634.018138][ T5270] cdc_ether 2-1:0.185: skipping garbage [ 634.023898][ T5270] cdc_ether 2-1:0.185: skipping garbage [ 634.029524][ T5270] usb 2-1: bad CDC descriptors [ 634.037837][ T5270] usb 2-1: unsupported MDLM descriptors [ 634.048609][ T29] audit: type=1326 audit(1723089653.135:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 634.243465][ T29] audit: type=1326 audit(1723089653.135:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13071 comm="syz.4.2479" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 634.342439][ T942] usb 2-1: USB disconnect, device number 36 [ 634.767707][T13110] block device autoloading is deprecated and will be removed. [ 636.563206][ T25] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 636.895322][ T25] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 637.195834][ T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 637.345993][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 637.651043][ T25] usb 4-1: SerialNumber: syz [ 637.678334][ T25] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 637.734280][T13129] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 637.822071][T13132] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 637.892923][ T5231] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 637.911116][ T5231] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 637.930199][ T5231] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 637.940379][ T5231] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 637.953548][ T5231] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 637.960888][ T5231] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 638.046021][T13138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2499'. [ 638.153612][T13138] vlan2: entered allmulticast mode [ 638.974478][ T942] usb 4-1: USB disconnect, device number 30 [ 639.447084][T13166] qrtr: Invalid version 12 [ 639.511728][T13134] chnl_net:caif_netlink_parms(): no params data found [ 639.803086][T13182] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2510'. [ 639.862676][T13134] bridge0: port 1(bridge_slave_0) entered blocking state [ 639.883714][T13134] bridge0: port 1(bridge_slave_0) entered disabled state [ 639.913770][T13134] bridge_slave_0: entered allmulticast mode [ 639.971653][T13134] bridge_slave_0: entered promiscuous mode [ 640.000972][T13134] bridge0: port 2(bridge_slave_1) entered blocking state [ 640.003719][ T5234] Bluetooth: hci7: command tx timeout [ 640.102285][T13134] bridge0: port 2(bridge_slave_1) entered disabled state [ 640.153298][T13134] bridge_slave_1: entered allmulticast mode [ 640.185795][T13134] bridge_slave_1: entered promiscuous mode [ 640.407712][T13134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 640.517173][T13134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 640.664290][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 640.664310][ T29] audit: type=1804 audit(1723089660.955:417): pid=13191 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2515" name="/newroot/13/bus/file0" dev="overlay" ino=96 res=1 errno=0 [ 640.736993][T13134] team0: Port device team_slave_0 added [ 640.790281][T13134] team0: Port device team_slave_1 added [ 640.873640][ T5283] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 641.027409][T13134] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 641.053562][T13134] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 641.113508][ T5283] usb 2-1: Using ep0 maxpacket: 32 [ 641.130177][ T5283] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 641.142126][ T5283] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 641.161095][T13134] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 641.173661][ T5283] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 641.205019][T13134] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 641.211990][T13134] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 641.243571][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 641.253249][ T5283] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 641.314000][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 641.330103][ T5283] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 641.348353][T13134] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 641.368789][ T5283] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 641.397917][ T5283] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 641.416100][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.428933][ T5283] usb 2-1: config 0 descriptor?? [ 641.502674][T13134] hsr_slave_0: entered promiscuous mode [ 641.523022][T13134] hsr_slave_1: entered promiscuous mode [ 641.711551][T13134] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 641.724230][T13134] Cannot create hsr debugfs directory [ 642.134344][ T5234] Bluetooth: hci7: command tx timeout [ 642.413634][ T5283] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 37 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 642.625394][T12860] usb 2-1: USB disconnect, device number 37 [ 642.676918][T12860] usblp0: removed [ 643.038646][T13134] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 643.282557][ T29] audit: type=1326 audit(1723089663.575:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 643.304612][ T5270] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 643.339159][ T29] audit: type=1326 audit(1723089663.635:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 643.362768][ T29] audit: type=1326 audit(1723089663.635:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 643.481560][ T29] audit: type=1326 audit(1723089663.635:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 643.505281][ T29] audit: type=1326 audit(1723089663.635:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 643.533514][ T5270] usb 1-1: Using ep0 maxpacket: 16 [ 643.537895][ T29] audit: type=1326 audit(1723089663.635:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 643.572448][T13134] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.273619][ T5234] Bluetooth: hci7: command tx timeout [ 644.293770][ T5270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 644.307339][ T29] audit: type=1326 audit(1723089663.635:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 644.349696][ T5270] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 644.396199][ T5270] usb 1-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=7c.b1 [ 644.433458][ T29] audit: type=1326 audit(1723089663.635:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 644.463440][ T5270] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.502914][ T5270] usb 1-1: Product: syz [ 644.513033][ T5270] usb 1-1: Manufacturer: syz [ 644.524156][ T5270] usb 1-1: SerialNumber: syz [ 644.530197][ T29] audit: type=1326 audit(1723089663.635:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13230 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f310ff779f9 code=0x7ffc0000 [ 644.564770][ T5270] usb 1-1: config 0 descriptor?? [ 644.574979][ T5270] kvaser_usb 1-1:0.0: Cannot get usb endpoint(s) [ 644.669032][T13134] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.793694][ T5270] usb 1-1: USB disconnect, device number 46 [ 644.893121][T13134] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 646.523638][ T5234] Bluetooth: hci7: command tx timeout [ 646.815046][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 646.815064][ T29] audit: type=1326 audit(1723089667.115:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13243 comm="syz.3.2534" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb557f779f9 code=0x0 [ 647.240142][T13256] Bluetooth: MGMT ver 1.23 [ 647.483534][T13134] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 647.837174][T13134] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 647.968800][T13134] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 648.005668][T13134] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 648.018980][ T29] audit: type=1804 audit(1723089668.305:430): pid=13258 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.2549" name="/" dev="pidfs" ino=13557 res=1 errno=0 [ 648.157598][T13263] fuse: Unknown parameter 'fUs0x0000000000000006' [ 648.578651][T13263] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 648.774338][T13134] 8021q: adding VLAN 0 to HW filter on device bond0 [ 648.940993][T13134] 8021q: adding VLAN 0 to HW filter on device team0 [ 649.107845][ T942] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.115051][ T942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.183964][ T942] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.191139][ T942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.835135][T13303] netlink: 203516 bytes leftover after parsing attributes in process `syz.3.2556'. [ 649.845004][T13134] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 649.854863][ T942] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 649.883304][T13303] netlink: 6324 bytes leftover after parsing attributes in process `syz.3.2556'. [ 649.987323][T13134] veth0_vlan: entered promiscuous mode [ 650.042748][T13134] veth1_vlan: entered promiscuous mode [ 650.059323][ T942] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 650.079219][ T942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.101694][ T942] usb 2-1: Product: syz [ 650.136657][ T942] usb 2-1: Manufacturer: syz [ 650.145253][ T942] usb 2-1: SerialNumber: syz [ 650.167892][T13134] veth0_macvtap: entered promiscuous mode [ 650.184196][ T942] usb 2-1: config 0 descriptor?? [ 650.199316][ T942] ch341 2-1:0.0: ch341-uart converter detected [ 650.215057][T13134] veth1_macvtap: entered promiscuous mode [ 650.306785][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.341133][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.365306][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.392270][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.430987][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.457498][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.480087][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.507154][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.534817][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.561060][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.588194][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.620818][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.652789][T13134] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 