last executing test programs: 1m50.591475917s ago: executing program 0 (id=990): syz_clone(0x6897b900, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008000000", @ANYBLOB], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r7, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) 1m47.012785929s ago: executing program 0 (id=1000): openat$cgroup_root(0xffffff9c, &(0x7f0000000340)='./cgroup/syz1\x00', 0x200002, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)={0x5, 0x5, 0x8}) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000000)={{0x1}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) 1m46.142977748s ago: executing program 0 (id=1002): r0 = socket$inet6(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x1f}, 0x1c) 1m45.814832207s ago: executing program 0 (id=1003): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) modify_ldt$write(0x1, &(0x7f0000000040)={0x400}, 0x10) modify_ldt$read(0x0, &(0x7f0000001880)=""/4096, 0x1000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/9) 1m42.140520206s ago: executing program 0 (id=1015): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r5, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r5, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900"/51, @ANYRES32=0x0], 0x30}], 0x1, 0x0) 1m40.078413611s ago: executing program 0 (id=1016): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x41, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x8, 0x4, 0x0, 0x1, [@generic='\nN']}]}, 0x1c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r4}, &(0x7f0000000800), &(0x7f0000000840)=r5}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10) r7 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r8 = dup2(r7, r7) write$tun(r8, &(0x7f0000000040)=ANY=[], 0x46) recvmmsg(r8, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}}], 0x2, 0x40002042, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) unshare(0x42040080) 9.252355022s ago: executing program 3 (id=1187): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES8=0x0, @ANYRES32], 0x50) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept4(r2, 0x0, 0x0, 0x800) r3 = socket$unix(0x1, 0x5, 0x0) r4 = dup2(r3, 0xffffffffffffffff) close_range(r4, 0xffffffffffffffff, 0x0) fsmount(r1, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x101080, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 8.301433695s ago: executing program 3 (id=1190): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000019080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f0000070000", @ANYBLOB], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) r3 = syz_open_procfs(r0, &(0x7f0000000040)='net/if_inet6\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000) pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) 6.968267989s ago: executing program 4 (id=1191): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r6, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) 6.953305765s ago: executing program 2 (id=1192): bind$rds(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f0000001300)={{0x0}, 0x0}, 0x20) 6.786282378s ago: executing program 3 (id=1194): syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_JOIN_MESH(r0, 0x0, 0x0) 6.552314361s ago: executing program 2 (id=1196): r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x139800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x8010, r0, 0xeee21000) r4 = syz_open_dev$usbfs(&(0x7f00000004c0), 0x8, 0x400180) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000500)={0x4b5, 0x2, "cb3e65f8d8f9fe35150992127ea93d42736dacdb22d5118923b080e994f30a322009e7a904e915e775b9aad78b2118ab2057ff18e580fc7269e7ae3f0ceb4827a830055bed64ee5dc30186dc77c785515cb071b1287c158bb0031802c1bd167b56e071cb0eac4b57a6d8cff9f2819f5e74fe5cd629cc44a7e4c2ecf5f77a4f0a391757e543c8b3ed47837f1eb3640897ad5465986c1728ecf051433f50bfbda15d315cd026ad925abfc5cd905b8fc2a413101ea76a7515259b8c765ff117c4734e4f720e8a50c9c2a2fd59964c0bd7471da07aa57b0f32ff05e9733ce5260f7ac3164d5bca021e95aa69856a5e83097b60697ed31a2703a7775ef1e037628ac6"}) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x0, 0x0, 0x12, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x400100bce) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) pidfd_send_signal(r6, 0x0, &(0x7f0000000000)={0x16, 0x8, 0x1000}, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffb000/0x2000)=nil) 6.452878964s ago: executing program 3 (id=1198): open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) syz_emit_vhci(&(0x7f00000005c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_LE_HOST_SUPPORTED}}, 0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[]) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={0x20, 0x1, 0x2, 0x401, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0x4}, @CTA_EXPECT_ZONE={0x6}]}, 0x20}}, 0x0) creat(&(0x7f0000000040)='./file0/file0\x00', 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, 0x0, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x2012, r3, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000080)={@multicast, @dev, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty}}}}}, 0x0) socket(0x200000000000011, 0x2, 0x0) 5.721343451s ago: executing program 4 (id=1199): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$key(0xf, 0x3, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@multicast2}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0) 5.112898042s ago: executing program 3 (id=1201): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES8=0x0, @ANYRES32], 0x50) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept4(r2, 0x0, 0x0, 0x800) r3 = socket$unix(0x1, 0x5, 0x0) r4 = dup2(r3, 0xffffffffffffffff) close_range(r4, 0xffffffffffffffff, 0x0) fsmount(r1, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x101080, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 5.078382525s ago: executing program 4 (id=1202): syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003ebc67402505a3a4921c0902030109021b000100000000090400"], 0x0) 4.780475693s ago: executing program 2 (id=1203): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000019080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f0000070000", @ANYBLOB], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10) r3 = syz_open_procfs(r0, &(0x7f0000000040)='net/if_inet6\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000) pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) 4.034475466s ago: executing program 1 (id=1204): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000000)={{0x1}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) 3.862407398s ago: executing program 3 (id=1205): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0)='geneve0\x00', 0x10) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000010850000006d00000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r4}, 0x10) sendfile(r3, r2, 0x0, 0x3a) 3.704461758s ago: executing program 1 (id=1206): r0 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0), 0x0, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0, 0x2}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900"/51, @ANYRES32=0x0], 0x30}], 0x1, 0x0) 3.58941823s ago: executing program 1 (id=1207): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, 0x0, 0x0) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000001300)={{0x0}, 0x0}, 0x20) 3.384555804s ago: executing program 1 (id=1208): syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_JOIN_MESH(r0, 0x0, 0x0) 3.096327284s ago: executing program 1 (id=1209): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) r6 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r6, &(0x7f00000032c0)=[{&(0x7f0000002e40)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) 2.741380942s ago: executing program 4 (id=1210): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000080)}) sched_setscheduler(0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x11, r0) 2.48842875s ago: executing program 2 (id=1211): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$key(0xf, 0x3, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@multicast2}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0) 1.612587263s ago: executing program 4 (id=1212): r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x139800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x8010, r0, 0xeee21000) r4 = syz_open_dev$usbfs(&(0x7f00000004c0), 0x8, 0x400180) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000500)={0x4b5, 0x2, "cb3e65f8d8f9fe35150992127ea93d42736dacdb22d5118923b080e994f30a322009e7a904e915e775b9aad78b2118ab2057ff18e580fc7269e7ae3f0ceb4827a830055bed64ee5dc30186dc77c785515cb071b1287c158bb0031802c1bd167b56e071cb0eac4b57a6d8cff9f2819f5e74fe5cd629cc44a7e4c2ecf5f77a4f0a391757e543c8b3ed47837f1eb3640897ad5465986c1728ecf051433f50bfbda15d315cd026ad925abfc5cd905b8fc2a413101ea76a7515259b8c765ff117c4734e4f720e8a50c9c2a2fd59964c0bd7471da07aa57b0f32ff05e9733ce5260f7ac3164d5bca021e95aa69856a5e83097b60697ed31a2703a7775ef1e037628ac6"}) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x0, 0x0, 0x12, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x400100bce) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) pidfd_send_signal(r6, 0x0, &(0x7f0000000000)={0x16, 0x8, 0x1000}, 0x0) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffb000/0x2000)=nil) 1.611855183s ago: executing program 2 (id=1213): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)=""/9) 1.592257796s ago: executing program 1 (id=1214): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYRES8=0x0, @ANYRES32], 0x50) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r0) r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept4(r2, 0x0, 0x0, 0x800) r3 = socket$unix(0x1, 0x5, 0x0) r4 = dup2(r3, 0xffffffffffffffff) close_range(r4, 0xffffffffffffffff, 0x0) fsmount(r1, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x101080, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 393.438µs ago: executing program 2 (id=1215): r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000000)={{0x1}, 0x0, 0x0, 'id0\x00', 'timer1\x00'}) 0s ago: executing program 4 (id=1216): r0 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0), 0x0, 0x0) sendmmsg$inet_sctp(r0, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0, 0x2}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900"/51, @ANYRES32=0x0], 0x30}], 0x1, 0x0) kernel console output (not intermixed with test programs): hsr_slave_1: left promiscuous mode [ 367.504290][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.511925][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.520047][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.528724][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.549986][ T6287] veth1_macvtap: left promiscuous mode [ 367.555664][ T6287] veth0_macvtap: left promiscuous mode [ 367.561224][ T6287] veth1_vlan: left promiscuous mode [ 367.566618][ T6287] veth0_vlan: left promiscuous mode [ 367.832925][ T4613] Bluetooth: hci2: command tx timeout [ 367.990539][ T6287] team0 (unregistering): Port device team_slave_1 removed [ 368.041437][ T6287] team0 (unregistering): Port device team_slave_0 removed [ 368.305137][ T4613] Bluetooth: hci4: command tx timeout [ 368.453882][ T7821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 368.461825][ T7821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.494668][ T7821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 368.543664][ T7821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 368.550927][ T7821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.578297][ T7821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 368.726503][ T7821] hsr_slave_0: entered promiscuous mode [ 368.742173][ T7821] hsr_slave_1: entered promiscuous mode [ 368.749832][ T7821] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 368.764049][ T7821] Cannot create hsr debugfs directory [ 368.907540][ T7810] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.026858][ T7810] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.115756][ T7810] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.147787][ T7584] 8021q: adding VLAN 0 to HW filter on device bond0 [ 369.193463][ T7810] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.227463][ T7584] 8021q: adding VLAN 0 to HW filter on device team0 [ 369.242279][ T5663] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.249421][ T5663] bridge0: port 1(bridge_slave_0) entered forwarding state [ 369.286793][ T5663] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.293941][ T5663] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.342147][ T6287] bridge_slave_1: left allmulticast mode [ 369.354988][ T6287] bridge_slave_1: left promiscuous mode [ 369.361169][ T6287] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.370867][ T6287] bridge_slave_0: left allmulticast mode [ 369.377159][ T6287] bridge_slave_0: left promiscuous mode [ 369.383892][ T6287] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.879064][ T6287] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 369.898622][ T6287] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 369.910092][ T6287] bond0 (unregistering): Released all slaves [ 369.923797][ T7584] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 369.935192][ T7584] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 370.140653][ T7810] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 370.240495][ T7810] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 370.257383][ T7810] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 370.286785][ T7810] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 370.347338][ T6287] hsr_slave_0: left promiscuous mode [ 370.353801][ T6287] hsr_slave_1: left promiscuous mode [ 370.370742][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 370.380285][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 370.411399][ T6287] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 370.421649][ T6287] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 370.446411][ T6287] veth1_macvtap: left promiscuous mode [ 370.451982][ T6287] veth0_macvtap: left promiscuous mode [ 370.458176][ T6287] veth1_vlan: left promiscuous mode [ 370.463541][ T6287] veth0_vlan: left promiscuous mode [ 370.890059][ T6287] team0 (unregistering): Port device team_slave_1 removed [ 370.932933][ T6287] team0 (unregistering): Port device team_slave_0 removed [ 371.396557][ T7584] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 371.623960][ T7584] veth0_vlan: entered promiscuous mode [ 371.652631][ T7584] veth1_vlan: entered promiscuous mode [ 371.664891][ T7821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 371.685744][ T7810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 371.702668][ T7821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 371.721005][ T7821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 371.743387][ T7810] 8021q: adding VLAN 0 to HW filter on device team0 [ 371.755316][ T7821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 371.789122][ T7584] veth0_macvtap: entered promiscuous mode [ 371.805838][ T1065] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.812924][ T1065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 371.830839][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.837991][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 371.855077][ T7584] veth1_macvtap: entered promiscuous mode [ 371.922267][ T7584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.933581][ T7584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.946328][ T7584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.958443][ T7584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.969738][ T7584] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 371.992497][ T7584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.004032][ T7584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.014117][ T7584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.025249][ T7584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.036188][ T7584] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 372.059302][ T7584] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.068725][ T7584] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.078840][ T7584] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.088189][ T7584] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 372.200139][ T7821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 372.259141][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.281258][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.298995][ T7821] 8021q: adding VLAN 0 to HW filter on device team0 [ 372.342239][ T6283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.351514][ T6283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.352728][ T6287] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.366006][ T6287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.389419][ T6287] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.396637][ T6287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.477305][ T7810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 372.518256][ T7821] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 372.528752][ T7821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 374.291410][ T7810] veth0_vlan: entered promiscuous mode [ 374.371733][ T7810] veth1_vlan: entered promiscuous mode [ 374.472951][ T7821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 375.668519][ T5234] Bluetooth: hci3: command 0x0406 tx timeout [ 375.671465][ T7810] veth0_macvtap: entered promiscuous mode [ 376.010810][ T7821] veth0_vlan: entered promiscuous mode [ 376.198072][ T7810] veth1_macvtap: entered promiscuous mode [ 376.488607][ T7821] veth1_vlan: entered promiscuous mode [ 