650.682729][T13310] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2559'. [ 650.748022][T13310] bond_slave_0: entered promiscuous mode [ 650.754765][T13310] bond_slave_1: entered promiscuous mode [ 650.816405][T13310] macvtap1: entered promiscuous mode [ 650.833865][T13310] bond0: entered promiscuous mode [ 650.858418][T13310] macvtap1: entered allmulticast mode [ 650.886683][T13310] bond0: entered allmulticast mode [ 650.933505][T13310] bond_slave_0: entered allmulticast mode [ 650.939283][T13310] bond_slave_1: entered allmulticast mode [ 650.974962][T13310] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 650.982666][T13311] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2559'. [ 650.997933][T13311] bond0: left allmulticast mode [ 651.011070][T13311] bond_slave_0: left allmulticast mode [ 651.021327][T13311] bond_slave_1: left allmulticast mode [ 651.035270][ T942] usb 2-1: failed to send control message: -71 [ 651.041600][ T942] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 651.070442][ T942] usb 2-1: USB disconnect, device number 38 [ 651.072826][T13311] bond0: left promiscuous mode [ 651.083587][T13311] bond_slave_0: left promiscuous mode [ 651.084391][ T942] ch341 2-1:0.0: device disconnected [ 651.089082][T13311] bond_slave_1: left promiscuous mode [ 651.145673][T13311] macvtap1: left promiscuous mode [ 651.167600][T13311] macvtap1: left allmulticast mode [ 651.225280][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.274607][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.303582][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.318284][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.338591][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.370788][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.400346][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.422747][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.440985][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.469274][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.489015][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.503554][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.514103][T13318] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2569'. [ 651.534053][T13134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 651.565488][T13134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.611634][T13134] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 651.674207][T13134] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.701503][T13134] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.712421][ T29] audit: type=1326 audit(1723089672.005:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 651.735152][T13319] fuse: Unknown parameter 'fUs0x0000000000000006' [ 651.786487][T13134] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.822557][ T29] audit: type=1326 audit(1723089672.025:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 651.845392][T13134] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.143573][ T29] audit: type=1326 audit(1723089672.055:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.166179][ T29] audit: type=1326 audit(1723089672.055:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.204702][ T29] audit: type=1326 audit(1723089672.055:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.282840][T13319] warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow [ 652.353590][ T29] audit: type=1326 audit(1723089672.055:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.385231][ T29] audit: type=1326 audit(1723089672.055:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.464882][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 652.472911][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 652.483141][ T29] audit: type=1326 audit(1723089672.055:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.619020][ T29] audit: type=1326 audit(1723089672.055:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.713199][ T29] audit: type=1326 audit(1723089672.055:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.743306][T11337] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 652.786091][T11337] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 652.853524][ T29] audit: type=1326 audit(1723089672.055:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f230f5779f9 code=0x7ffc0000 [ 652.905735][ T29] audit: type=1326 audit(1723089672.055:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.2569" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f230f576390 code=0x7ffc0000 [ 653.183500][ T5271] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 653.273567][ T942] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 653.683494][ T5271] usb 2-1: config 0 has an invalid interface number: 101 but max is 0 [ 653.693572][ T5271] usb 2-1: config 0 has no interface number 0 [ 653.700079][ T5271] usb 2-1: config 0 interface 101 has no altsetting 0 [ 654.237235][ T5271] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 654.336894][ T5271] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.401154][ T5271] usb 2-1: config 0 descriptor?? [ 654.424529][ T5271] cp210x 2-1:0.101: cp210x converter detected [ 654.453073][ T942] usb 5-1: Using ep0 maxpacket: 8 [ 654.492404][ T942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 654.575033][ T942] usb 5-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=d5.48 [ 654.635629][ T942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.664135][ T942] usb 5-1: Product: syz [ 654.678685][ T942] usb 5-1: Manufacturer: syz [ 654.683325][ T942] usb 5-1: SerialNumber: syz [ 654.696419][ T942] usb 5-1: config 0 descriptor?? [ 654.718072][ T942] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0) [ 654.754694][ T942] em28xx 5-1:0.0: Video interface 0 found: [ 654.838177][ T5271] cp210x 2-1:0.101: failed to get vendor val 0x000e size 3: -71 [ 654.884895][ T5271] usb 2-1: cp210x converter now attached to ttyUSB0 [ 654.909365][ T5271] usb 2-1: USB disconnect, device number 39 [ 654.942559][ T5271] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 654.995227][ T5271] cp210x 2-1:0.101: device disconnected [ 655.047259][ T942] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 655.214635][ T942] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 655.262274][ T942] em28xx 5-1:0.0: board has no eeprom [ 655.353409][ T942] em28xx 5-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57) [ 655.361628][ T942] em28xx 5-1:0.0: analog set to bulk mode. [ 655.391311][ T5270] em28xx 5-1:0.0: Registering V4L2 extension [ 655.411513][ T942] usb 5-1: USB disconnect, device number 36 [ 655.428961][ T942] em28xx 5-1:0.0: Disconnecting em28xx [ 655.735582][ T5270] em28xx 5-1:0.0: Config register raw data: 0xffffffed [ 655.743806][ T5270] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 655.750912][ T5270] em28xx 5-1:0.0: No AC97 audio processor [ 655.758112][ T5270] em28xx 5-1:0.0: em28xx_v4l2_init: Error while setting audio - error [-19]! [ 655.767820][ T5270] em28xx 5-1:0.0: Binding DVB extension [ 655.774380][ T5270] em28xx 5-1:0.0: no endpoint for DVB mode and transfer type 0 [ 655.782358][ T5270] em28xx 5-1:0.0: failed to pre-allocate USB transfer buffers for DVB. [ 655.790670][ T5270] em28xx 5-1:0.0: Remote control support is not available for this card. [ 655.799176][ T942] em28xx 5-1:0.0: Closing input extension [ 655.951336][ T942] em28xx 5-1:0.0: Freeing device [ 656.141069][T13371] block nbd2: shutting down sockets [ 656.254396][T13372] block nbd2: NBD_DISCONNECT [ 656.395173][T13372] block nbd2: Send disconnect failed -32 [ 656.553515][T13377] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2581'. [ 657.032718][T13396] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2586'. [ 657.133235][T13399] tun0: tun_chr_ioctl cmd 1074025675 [ 657.170921][T13399] tun0: persist disabled [ 657.838030][ T58] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 658.055283][ T58] usb 2-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 658.076037][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.098910][ T58] usb 2-1: config 0 descriptor?? [ 658.121123][ T58] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 658.394203][T13420] nbd0: detected capacity change from 0 to 12 [ 658.409757][T13422] block nbd0: NBD_DISCONNECT [ 659.017314][T13422] block nbd0: Send disconnect failed -89 [ 659.222603][ T58] gspca_sunplus: reg_w_riv err -71 [ 659.247465][ T58] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 659.263571][T13417] block nbd0: Disconnected due to user request. [ 659.271501][ T58] usb 2-1: USB disconnect, device number 40 [ 659.279345][T13417] block nbd0: shutting down sockets [ 659.806310][T13445] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2602'. [ 659.835852][T13445] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2602'. [ 661.186765][T13471] fuse: Unknown parameter '0x000000000000000a' [ 661.800936][T13473] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x1 [ 662.044428][T13478] netlink: 'syz.0.2616': attribute type 1 has an invalid length. [ 662.674622][T13504] Cannot find add_set index 0 as target [ 663.091593][T13513] netlink: 'syz.4.2629': attribute type 1 has an invalid length. [ 663.128986][T13513] netlink: 'syz.4.2629': attribute type 3 has an invalid length. [ 663.204216][T13513] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2629'. [ 663.360758][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 663.360778][ T29] audit: type=1800 audit(1723089683.655:461): pid=13500 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2624" name="/" dev="fuse" ino=1 res=0 errno=0 [ 663.434711][ T58] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 663.613550][ T58] usb 3-1: Using ep0 maxpacket: 16 [ 663.621825][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 663.662357][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 663.693541][ T58] usb 3-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.00 [ 663.704432][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.740876][ T58] usb 3-1: config 0 descriptor?? [ 664.005176][T13538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2640'. [ 664.179893][ T58] chicony 0003:04F2:1421.001C: unbalanced collection at end of report description [ 664.369698][ T58] chicony 0003:04F2:1421.001C: Chicony hid parse failed: -22 [ 664.468045][T13546] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2642'. [ 665.115485][ T58] chicony 0003:04F2:1421.001C: probe with driver chicony failed with error -22 [ 665.152767][ T58] usb 3-1: USB disconnect, device number 31 [ 665.463493][ T5270] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 665.868445][ T5270] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 666.162172][ T5270] usb 2-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8 [ 666.232160][ T5270] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 666.271237][ T5270] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 666.293517][ T5270] usb 2-1: Product: syz [ 666.297726][ T5270] usb 2-1: Manufacturer: syz [ 666.321212][ T5270] usb 2-1: SerialNumber: syz [ 666.634933][T13573] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2650'. [ 666.816229][T13578] netlink: 'syz.2.2650': attribute type 32 has an invalid length. [ 667.363193][ T5270] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 667.370686][ T5270] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 667.378351][ T5270] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 667.393253][T13586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2650'. [ 667.572991][ T5270] cdc_ncm 2-1:1.0: setting tx_max = 184 [ 667.677899][ T5270] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 667.757981][ T5270] usb 2-1: USB disconnect, device number 41 [ 667.778281][ T5270] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 668.023574][ T5307] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 668.235286][ T5307] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 668.266564][ T5307] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 668.301788][ T5307] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 668.324539][ T5307] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 668.343029][ T5307] usb 1-1: SerialNumber: syz [ 669.219916][ T5307] usb 1-1: 0:2 : does not exist [ 669.251922][ T5307] usb 1-1: USB disconnect, device number 47 [ 669.416020][T13615] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 669.523773][ T5270] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 669.713775][ T5270] usb 3-1: Using ep0 maxpacket: 8 [ 669.725327][ T5270] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 669.752518][ T5270] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.765108][ T5270] usb 3-1: config 0 descriptor?? [ 670.056019][T13630] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 670.615980][T13642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2678'. [ 670.808919][T13646] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2679'. [ 671.994350][ T5270] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 672.025156][ T5270] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 672.068099][ T5270] asix 3-1:0.0: probe with driver asix failed with error -71 [ 672.101671][ T5270] usb 3-1: USB disconnect, device number 32 [ 672.119931][T13662] netlink: 'syz.1.2688': attribute type 23 has an invalid length. [ 672.629180][T13672] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 672.743906][ T58] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 672.957619][ T58] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 672.976980][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.009004][ T58] usb 2-1: config 0 descriptor?? [ 673.283563][ T8642] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 673.503746][ T8642] usb 4-1: Using ep0 maxpacket: 8 [ 673.523039][ T8642] usb 4-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b [ 673.593438][ T8642] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.609086][ T8642] usb 4-1: config 0 descriptor?? [ 673.645860][ T58] usb 2-1: Cannot set autoneg [ 673.718571][ T58] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 673.735483][ T8642] viperboard 4-1:0.0: version 0.00 found at bus 004 address 031 [ 673.765325][ T58] usb 2-1: USB disconnect, device number 42 [ 673.774727][ T8642] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 673.825465][ T8642] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 673.879443][ T8642] usb 4-1: USB disconnect, device number 31 [ 675.884569][T13700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2701'. [ 676.023504][T13700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2701'. [ 676.338863][T13700] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2701'. [ 676.753698][T13714] vxcan1: entered allmulticast mode [ 679.671655][ T5234] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 679.683030][ T5234] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 679.701704][ T5234] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 679.711526][ T5234] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 679.720999][ T5234] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 679.728909][ T5234] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 682.373575][ T5234] Bluetooth: hci8: command tx timeout [ 682.430342][ T25] IPVS: starting estimator thread 0... [ 682.533606][T13786] IPVS: using max 22 ests per chain, 52800 per kthread [ 682.953500][ T29] audit: type=1326 audit(1723089703.235:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13790 comm="syz.2.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 683.063473][ T29] audit: type=1326 audit(1723089703.235:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13790 comm="syz.2.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 683.173457][ T29] audit: type=1326 audit(1723089703.305:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13790 comm="syz.2.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 683.291804][ T29] audit: type=1326 audit(1723089703.305:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13790 comm="syz.2.2734" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 683.519985][T13803] netlink: 'syz.3.2736': attribute type 24 has an invalid length. [ 683.589289][ T5234] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 683.599800][ T5234] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 683.609621][ T5234] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 683.637657][ T5234] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 683.646153][ T5234] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 683.653433][ T5234] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 683.967738][T13767] chnl_net:caif_netlink_parms(): no params data found [ 684.033509][ T5271] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 684.263454][ T5271] usb 3-1: Using ep0 maxpacket: 32 [ 684.298992][ T5271] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 684.324839][ T5271] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 684.377096][ T5271] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 684.416243][ T5271] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 684.417787][ T5234] Bluetooth: hci8: command tx timeout [ 684.433424][ T5271] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.445356][ T5271] usb 3-1: Product: syz [ 684.449508][ T5271] usb 3-1: Manufacturer: 䙡 [ 684.526330][ T5271] usb 3-1: SerialNumber: syz [ 685.521022][ T5271] usb 3-1: 0:2 : does not exist [ 685.546134][ T5271] usb 3-1: USB disconnect, device number 33 [ 685.625397][T13767] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.654037][T13767] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.693671][ T5234] Bluetooth: hci9: command tx timeout [ 685.695932][T13767] bridge_slave_0: entered allmulticast mode [ 685.723232][T13767] bridge_slave_0: entered promiscuous mode [ 685.808032][T13767] bridge0: port 2(bridge_slave_1) entered blocking state [ 685.833584][T13767] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.840811][T13767] bridge_slave_1: entered allmulticast mode [ 685.875383][T13767] bridge_slave_1: entered promiscuous mode [ 686.078668][T13767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 686.331466][ T942] kernel write not supported for file /168/attr/keycreate (pid: 942 comm: kworker/0:2) [ 686.554549][ T5234] Bluetooth: hci8: command tx timeout [ 687.009754][T13767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 687.341637][T13767] team0: Port device team_slave_0 added [ 687.377182][T13767] team0: Port device team_slave_1 added [ 687.562061][T13767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 687.597650][T13767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 687.681198][T13767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 687.764381][ T5234] Bluetooth: hci9: command tx timeout [ 687.961208][T13767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 687.990205][T13767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.138512][T13767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 688.573759][ T5231] Bluetooth: hci8: command tx timeout [ 689.412092][T13767] hsr_slave_0: entered promiscuous mode [ 689.500444][T13767] hsr_slave_1: entered promiscuous mode [ 689.527541][T13767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 689.543708][T13767] Cannot create hsr debugfs directory [ 689.565593][T13867] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 689.572855][T13867] IPv6: NLM_F_CREATE should be set when creating new route [ 689.580127][T13867] IPv6: NLM_F_CREATE should be set when creating new route [ 689.587336][T13867] IPv6: NLM_F_CREATE should be set when creating new route [ 689.640020][T13807] chnl_net:caif_netlink_parms(): no params data found [ 689.843567][ T5231] Bluetooth: hci9: command tx timeout [ 690.253530][ T5271] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 690.344167][T13807] bridge0: port 1(bridge_slave_0) entered blocking state [ 690.371714][T13807] bridge0: port 1(bridge_slave_0) entered disabled state [ 690.407092][T13807] bridge_slave_0: entered allmulticast mode [ 690.442378][T13807] bridge_slave_0: entered promiscuous mode [ 690.453502][ T5271] usb 3-1: Using ep0 maxpacket: 16 [ 690.477679][ T5271] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 690.495168][T13807] bridge0: port 2(bridge_slave_1) entered blocking state [ 690.511856][T13807] bridge0: port 2(bridge_slave_1) entered disabled state [ 690.519193][ T5271] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 690.538320][T13807] bridge_slave_1: entered allmulticast mode [ 690.548368][ T5271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.569724][T13807] bridge_slave_1: entered promiscuous mode [ 690.582933][ T5271] usb 3-1: config 0 descriptor?? [ 690.821885][T13807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 690.897499][T13807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 691.121552][T13873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 691.163688][T13873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 691.205671][T13767] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.254574][ T5271] hid (null): nested delimiters [ 691.279857][ T5271] hid (null): report_id 24797 is invalid [ 691.334329][ T5271] hid (null): unknown global tag 0xa5 [ 691.360376][ T5271] hid (null): unknown global tag 0xd [ 691.382061][ T5271] hid (null): unknown global tag 0xc [ 691.422636][ T5271] hid-generic 0003:0158:0100.001D: unknown main item tag 0x1 [ 691.473522][ T5271] hid-generic 0003:0158:0100.001D: unexpected long global item [ 691.503006][ T5271] hid-generic 0003:0158:0100.001D: probe with driver hid-generic failed with error -22 [ 691.553879][ T5271] usb 3-1: USB disconnect, device number 34 [ 691.662946][T13767] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 691.839316][T13807] team0: Port device team_slave_0 added [ 691.874851][T13807] team0: Port device team_slave_1 added [ 691.923477][ T5231] Bluetooth: hci9: command tx timeout [ 693.368170][T13767] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.666165][T13767] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.804220][T13807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 693.846846][T13807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 693.968892][T13807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 694.000699][T13915] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2772'. [ 694.077545][T13807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 694.108659][T13807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 694.213549][T13807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 694.306579][T13925] netlink: 'syz.1.2775': attribute type 25 has an invalid length. [ 694.356651][T13925] netlink: 'syz.1.2775': attribute type 7 has an invalid length. [ 694.417369][T13925] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2775'. [ 695.011746][T13807] hsr_slave_0: entered promiscuous mode [ 695.118763][T13807] hsr_slave_1: entered promiscuous mode [ 695.168641][T13807] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 695.199016][T13807] Cannot create hsr debugfs directory [ 696.370821][T13943] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2782'. [ 696.640212][T13945] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2782'. [ 696.814871][T13767] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 696.862782][T13767] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 696.997685][T13767] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 697.107177][T13767] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 697.358957][T13807] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.413578][ T942] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 697.639753][ T942] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 697.685745][ T942] usb 3-1: Dual-Role OTG device on HNP port [ 697.712999][ T942] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1 [ 697.727695][T13807] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.753520][ T942] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.791318][ T942] usb 3-1: Product: syz [ 697.816030][ T942] usb 3-1: Manufacturer: syz [ 697.820660][ T942] usb 3-1: SerialNumber: syz [ 697.875410][ T942] usb 3-1: config 0 descriptor?? [ 697.889616][ T942] usb_ehset_test 3-1:0.0: probe with driver usb_ehset_test failed with error -32 [ 698.098579][T13807] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.314394][T13767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 698.340945][T13767] 8021q: adding VLAN 0 to HW filter on device team0 [ 698.486814][T13807] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.589559][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.596774][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 698.695055][ T5271] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.702215][ T5271] bridge0: port 2(bridge_slave_1) entered forwarding state [ 699.078560][T13807] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 699.164206][T13807] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 699.254334][T13807] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 699.325854][T13807] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 700.877359][T13767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 700.911729][T13974] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2787'. [ 700.957930][T13807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 701.068130][T13807] 8021q: adding VLAN 0 to HW filter on device team0 [ 701.250675][ T5270] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.257898][ T5270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 701.593120][ T5270] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.600351][ T5270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 702.465613][T13987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 702.527677][T13987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 702.979563][T13767] veth0_vlan: entered promiscuous mode [ 703.059224][T13767] veth1_vlan: entered promiscuous mode [ 703.144575][T13807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 703.280070][T13767] veth0_macvtap: entered promiscuous mode [ 703.321942][T13767] veth1_macvtap: entered promiscuous mode [ 703.376835][T13807] veth0_vlan: entered promiscuous mode [ 703.448616][T13807] veth1_vlan: entered promiscuous mode [ 703.475748][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.523269][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.557536][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.608403][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.663576][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.713795][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.743775][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.783884][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.823637][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.893611][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.932251][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 703.965087][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 703.989012][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 704.035757][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.076332][T13767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 704.117001][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.137671][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.157907][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.193502][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.213468][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.235200][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.263559][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.283504][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.303507][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.350616][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.384058][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.424214][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.443460][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.493518][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.528758][T13767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 704.560829][T13767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 704.688598][T13767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 704.750883][T13767] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.297327][T13767] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.774405][T13767] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.783167][T13767] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.844696][T13807] veth0_macvtap: entered promiscuous mode [ 705.904738][T13807] veth1_macvtap: entered promiscuous mode [ 706.134291][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.195929][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.233619][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.283459][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.328115][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.358472][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.383997][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.423452][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.468831][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.531404][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.571799][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.650616][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.693495][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.778794][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.833461][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.908376][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.945596][T13807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 707.030239][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.079266][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.124077][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.151054][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.193418][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.248572][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.279764][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.310386][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.445988][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.456858][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.466828][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.477758][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.488836][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.956327][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.344143][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.355109][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.365083][T13807] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.376155][T13807] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.389107][T13807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 