376.525783][ T7810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.563304][ T7810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.565929][ T29] kauditd_printk_skb: 39 callbacks suppressed [ 376.565951][ T29] audit: type=1326 audit(1729018980.048:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7992 comm="syz.1.489" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe06237dff9 code=0x0 [ 376.574126][ T7810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.633290][ T7810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.645995][ T7810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.670179][ T7810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.685005][ T7810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.723971][ T7810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.744650][ T7810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.760551][ T7810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.771457][ T7810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.792043][ T7810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.805788][ T7810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.826725][ T7810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.869125][ T7810] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.878582][ T7810] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.889252][ T7810] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.898576][ T7810] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.926817][ T7821] veth0_macvtap: entered promiscuous mode [ 376.975630][ T7821] veth1_macvtap: entered promiscuous mode [ 377.101582][ T7821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.122181][ T7821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.135084][ T7821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.194656][ T7821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.256534][ T7821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.402910][ T7821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.547191][ T7821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 377.684427][ T7821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 377.731095][ T7821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 377.857691][ T8006] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 377.865372][ T8006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 377.880039][ T8006] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 378.050459][ T8006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 378.522981][ T8013] netlink: 16 bytes leftover after parsing attributes in process `syz.1.495'. [ 379.489214][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.495656][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.123948][ T7821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.149964][ T7821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.189226][ T7821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.250501][ T7821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.284212][ T7821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.436597][ T7821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.449228][ T7821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 380.567891][ T7821] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.594549][ T7821] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.603315][ T7821] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.841458][ T7821] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.125861][ T6283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 381.242575][ T6283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.415893][ T6283] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 381.460270][ T6283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.599751][ T6283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 381.633397][ T6283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.414756][ T1065] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.465808][ T1065] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.581775][ T8050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 382.604545][ T8050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 382.665432][ T8050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 382.703802][ T8050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 383.644583][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 383.816800][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 383.856691][ T8] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 383.930240][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 383.982822][ T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 384.028104][ T8] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 384.055941][ T8] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 384.075839][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.306177][ T8] usb 1-1: GET_CAPABILITIES returned 0 [ 384.316038][ T8051] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.333326][ T8] usbtmc 1-1:16.0: can't read capabilities [ 384.343080][ T8051] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.366120][ T8051] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.389547][ T8051] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.515453][ T5305] usb 1-1: USB disconnect, device number 5 [ 384.936599][ T8078] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 384.952722][ T8078] warning: `syz.1.513' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 386.236589][ T8088] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 388.377278][ T8091] block device autoloading is deprecated and will be removed. [ 388.459315][ T8102] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 388.467304][ T8102] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 388.498557][ T8102] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 388.509100][ T8102] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 390.313211][ T29] audit: type=1326 audit(1729018993.798:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8131 comm="syz.1.533" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe06237dff9 code=0x0 [ 390.352803][ T5305] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 390.514694][ T5305] usb 4-1: Using ep0 maxpacket: 8 [ 391.346680][ T5305] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 391.384551][ T5305] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 391.408627][ T1175] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 391.440087][ T5305] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 391.470683][ T5305] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 391.634560][ T1175] usb 1-1: Using ep0 maxpacket: 8 [ 392.295253][ T5305] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 392.355969][ T5305] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.365574][ T1175] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 392.373838][ T1175] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 392.397678][ T1175] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 392.409711][ T1175] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 392.423506][ T1175] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 392.447969][ T1175] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 393.256470][ T1175] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.277514][ T4613] Bluetooth: hci6: unexpected event 0x04 length: 14 > 10 [ 393.308257][ T5305] usb 4-1: usb_control_msg returned -71 [ 393.332004][ T5305] usbtmc 4-1:16.0: can't read capabilities [ 393.373172][ T1175] usb 1-1: usb_control_msg returned -71 [ 393.392136][ T1175] usbtmc 1-1:16.0: can't read capabilities [ 393.407579][ T8154] xt_CT: You must specify a L4 protocol and not use inversions on it [ 393.423722][ T5305] usb 4-1: USB disconnect, device number 8 [ 393.653152][ T1175] usb 1-1: USB disconnect, device number 6 [ 395.440315][ T4613] Bluetooth: hci6: command 0x0406 tx timeout [ 396.506426][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.364109][ T8195] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 397.644645][ T51] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 398.024747][ T51] usb 2-1: Using ep0 maxpacket: 8 [ 398.105251][ T51] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 398.327031][ T51] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 398.605092][ T51] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 398.669585][ T51] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 398.772400][ T51] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 398.822245][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.485621][ T51] usb 2-1: usb_control_msg returned -71 [ 400.491487][ T51] usbtmc 2-1:16.0: can't read capabilities [ 400.730563][ T51] usb 2-1: USB disconnect, device number 8 [ 400.952385][ T8225] netlink: 14601 bytes leftover after parsing attributes in process `syz.0.563'. [ 403.783622][ T8267] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 404.568838][ T5305] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 404.894702][ T5305] usb 1-1: Using ep0 maxpacket: 8 [ 405.854608][ T5305] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 406.826051][ T5305] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 406.869964][ T5305] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 407.814240][ T5305] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 407.827534][ T5305] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 407.836708][ T5305] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.868198][ T5305] usb 1-1: can't set config #16, error -71 [ 407.911667][ T5305] usb 1-1: USB disconnect, device number 7 [ 410.280895][ T8316] trusted_key: encrypted_key: insufficient parameters specified [ 411.055755][ T1175] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 411.757001][ T8330] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 411.763308][ T8330] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 411.932958][ T8330] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 411.934510][ T1175] usb 5-1: Using ep0 maxpacket: 8 [ 411.939262][ T8330] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 412.133296][ T1175] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 412.143704][ T1175] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 412.154124][ T1175] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 412.164347][ T1175] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 412.202217][ T8330] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 412.803914][ T1175] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 412.804182][ T8330] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 412.819337][ T8330] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 412.858052][ T8330] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 412.866163][ T8330] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 412.872413][ T8330] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 412.880702][ T8330] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 412.903836][ T1175] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.964449][ T4613] Bluetooth: hci6: command 0x0406 tx timeout [ 414.078082][ T1175] usb 5-1: usb_control_msg returned -71 [ 414.083738][ T1175] usbtmc 5-1:16.0: can't read capabilities [ 414.245643][ T4613] Bluetooth: hci3: command 0x0406 tx timeout [ 414.263563][ T1175] usb 5-1: USB disconnect, device number 13 [ 415.254532][ T5234] Bluetooth: hci4: command 0x0c1a tx timeout [ 415.261584][ T4613] Bluetooth: hci2: command 0x0c1a tx timeout [ 416.004554][ T4613] Bluetooth: hci6: command 0x0406 tx timeout [ 416.304611][ T4613] Bluetooth: hci3: command 0x0406 tx timeout [ 416.505023][ T4613] Bluetooth: hci2: unexpected event 0x04 length: 14 > 10 [ 416.662134][ T8362] xt_CT: You must specify a L4 protocol and