708.465396][ T6289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 708.473221][ T6289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 708.564453][ T5234] Bluetooth: hci3: command 0x1407 tx timeout [ 708.620135][T13807] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.703572][T13807] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.712311][T13807] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.743920][T13807] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.054802][ T6275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.071147][ T6275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.143831][ T6289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.151684][ T6289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.305929][ T6275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.343507][ T6275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.698075][T14055] netlink: 'syz.0.2805': attribute type 6 has an invalid length. [ 720.242327][T14074] input: syz0 as /devices/virtual/input/input36 [ 720.674218][ T5234] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 720.694135][ T5234] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 720.703800][ T5234] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 720.711781][ T5234] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 720.720680][ T5234] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 720.741075][ T5234] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 722.812949][ T5234] Bluetooth: hci10: command tx timeout [ 723.576516][T14110] syz.2.2822 (14110) used greatest stack depth: 17712 bytes left [ 724.410148][T14084] chnl_net:caif_netlink_parms(): no params data found [ 724.413068][T14120] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 724.540021][T14120] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 724.883699][ T5234] Bluetooth: hci10: command tx timeout [ 725.855553][T14084] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.862771][T14084] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.870420][T14084] bridge_slave_0: entered allmulticast mode [ 725.884368][T14084] bridge_slave_0: entered promiscuous mode [ 725.925866][T14084] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.933019][T14084] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.963754][T14084] bridge_slave_1: entered allmulticast mode [ 725.979838][T14084] bridge_slave_1: entered promiscuous mode [ 726.263105][T14084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.353463][T14084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 726.551080][T14157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 726.580697][T14157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 726.688672][T14084] team0: Port device team_slave_0 added [ 726.728321][T14084] team0: Port device team_slave_1 added [ 726.904349][T14084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 726.911385][T14084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 726.970304][ T5231] Bluetooth: hci10: command tx timeout [ 726.998010][T14084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 727.003615][T14161] syz.3.2840[14161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 727.008698][T14161] syz.3.2840[14161] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 727.185707][T14084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 727.223488][T14084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.072117][T14084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 729.059440][ T5234] Bluetooth: hci6: command 0x0406 tx timeout [ 729.065789][ T5234] Bluetooth: hci10: command tx timeout [ 729.090950][T14178] netlink: 'syz.3.2845': attribute type 10 has an invalid length. [ 729.285504][T14190] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2848'. [ 729.323547][ T5307] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 729.397107][T14084] hsr_slave_0: entered promiscuous mode [ 729.422791][T14084] hsr_slave_1: entered promiscuous mode [ 729.468262][T14084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 729.499411][T14084] Cannot create hsr debugfs directory [ 729.503578][ T5307] usb 5-1: Using ep0 maxpacket: 32 [ 729.550004][ T5307] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 729.774828][ T5307] usb 5-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=2e.ae [ 729.853538][ T5307] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.889982][ T5307] usb 5-1: Product: syz [ 729.906649][ T5307] usb 5-1: Manufacturer: syz [ 729.911275][ T5307] usb 5-1: SerialNumber: syz [ 729.954738][T14196] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2850'. [ 729.974556][ T5307] usb 5-1: config 0 descriptor?? [ 730.002041][ T5307] usbsevseg 5-1:0.0: USB 7 Segment device now attached [ 730.270279][ T5325] usb 5-1: USB disconnect, device number 37 [ 730.277496][ T5325] usbsevseg 5-1:0.0: USB 7 Segment now disconnected [ 731.296316][T14084] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.570585][T14084] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.630406][ T29] audit: type=1804 audit(1723089751.905:466): pid=14210 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2853" name="/newroot/88/file0/bus" dev="hugetlbfs" ino=50979 res=1 errno=0 [ 731.693700][ T5269] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 731.734570][ T29] audit: type=1804 audit(1723089752.025:467): pid=14210 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2853" name="/newroot/88/file0/bus" dev="hugetlbfs" ino=50979 res=1 errno=0 [ 731.882966][T14084] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.963627][ T5269] usb 1-1: Using ep0 maxpacket: 16 [ 731.995802][ T5269] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 732.028794][ T5269] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 732.063518][ T5269] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 732.117447][ T5269] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 732.186637][ T5269] usb 1-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b [ 732.188506][T14084] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.209684][ T5269] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 732.248981][ T5269] usb 1-1: Product: syz [ 732.263240][ T5269] usb 1-1: Manufacturer: syz [ 732.281724][ T5269] usb 1-1: SerialNumber: syz [ 732.317626][ T5269] usb 1-1: config 0 descriptor?? [ 732.345328][ T5269] usb 1-1: NFC: intf ffff88802c8c3000 id ffffffff8f0b7fe0 [ 732.385160][T14219] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2856'. [ 732.653545][ T5269] usb 1-1: USB disconnect, device number 48 [ 733.008853][T14227] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2857'. [ 733.666966][T14084] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 733.697949][T14084] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 733.795621][T14229] netlink: 'syz.2.2860': attribute type 4 has an invalid length. [ 733.836024][T14084] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 733.875679][T14183] Bluetooth: hci6: unexpected event for opcode 0x2024 [ 733.914938][T14084] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 734.006014][T14237] random: crng reseeded on system resumption [ 734.283454][ T29] audit: type=1326 audit(1723089754.575:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14241 comm="syz.2.2864" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x0 [ 734.413856][T14084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.516922][T14084] 8021q: adding VLAN 0 to HW filter on device team0 [ 734.645409][ T8642] bridge0: port 1(bridge_slave_0) entered blocking state [ 734.652555][ T8642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 734.705804][ T8642] bridge0: port 2(bridge_slave_1) entered blocking state [ 734.712955][ T8642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 734.895960][T14084] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 735.466169][T14084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 735.645414][T14084] veth0_vlan: entered promiscuous mode [ 735.709422][T14084] veth1_vlan: entered promiscuous mode [ 735.838505][T14084] veth0_macvtap: entered promiscuous mode [ 735.876646][T14084] veth1_macvtap: entered promiscuous mode [ 735.924400][ T5325] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 735.972039][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.021646][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.042674][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.073455][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.083295][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.135601][ T5325] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 736.158663][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.173531][ T5325] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 736.192804][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.209753][ T5325] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 736.239132][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.251643][ T5325] usb 1-1: config 0 descriptor?? [ 736.310806][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.327096][ T5325] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 736.353460][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.363291][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.432451][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.461430][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.521264][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.556974][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.604383][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.621181][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 736.632308][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.649346][T14084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 736.680486][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.699360][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.716612][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.737226][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.754661][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.772973][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.794062][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.806697][T14004] syz.3.2794 (14004) used greatest stack depth: 16888 bytes left [ 736.814642][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.839746][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.863437][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.905129][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.932776][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.946965][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 736.973206][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 736.999703][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 737.026889][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.055276][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 737.086320][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.116516][T14084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 737.148280][T14084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 737.185834][T14084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 737.619853][T14084] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.661092][T14084] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.713641][T14084] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.766146][T14084] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 737.873719][ T8642] usb 1-1: USB disconnect, device number 49 [ 737.986008][T14283] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.2881'. [ 738.096487][T14289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 738.135622][T14289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 738.430253][T14289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 738.467457][T14289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 739.269288][T14293] netlink: 'syz.0.2882': attribute type 1 has an invalid length. [ 739.277311][T14293] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.2882'. [ 739.286691][T14293] netlink: 'syz.0.2882': attribute type 1 has an invalid length. [ 739.345478][T14183] Bluetooth: hci7: unknown advertising packet type: 0x34 [ 739.345575][T14183] Bluetooth: hci7: unknown advertising packet type: 0x35 [ 739.359683][T14289] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 739.430735][ T6281] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 739.444729][T14289] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 739.491388][ T6281] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 739.574105][ T6289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 739.578066][T14300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2884'. [ 739.581929][ T6289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 742.392146][ T5269] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 743.065903][ T5269] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 743.092890][ T5269] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 743.145525][ T5269] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 743.173529][ T5269] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 743.193699][ T5269] usb 1-1: Product: syz [ 743.197886][ T5269] usb 1-1: Manufacturer: syz [ 743.243062][ T5269] usb 1-1: SerialNumber: syz [ 743.268301][T14351] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2898'. [ 743.274492][ T5269] usb 1-1: config 0 descriptor?? [ 743.295816][ T5269] iguanair 1-1:0.0: probe with driver iguanair failed with error -12 [ 743.711645][T14072] usb 1-1: USB disconnect, device number 50 [ 743.867904][T14351] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2898'. [ 748.628828][T14388] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2907'. [ 748.797903][ T29] audit: type=1326 audit(1723089769.095:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14386 comm="syz.1.2907" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3ed63779f9 code=0x0 [ 749.513841][ T5307] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 749.601292][ T29] audit: type=1326 audit(1723089769.895:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14410 comm="syz.2.2916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 749.729806][ T29] audit: type=1326 audit(1723089769.935:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14410 comm="syz.2.2916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 749.803043][ T5307] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 749.822598][ T5307] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 749.837785][ T29] audit: type=1326 audit(1723089769.935:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14410 comm="syz.2.2916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 749.880771][ T5307] usb 5-1: config 0 descriptor?? [ 749.943665][ T29] audit: type=1326 audit(1723089769.935:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14410 comm="syz.2.2916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x7ffc0000 [ 750.283838][ T5307] [drm] vendor descriptor length:e0 data:00 00 00 00 00 00 00 00 00 00 00 [ 750.373483][ T5307] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 750.433049][ T5307] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 750.473752][ T5307] [drm] Initialized udl on minor 2 [ 750.657250][ T5307] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed [ 750.691859][ T5307] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 752.153575][ T58] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 752.203677][ T58] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 752.226325][ T58] usb 5-1: USB disconnect, device number 38 [ 752.274063][T14450] fuse: Bad value for 'rootmode' [ 752.967142][T14454] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2927'. [ 753.035060][T14454] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2927'. [ 753.574963][T14462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.618489][T14462] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 755.653554][T14483] Process accounting resumed [ 755.820262][T14488] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2941'. [ 756.521193][T14488] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 756.571767][T14488] block (null): Could not allocate knbd recv work queue. [ 756.700518][T14492] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 756.724976][T14488] nbd: failed to add new device [ 757.355136][T14514] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2948'. [ 757.437246][T14515] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 757.444555][T14515] IPv6: NLM_F_CREATE should be set when creating new route [ 757.451805][T14515] IPv6: NLM_F_CREATE should be set when creating new route [ 757.573976][T14183] Bluetooth: hci6: unexpected event for opcode 0x2026 [ 757.747782][ T29] audit: type=1326 audit(1723089778.045:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14507 comm="syz.4.2948" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbbf41779f9 code=0x0 [ 757.826104][T14515] fuse: Unknown parameter 'U_ bWho1/kG' [ 757.875147][T14515] usb usb8: usbfs: process 14515 (syz.3.2950) did not claim interface 0 before use [ 757.983346][T14527] ubi0: attaching mtd0 [ 758.012546][T14527] ubi0: scanning is finished [ 758.084163][T14527] ubi0: empty MTD device detected [ 758.503747][T14527] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 758.521886][T14527] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 758.532487][T14527] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 758.539647][T14527] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 758.557278][T14527] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 758.583751][T14527] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 758.626837][T14527] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 78556418 [ 758.677958][T14527] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 758.753814][T14536] ubi0: background thread "ubi_bgt0d" started, PID 14536 [ 759.280618][ T91] EXT4-fs warning (device sda1): es_reclaim_extents:1827: forced shrink of precached extents [ 759.546757][T14546] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2960'. [ 760.253443][T14546] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 760.304879][T14546] block (null): Could not allocate knbd recv work queue. [ 760.420176][T14541] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 760.464072][T14546] nbd: failed to add new device [ 760.527393][T14541] overlayfs: failed to set xattr on upper [ 760.551594][T14541] overlayfs: ...falling back to redirect_dir=nofollow. [ 760.612372][T14541] overlayfs: ...falling back to index=off. [ 760.655859][T14541] overlayfs: ...falling back to uuid=null. [ 760.693884][T14541] overlayfs: ...falling back to xino=off. [ 761.810594][T14183] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 761.820312][T14183] Bluetooth: hci6: Injecting HCI hardware error event [ 761.838056][T14183] Bluetooth: hci6: hardware error 0x00 [ 762.225373][T14566] libceph: resolve 'c' (ret=-3): failed [ 762.468221][T14572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 762.515352][T14572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 762.661813][T14575] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2962'. [ 762.698765][T14575] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2962'. [ 763.145582][T14581] program syz.4.2972 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 763.227599][T14581] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 764.163816][T14183] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 764.883529][T14183] Bluetooth: hci7: command 0x0406 tx timeout [ 765.044240][ T5269] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 765.563533][ T5269] usb 1-1: device descriptor read/64, error -71 [ 765.843579][ T5269] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 766.043443][ T5269] usb 1-1: device descriptor read/64, error -71 [ 766.066103][ T29] audit: type=1326 audit(1723089786.365:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14615 comm="syz.2.2984" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3961f779f9 code=0x0 [ 766.201686][ T5269] usb usb1-port1: attempt power cycle [ 766.203975][ T29] audit: type=1326 audit(1723089786.495:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 766.315973][ T29] audit: type=1326 audit(1723089786.495:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 766.514258][ T29] audit: type=1326 audit(1723089786.505:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 767.226691][ T29] audit: type=1326 audit(1723089786.505:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 767.259124][ T29] audit: type=1326 audit(1723089786.505:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 767.280782][ T29] audit: type=1326 audit(1723089786.505:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 767.304807][ T5269] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 767.313918][ T29] audit: type=1326 audit(1723089786.505:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 767.343557][ T29] audit: type=1326 audit(1723089786.505:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 767.367154][ T5269] usb 1-1: device descriptor read/8, error -71 [ 767.373481][ T29] audit: type=1326 audit(1723089786.525:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14636 comm="syz.1.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ed63779f9 code=0x7ffc0000 [ 767.723607][ T5269] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 768.109217][ T5269] usb 1-1: device not accepting address 54, error -71 [ 768.142003][ T5269] usb usb1-port1: unable to enumerate USB device [ 768.443939][T14664] sg_write: data in/out 196608/1 bytes for SCSI command 0xf2-- guessing data in; [ 768.443939][T14664] program syz.0.2997 not setting count and/or reply_len properly [ 768.692640][T14664] sg_write: data in/out 1818846731/53 bytes for SCSI command 0x46-- guessing data in; [ 768.692640][T14664] program syz.0.2997 not setting count and/or reply_len properly [ 768.834775][T14669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 768.885479][T14669] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 769.175220][ T25] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 769.400285][ T25] usb 2-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 769.424173][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.450175][ T25] usb 2-1: config 0 descriptor?? [ 769.769156][ T25] kaweth 2-1:0.0: Firmware present in device. [ 769.844542][ T30] INFO: task syz.2.2462:13016 blocked for more than 143 seconds. [ 769.883571][ T30] Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 769.920346][ T25] kaweth 2-1:0.0: Statistics collection: 0 [ 769.933689][ T25] kaweth 2-1:0.0: Multicast filter limit: 0 [ 769.946847][ T25] kaweth 2-1:0.0: MTU: 0 [ 769.956821][ T25] kaweth 2-1:0.0: Read MAC address 00:00:00:00:00:00 [ 769.970052][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 770.057144][ T30] task:syz.2.2462 state:D stack:25680 pid:13016 tgid:13015 ppid:9324 flags:0x00000004 [ 770.123437][ T30] Call Trace: [ 770.126752][ T30] [ 770.129697][ T30] __schedule+0x17ae/0x4a10 [ 770.207144][ T30] ? __pfx___schedule+0x10/0x10 [ 770.212037][ T30] ? __pfx_lock_release+0x10/0x10 [ 770.253957][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 770.259471][ T30] ? schedule+0x90/0x320 [ 770.295096][ T30] schedule+0x14b/0x320 [ 770.299297][ T30] schedule_preempt_disabled+0x13/0x30 [ 770.343449][ T30] __ww_mutex_lock+0xec2/0x2790 [ 770.363489][ T30] ? __ww_mutex_lock+0xb08/0x2790 [ 770.403706][ T30] ? drm_modeset_lock+0x6f/0x90 [ 770.408608][ T30] ? __pfx___ww_mutex_lock+0x10/0x10 [ 770.423475][ T30] ? __drm_mode_object_find+0x448/0x5d0 [ 770.429071][ T30] ww_mutex_lock+0x40/0x1f0 [ 770.463490][ T30] ? drm_modeset_lock+0x65/0x90 [ 770.469338][ T30] drm_modeset_lock+0x6f/0x90 [ 770.484419][ T30] drm_mode_getplane+0xf0/0x7a0 [ 770.489308][ T30] drm_ioctl_kernel+0x33a/0x440 [ 770.513442][ T30] ? __pfx_drm_mode_getplane+0x10/0x10 [ 770.518934][ T30] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 770.533638][ T30] ? __might_fault+0xc6/0x120 [ 770.538570][ T30] drm_ioctl+0x611/0xad0 [ 770.542835][ T30] ? __pfx_drm_mode_getplane+0x10/0x10 [ 770.583515][ T30] ? __pfx_drm_ioctl+0x10/0x10 [ 770.588350][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 770.593306][ T30] ? security_file_ioctl+0x87/0xb0 [ 770.623781][ T30] ? __pfx_drm_ioctl+0x10/0x10 [ 770.628600][ T30] __se_sys_ioctl+0xfc/0x170 [ 770.633212][ T30] do_syscall_64+0xf3/0x230 [ 770.693574][ T30] ? clear_bhb_loop+0x35/0x90 [ 770.698293][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 770.723707][ T30] RIP: 0033:0x7f6f5d7779f9 [ 770.728163][ T30] RSP: 002b:00007f6f5e61e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 770.763463][ T30] RAX: ffffffffffffffda RBX: 00007f6f5d905f80 RCX: 00007f6f5d7779f9 [ 770.771474][ T30] RDX: 00000000200001c0 RSI: 00000000c02064b6 RDI: 0000000000000005 [ 770.823410][ T30] RBP: 00007f6f5d7e58ee R08: 0000000000000000 R09: 0000000000000000 [ 770.831414][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 770.860654][ T30] R13: 0000000000000000 R14: 00007f6f5d905f80 R15: 00007ffc27c89908 [ 770.868879][ T30] [ 770.874443][ T30] INFO: task syz.2.2462:13018 blocked for more than 144 seconds. [ 770.883120][ T30] Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 770.943606][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 770.952318][ T30] task:syz.2.2462 state:D stack:27424 pid:13018 tgid:13015 ppid:9324 flags:0x00000004 [ 771.043457][ T30] Call Trace: [ 771.046773][ T30] [ 771.049715][ T30] __schedule+0x17ae/0x4a10 [ 771.068429][ T5269] usb 3-1: USB disconnect, device number 35 [ 771.134526][ T30] ? __pfx___schedule+0x10/0x10 [ 771.139434][ T30] ? __pfx_lock_release+0x10/0x10 [ 771.183633][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 771.283471][ T30] ? schedule+0x90/0x320 [ 771.289182][ T30] schedule+0x14b/0x320 [ 771.343454][ T30] schedule_preempt_disabled+0x13/0x30 [ 771.348959][ T30] __ww_mutex_lock+0xec2/0x2790 [ 771.391395][ T30] ? __ww_mutex_lock+0xb08/0x2790 [ 771.396582][ T30] ? drm_modeset_lock+0x6f/0x90 [ 771.401465][ T30] ? __pfx___ww_mutex_lock+0x10/0x10 [ 771.467062][ T30] ? __drm_mode_object_find+0x448/0x5d0 [ 771.472666][ T30] ww_mutex_lock+0x40/0x1f0 [ 771.527354][ T30] ? drm_modeset_lock+0x65/0x90 [ 771.532269][ T30] drm_modeset_lock+0x6f/0x90 [ 771.563437][ T30] drm_mode_getplane+0xf0/0x7a0 [ 771.568336][ T30] drm_ioctl_kernel+0x33a/0x440 [ 771.573207][ T30] ? __pfx_drm_mode_getplane+0x10/0x10 [ 771.643438][ T30] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 771.673499][ T30] ? __might_fault+0xc6/0x120 [ 771.678228][ T30] drm_ioctl+0x611/0xad0 [ 771.682497][ T30] ? __pfx_drm_mode_getplane+0x10/0x10 [ 771.753770][ T30] ? __pfx_drm_ioctl+0x10/0x10 [ 771.758662][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 771.774022][ T30] ? security_file_ioctl+0x87/0xb0 [ 771.788610][ T30] ? __pfx_drm_ioctl+0x10/0x10 [ 771.813475][ T30] __se_sys_ioctl+0xfc/0x170 [ 771.818095][ T30] do_syscall_64+0xf3/0x230 [ 771.822596][ T30] ? clear_bhb_loop+0x35/0x90 [ 771.873891][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.879884][ T30] RIP: 0033:0x7f6f5d7779f9 [ 771.893500][ T30] RSP: 002b:00007f6f5e5fd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 771.923481][ T30] RAX: ffffffffffffffda RBX: 00007f6f5d906058 RCX: 00007f6f5d7779f9 [ 771.953744][ T30] RDX: 0000000020000200 RSI: 00000000c02064b6 RDI: 0000000000000004 [ 771.961784][ T30] RBP: 00007f6f5d7e58ee R08: 0000000000000000 R09: 0000000000000000 [ 772.028854][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 772.063489][ T30] R13: 0000000000000001 R14: 00007f6f5d906058 R15: 00007ffc27c89908 [ 772.084517][ T30] [ 772.087660][ T30] [ 772.087660][ T30] Showing all locks held in the system: [ 772.123645][ T30] 5 locks held by kworker/1:0/25: [ 772.128741][ T30] #0: ffff88801d6a4d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 772.173414][ T30] #1: ffffc900001f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 772.203458][ T30] #2: ffff888023d5b190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 772.243505][ T30] #3: ffff8881605d6190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 772.252838][ T30] #4: ffff8881605d4160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 772.293419][ T30] 1 lock held by khungtaskd/30: [ 772.308323][ T30] #0: ffffffff8e7382a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 772.363793][ T30] 1 lock held by kcompactd0/33: [ 772.368783][ T30] 2 locks held by getty/4974: [ 772.423402][ T30] #0: ffff88802adb50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 772.433231][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 [ 772.503418][ T30] 3 locks held by kworker/u8:20/6281: [ 772.508904][ T30] 3 locks held by syz.3.2324/12608: [ 772.543428][ T30] 1 lock held by syz.2.2462/13016: [ 772.548562][ T30] #0: ffff88802005b0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: drm_modeset_lock+0x6f/0x90 [ 772.619290][ T30] 1 lock held by syz.2.2462/13018: [ 772.643396][ T30] #0: ffff88802005b0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: drm_modeset_lock+0x6f/0x90 [ 772.683439][ T30] 1 lock held by syz.4.2661/13602: [ 772.688579][ T30] #0: ffff88802005b0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: drm_modeset_lock+0x6f/0x90 [ 772.753536][ T30] 2 locks held by syz.0.2675/13635: [ 772.758771][ T30] #0: ffffc90004cafb30 (crtc_ww_class_acquire){+.+.}-{0:0}, at: drm_mode_obj_get_properties_ioctl+0x1d3/0x610 [ 772.813731][ T30] #1: ffff888020078518 (crtc_ww_class_mutex){+.+.}-{3:3}, at: modeset_lock+0x2bf/0x650 [ 772.853459][ T30] 3 locks held by syz.2.2719/13745: [ 772.858689][ T30] #0: ffff88802de78d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 772.913396][ T30] #1: ffff88802de78078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0 [ 772.923137][ T30] #2: ffffffff8fbdae68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 [ 772.983428][ T30] 2 locks held by syz-executor/13807: [ 772.988834][ T30] #0: ffff88808903cd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 773.023404][ T30] #1: ffff88808903c078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0 [ 773.063483][ T30] 1 lock held by syz.2.2784/13957: [ 773.068620][ T30] #0: ffffffff8e73d540 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530 [ 773.113487][ T30] 1 lock held by syz.1.2793/13996: [ 773.118625][ T30] #0: ffff88802005b0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: drm_modeset_lock+0x6f/0x90 [ 773.173416][ T30] 1 lock held by syz.1.2793/13998: [ 773.203499][ T30] #0: ffff88802005b0b0 (crtc_ww_class_mutex){+.+.