not use inversions on it [ 417.702131][ T4613] Bluetooth: hci4: command 0x0c1a tx timeout [ 417.708284][ T4613] Bluetooth: hci2: command 0x0c1a tx timeout [ 418.384854][ T5234] Bluetooth: hci3: command 0x0406 tx timeout [ 419.834544][ T5234] Bluetooth: hci2: command 0x0c1a tx timeout [ 419.840627][ T5234] Bluetooth: hci4: command 0x0c1a tx timeout [ 421.382304][ T51] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 422.134512][ T51] usb 3-1: Using ep0 maxpacket: 8 [ 422.139885][ T4613] Bluetooth: hci2: command 0x0c1a tx timeout [ 422.165718][ T51] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 422.404643][ T4613] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 422.435398][ T51] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 422.644607][ T4613] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 423.304732][ T4613] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 423.383312][ T51] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 423.400485][ T51] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 423.413654][ T51] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 423.425073][ T4613] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 423.433050][ T4613] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 423.442011][ T4613] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 423.550668][ T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.591831][ T51] usb 3-1: can't set config #16, error -71 [ 423.616339][ T51] usb 3-1: USB disconnect, device number 9 [ 424.229231][ T8400] chnl_net:caif_netlink_parms(): no params data found [ 424.292056][ T8400] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.299725][ T8400] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.307688][ T8400] bridge_slave_0: entered allmulticast mode [ 424.316121][ T8400] bridge_slave_0: entered promiscuous mode [ 424.324078][ T8400] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.332124][ T8400] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.339669][ T8400] bridge_slave_1: entered allmulticast mode [ 424.346928][ T8400] bridge_slave_1: entered promiscuous mode [ 424.374542][ T1175] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 424.448644][ T8400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.563935][ T6291] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.601478][ T8400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.654252][ T8400] team0: Port device team_slave_0 added [ 424.669857][ T8400] team0: Port device team_slave_1 added [ 424.707930][ T8400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.721141][ T8400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.758553][ T8400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.764599][ T1175] usb 5-1: Using ep0 maxpacket: 32 [ 424.773749][ T8400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.787778][ T8400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.805510][ T1175] usb 5-1: unable to get BOS descriptor or descriptor too short [ 425.417550][ T1175] usb 5-1: config 128 has an invalid interface number: 127 but max is 3 [ 425.450588][ T1175] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 425.513993][ T8400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.551350][ T1175] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 425.584750][ T4613] Bluetooth: hci1: command tx timeout [ 425.602163][ T1175] usb 5-1: config 128 has no interface number 0 [ 425.616554][ T1175] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 425.629500][ T1175] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 425.640236][ T1175] usb 5-1: config 128 interface 127 has no altsetting 0 [ 425.650582][ T1175] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 425.660299][ T1175] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.668848][ T1175] usb 5-1: Product: syz [ 425.673472][ T1175] usb 5-1: Manufacturer: syz [ 425.794533][ T1175] usb 5-1: SerialNumber: syz [ 426.030978][ T6291] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.025039][ T1175] usb 5-1: USB disconnect, device number 14 [ 427.676118][ T4613] Bluetooth: hci1: command tx timeout [ 427.889657][ T51] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 427.911642][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 427.988602][ T6291] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.184487][ T51] usb 1-1: Using ep0 maxpacket: 8 [ 428.195472][ T51] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 428.213204][ T51] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 428.257616][ T51] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 428.429286][ T51] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 429.027179][ T51] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 429.044100][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.182956][ T6291] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.433563][ T51] usb 1-1: GET_CAPABILITIES returned 0 [ 429.439220][ T51] usbtmc 1-1:16.0: can't read capabilities [ 429.788604][ T4613] Bluetooth: hci1: command tx timeout [ 430.487455][ T8400] hsr_slave_0: entered promiscuous mode [ 430.562222][ T8400] hsr_slave_1: entered promiscuous mode [ 430.592792][ T8400] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 430.619554][ T25] usb 1-1: USB disconnect, device number 8 [ 430.646011][ T8400] Cannot create hsr debugfs directory [ 431.008103][ T8474] netlink: 32 bytes leftover after parsing attributes in process `syz.4.633'. [ 431.312833][ T6291] bridge_slave_1: left allmulticast mode [ 431.346750][ T6291] bridge_slave_1: left promiscuous mode [ 431.379632][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.661705][ T6291] bridge_slave_0: left allmulticast mode [ 431.705433][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.877560][ T8478] Driver unsupported XDP return value 0 on prog (id 249) dev N/A, expect packet loss! [ 432.164971][ T4613] Bluetooth: hci1: command tx