}-{3:3}, at: drm_modeset_lock+0x6f/0x90 [ 773.273467][ T30] 3 locks held by syz.4.2991/14642: [ 773.309262][ T30] #0: ffff888024f64d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 773.336431][ T30] #1: ffff888024f64078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0 [ 773.346338][ T30] #2: ffffffff8fbdae68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 [ 773.356493][ T30] 3 locks held by syz.1.3000/14671: [ 773.361738][ T30] #0: ffff88808b630d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 773.372530][ T30] #1: ffff88808b630078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0 [ 773.393423][ T30] #2: ffffffff8e73d678 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 773.427025][ T30] [ 773.429405][ T30] ============================================= [ 773.429405][ T30] [ 773.463749][ T30] NMI backtrace for cpu 1 [ 773.468111][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 773.478621][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 773.488683][ T30] Call Trace: [ 773.491964][ T30] [ 773.494902][ T30] dump_stack_lvl+0x241/0x360 [ 773.499615][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 773.504835][ T30] ? __pfx__printk+0x10/0x10 [ 773.509437][ T30] ? vprintk_emit+0x631/0x770 [ 773.514134][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 773.519183][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 773.524140][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 773.529605][ T30] ? _printk+0xd5/0x120 [ 773.533772][ T30] ? __pfx__printk+0x10/0x10 [ 773.538371][ T30] ? __wake_up_klogd+0xcc/0x110 [ 773.543236][ T30] ? __pfx__printk+0x10/0x10 [ 773.547841][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 773.552878][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 773.558873][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 773.564879][ T30] watchdog+0xfee/0x1030 [ 773.569141][ T30] ? watchdog+0x1ea/0x1030 [ 773.573573][ T30] ? __pfx_watchdog+0x10/0x10 [ 773.578267][ T30] kthread+0x2f0/0x390 [ 773.582351][ T30] ? __pfx_watchdog+0x10/0x10 [ 773.587043][ T30] ? __pfx_kthread+0x10/0x10 [ 773.591652][ T30] ret_from_fork+0x4b/0x80 [ 773.596086][ T30] ? __pfx_kthread+0x10/0x10 [ 773.600692][ T30] ret_from_fork_asm+0x1a/0x30 [ 773.605490][ T30] [ 773.610913][ T30] Sending NMI from CPU 1 to CPUs 0: [ 773.617289][ C0] NMI backtrace for cpu 0 [ 773.617301][ C0] CPU: 0 UID: 0 PID: 11337 Comm: kworker/u8:1 Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 773.617320][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 773.617334][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 773.617357][ C0] RIP: 0010:unwind_next_frame+0x8db/0x2a00 [ 773.617381][ C0] Code: e8 4a 56 52 00 48 83 c5 10 e9 da 06 00 00 83 fd 04 0f 84 6c 01 00 00 83 fd 05 0f 85 ff 02 00 00 e8 2a 56 52 00 48 8b 44 24 58 <42> 80 3c 28 00 74 08 48 89 df e8 b6 69 b6 00 48 8b 33 48 8b 54 24 [ 773.617396][ C0] RSP: 0018:ffffc9000a176928 EFLAGS: 00000293 [ 773.617410][ C0] RAX: 1ffff9200142ed47 RBX: ffffc9000a176a38 RCX: ffff88802335da00 [ 773.617422][ C0] RDX: 0000000000000000 RSI: ffffffff8e5a3d60 RDI: 0000000000000005 [ 773.617434][ C0] RBP: 0000000000000005 R08: 0000000000000005 R09: ffffffff81411f0e [ 773.617444][ C0] R10: 0000000000000008 R11: ffff88802335da00 R12: ffffffff906aaac4 [ 773.617457][ C0] R13: dffffc0000000000 R14: ffffc9000a176a50 R15: 1ffff9200142ed40 [ 773.617469][ C0] FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 773.617483][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 773.617495][ C0] CR2: 0000000020056000 CR3: 000000002e6dc000 CR4: 00000000003526f0 [ 773.617509][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 773.617517][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 773.617529][ C0] Call Trace: [ 773.617535][ C0] [ 773.617542][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 773.617561][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 773.617584][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 773.617600][ C0] ? nmi_handle+0x2a/0x5a0 [ 773.617623][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 773.617641][ C0] ? nmi_handle+0x14f/0x5a0 [ 773.617656][ C0] ? nmi_handle+0x2a/0x5a0 [ 773.617673][ C0] ? unwind_next_frame+0x8db/0x2a00 [ 773.617694][ C0] ? default_do_nmi+0x63/0x160 [ 773.617714][ C0] ? exc_nmi+0x123/0x1f0 [ 773.617731][ C0] ? end_repeat_nmi+0xf/0x53 [ 773.617752][ C0] ? unwind_next_frame+0x7be/0x2a00 [ 773.617775][ C0] ? unwind_next_frame+0x8db/0x2a00 [ 773.617797][ C0] ? unwind_next_frame+0x8db/0x2a00 [ 773.617819][ C0] ? unwind_next_frame+0x8db/0x2a00 [ 773.617841][ C0] [ 773.617846][ C0] [ 773.617859][ C0] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 773.617883][ C0] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 773.617905][ C0] ? __kernel_text_address+0xd/0x40 [ 773.617922][ C0] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 773.617944][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 773.617964][ C0] arch_stack_walk+0x151/0x1b0 [ 773.617984][ C0] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 773.618010][ C0] stack_trace_save+0x118/0x1d0 [ 773.618030][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 773.618051][ C0] ? mark_lock+0x9a/0x350 [ 773.618076][ C0] kasan_save_track+0x3f/0x80 [ 773.618092][ C0] ? kasan_save_track+0x3f/0x80 [ 773.618108][ C0] ? kasan_save_free_info+0x40/0x50 [ 773.618127][ C0] ? poison_slab_object+0xe0/0x150 [ 773.618142][ C0] ? __kasan_slab_free+0x37/0x60 [ 773.618157][ C0] ? kfree+0x149/0x360 [ 773.618174][ C0] ? ieee80211_inform_bss+0xbb2/0x1080 [ 773.618192][ C0] ? cfg80211_inform_single_bss_data+0xe93/0x2030 [ 773.618215][ C0] ? cfg80211_inform_bss_data+0x3dd/0x5a70 [ 773.618236][ C0] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 773.618286][ C0] ? ieee80211_inform_bss+0xbb2/0x1080 [ 773.618304][ C0] kasan_save_free_info+0x40/0x50 [ 773.618325][ C0] poison_slab_object+0xe0/0x150 [ 773.618349][ C0] __kasan_slab_free+0x37/0x60 [ 773.618366][ C0] ? ieee80211_inform_bss+0xbb2/0x1080 [ 773.618384][ C0] kfree+0x149/0x360 [ 773.618406][ C0] ieee80211_inform_bss+0xbb2/0x1080 [ 773.618431][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 773.618454][ C0] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 773.618476][ C0] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 773.618497][ C0] ? cfg80211_inform_single_bss_data+0xd3d/0x2030 [ 773.618520][ C0] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 773.618540][ C0] cfg80211_inform_single_bss_data+0xe93/0x2030 [ 773.618561][ C0] ? __read_once_word_nocheck+0x9/0x20 [ 773.618587][ C0] ? __read_once_word_nocheck+0x9/0x20 [ 773.618607][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 773.618639][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 773.618658][ C0] ? __kernel_text_address+0xd/0x40 [ 773.618672][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 773.618691][ C0] ? cfg80211_inform_bss_data+0x3c5/0x5a70 [ 773.618715][ C0] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 773.618752][ C0] ? __pfx_validate_chain+0x10/0x10 [ 773.618786][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 773.618814][ C0] ? mark_lock+0x9a/0x350 [ 773.618838][ C0] ? __lock_acquire+0x137a/0x2040 [ 773.618876][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 773.618897][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 773.618920][ C0] cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 773.618947][ C0] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 773.618964][ C0] ieee80211_bss_info_update+0x8a7/0xbc0 [ 773.618988][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 773.619009][ C0] ? __pfx_lock_release+0x10/0x10 [ 773.619040][ C0] ieee80211_ibss_rx_queued_mgmt+0x1962/0x2d70 [ 773.619070][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xf7e/0x2d70 [ 773.619089][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 773.619114][ C0] ? mark_lock+0x9a/0x350 [ 773.619138][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 773.619159][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 773.619180][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 773.619206][ C0] ieee80211_iface_work+0x8a5/0xf20 [ 773.619231][ C0] cfg80211_wiphy_work+0x2db/0x490 [ 773.619250][ C0] ? process_scheduled_works+0x945/0x1830 [ 773.619268][ C0] process_scheduled_works+0xa2c/0x1830 [ 773.619302][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 773.619325][ C0] ? assign_work+0x364/0x3d0 [ 773.619350][ C0] worker_thread+0x86d/0xd40 [ 773.619373][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 773.619395][ C0] ? __kthread_parkme+0x169/0x1d0 [ 773.619415][ C0] ? __pfx_worker_thread+0x10/0x10 [ 773.619433][ C0] kthread+0x2f0/0x390 [ 773.619452][ C0] ? __pfx_worker_thread+0x10/0x10 [ 773.619470][ C0] ? __pfx_kthread+0x10/0x10 [ 773.619489][ C0] ret_from_fork+0x4b/0x80 [ 773.619507][ C0] ? __pfx_kthread+0x10/0x10 [ 773.619528][ C0] ret_from_fork_asm+0x1a/0x30 [ 773.619555][ C0] [ 774.323784][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 774.330663][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc2-syzkaller-00027-g6a0e38264012 #0 [ 774.341166][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 774.351223][ T30] Call Trace: [ 774.354506][ T30] [ 774.357442][ T30] dump_stack_lvl+0x241/0x360 [ 774.362145][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 774.367361][ T30] ? __pfx__printk+0x10/0x10 [ 774.371969][ T30] ? vscnprintf+0x5d/0x90 [ 774.376319][ T30] panic+0x349/0x860 [ 774.380227][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 774.386387][ T30] ? __pfx_panic+0x10/0x10 [ 774.390809][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 774.396448][ T30] ? __irq_work_queue_local+0x137/0x410 [ 774.402004][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 774.407386][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 774.413551][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 774.419710][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 774.425870][ T30] watchdog+0x102d/0x1030 [ 774.430213][ T30] ? watchdog+0x1ea/0x1030 [ 774.434648][ T30] ? __pfx_watchdog+0x10/0x10 [ 774.439337][ T30] kthread+0x2f0/0x390 [ 774.443416][ T30] ? __pfx_watchdog+0x10/0x10 [ 774.448100][ T30] ? __pfx_kthread+0x10/0x10 [ 774.452697][ T30] ret_from_fork+0x4b/0x80 [ 774.457119][ T30] ? __pfx_kthread+0x10/0x10 [ 774.461721][ T30] ret_from_fork_asm+0x1a/0x30 [ 774.466509][ T30] [ 774.469731][ T30] Kernel Offset: disabled [ 774.474049][ T30] Rebooting in 86400 seconds..