timeout [ 432.347019][ T8483] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 435.264732][ T5301] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 435.446783][ T6291] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 435.466850][ T5301] usb 1-1: Using ep0 maxpacket: 8 [ 435.472594][ T6291] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 435.476298][ T5301] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 435.494330][ T6291] bond0 (unregistering): Released all slaves [ 435.508031][ T5301] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 435.524431][ T5301] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 435.542171][ T5301] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 435.578430][ T5301] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 435.591065][ T8492] netlink: 4 bytes leftover after parsing attributes in process `syz.4.637'. [ 435.592299][ T5301] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.861865][ T5301] usb 1-1: GET_CAPABILITIES returned 0 [ 435.874048][ T5301] usbtmc 1-1:16.0: can't read capabilities [ 436.140530][ T5272] usb 1-1: USB disconnect, device number 9 [ 437.916591][ T6291] hsr_slave_0: left promiscuous mode [ 437.959184][ T6291] hsr_slave_1: left promiscuous mode [ 438.178628][ T6291] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 438.381631][ T6291] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 438.718160][ T6291] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 438.732746][ T6291] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 438.836399][ T6291] veth1_macvtap: left promiscuous mode [ 438.855446][ T6291] veth0_macvtap: left promiscuous mode [ 438.868329][ T6291] veth1_vlan: left promiscuous mode [ 438.888603][ T6291] veth0_vlan: left promiscuous mode [ 439.564183][ T6291] team0 (unregistering): Port device team_slave_1 removed [ 439.606105][ T6291] team0 (unregistering): Port device team_slave_0 removed [ 440.065677][ T1106] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.146409][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.152922][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.556855][ T8400] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 442.628008][ T8400] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 442.703212][ T8400] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 442.756705][ T8400] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 442.944592][ T4613] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 443.001667][ T8400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.053196][ T8400] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.138604][ T6287] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.145931][ T6287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.167776][ T8599] netlink: 4 bytes leftover after parsing attributes in process `syz.3.657'. [ 444.178302][ T8600] netlink: 12 bytes leftover after parsing attributes in process `syz.3.657'. [ 444.231700][ T1065] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.238912][ T1065] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.996864][ T8594] netlink: 4 bytes leftover after parsing attributes in process `syz.2.658'. [ 445.045844][ T5272] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 445.214599][ T5272] usb 5-1: Using ep0 maxpacket: 8 [ 445.244534][ T5272] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 445.291001][ T5272] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 445.323311][ T5234] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 445.350469][ T8400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.359663][ T5272] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 445.389842][ T5272] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 445.418981][ T5272] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 445.453431][ T5272] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.496864][ T8400] veth0_vlan: entered promiscuous mode [ 445.573818][ T8400] veth1_vlan: entered promiscuous mode [ 445.628502][ T8400] veth0_macvtap: entered promiscuous mode [ 445.677311][ T8400] veth1_macvtap: entered promiscuous mode [ 446.574260][ T5272] usb 5-1: usb_control_msg returned -71 [ 446.592666][ T5272] usbtmc 5-1:16.0: can't read capabilities [ 446.607253][ T5272] usb 5-1: USB disconnect, device number 15 [ 446.698247][ T4613] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 446.700932][ T8400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.754652][ T8400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.782802][ T8400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.830369][ T8400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 446.880230][ T8400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.925911][ T8400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 447.000230][ T8400] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.009308][ T8400] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.018152][ T8400] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.027556][ T8400] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.294720][ T6314] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 449.031326][ T4613] Bluetooth: hci2: command 0x0c1a tx timeout [ 449.346780][ T6314] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 449.409480][ T25] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 449.975100][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 449.999166][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 450.044578][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 450.061995][ T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 450.083499][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 450.098683][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 450.109911][ T25] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 450.164695][ T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 450.205574][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.493344][ T25] usb 1-1: usb_control_msg returned -71 [ 450.501651][ T25] usbtmc 1-1:16.0: can't read capabilities [ 450.568641][ T25] usb 1-1: USB disconnect, device number 10 [ 451.249329][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.4.672'. [ 451.259964][ T8677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.672'. [ 458.043094][ T8720] netlink: 16 bytes leftover after parsing attributes in process `syz.3.685'. [ 460.194093][ T5225] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 460.235409][ T1065] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.364596][ T5225] usb 2-1: Using ep0 maxpacket: 8 [ 460.415569][ T5225] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 460.530312][ T5225] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 460.979716][ T5225] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 461.036901][ T5225] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 461.124583][ T5225] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 461.174579][ T5225] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.512267][ T5225] usb 2-1: usb_control_msg returned -71 [ 461.524518][ T5225] usbtmc 2-1:16.0: can't read capabilities [ 461.541055][ T5225] usb 2-1: USB disconnect, device number 9 [ 462.789862][ T29] audit: type=1326 audit(1729019066.258:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8754 comm="syz.0.698" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11aff7dff9 code=0x0 [ 464.218225][ T8767] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.844965][ T8767] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.853932][ T8767] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.866635][ T8767] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.876855][ T8767] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.829070][ T29] audit: type=1326 audit(1729019072.318:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8803 comm="syz.4.712" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8bc817dff9 code=0x0 [ 470.024904][ T8813] random: crng reseeded on system resumption [ 475.853069][ T5234] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 475.863197][ T5234] CPU: 1 UID: 0 PID: 5234 Comm: kworker/u9:6 Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 475.874109][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 475.884214][ T5234] Workqueue: hci1 hci_rx_work [ 475.888964][ T5234] Call Trace: [ 475.892365][ T5234] [ 475.895340][ T5234] dump_stack_lvl+0x241/0x360 [ 475.900073][ T5234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 475.905408][ T5234] ? __pfx__printk+0x10/0x10 [ 475.910045][ T5234] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 475.915388][ T5234] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 475.920998][ T5234] sysfs_create_dir_ns+0x2ce/0x3a0 [ 475.926173][ T5234] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 475.931871][ T5234] kobject_add_internal+0x435/0x8d0 [ 475.937144][ T5234] kobject_add+0x152/0x220 [ 475.941616][ T5234] ? do_raw_spin_unlock+0x13c/0x8b0 [ 475.946868][ T5234] ? device_add+0x3e7/0xbf0 [ 475.951413][ T5234] ? __pfx_kobject_add+0x10/0x10 [ 475.956405][ T5234] ? _raw_spin_unlock+0x28/0x50 [ 475.961403][ T5234] ? get_device_parent+0x165/0x410 [ 475.966566][ T5234] device_add+0x4e5/0xbf0 [ 475.970963][ T5234] hci_conn_add_sysfs+0xe8/0x200 [ 475.975954][ T5234] le_conn_complete_evt+0xc9f/0x12e0 [ 475.981332][ T5234] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 475.987116][ T5234] ? __mutex_unlock_slowpath+0x21d/0x750 [ 475.992796][ T5234] ? __copy_skb_header+0x437/0x5b0 [ 475.997962][ T5234] ? skb_pull_data+0x112/0x230 [ 476.002798][ T5234] hci_le_conn_complete_evt+0x18c/0x420 [ 476.008418][ T5234] hci_event_packet+0xa55/0x1540 [ 476.013407][ T5234] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 476.018755][ T5234] ? __pfx_hci_event_packet+0x10/0x10 [ 476.024180][ T5234] ? tlv_data_is_valid+0x240/0x420 [ 476.029353][ T5234] ? kcov_remote_start+0x97/0x7d0 [ 476.034429][ T5234] hci_rx_work+0x3fe/0xd80 [ 476.038897][ T5234] ? process_scheduled_works+0x976/0x1850 [ 476.044664][ T5234] process_scheduled_works+0xa63/0x1850 [ 476.050295][ T5234] ? __pfx_process_scheduled_works+0x10/0x10 [ 476.056335][ T5234] ? assign_work+0x364/0x3d0 [ 476.060992][ T5234] worker_thread+0x870/0xd30 [ 476.065652][ T5234] ? __kthread_parkme+0x169/0x1d0 [ 476.070709][ T5234] ? __pfx_worker_thread+0x10/0x10 [ 476.075848][ T5234] kthread+0x2f0/0x390 [ 476.079939][ T5234] ? __pfx_worker_thread+0x10/0x10 [ 476.085079][ T5234] ? __pfx_kthread+0x10/0x10 [ 476.089719][ T5234] ret_from_fork+0x4b/0x80 [ 476.094160][ T5234] ? __pfx_kthread+0x10/0x10 [ 476.098765][ T5234] ret_from_fork_asm+0x1a/0x30 [ 476.103569][ T5234] [ 476.118691][ T5234] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 476.134272][ T5234] Bluetooth: hci1: failed to register connection device [ 476.548465][ T29] audit: type=1326 audit(1729019080.028:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8866 comm="syz.2.731" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f402cb7dff9 code=0x0 [ 477.061121][ T8877] input: syz1 as /devices/virtual/input/input14 [ 477.341204][ T8879] netlink: 16 bytes leftover after parsing attributes in process `syz.0.734'. [ 480.424543][ T5272] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 480.607189][ T5272] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.335603][ T5272] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 481.346656][ T5272] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 481.356233][ T5272] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.097364][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.743'. [ 482.107614][ T8908] netlink: 12 bytes leftover after parsing attributes in process `syz.3.743'. [ 482.107747][ T5272] usb 3-1: config 0 descriptor?? [ 482.464727][ T4613] Bluetooth: hci1: command 0x0406 tx timeout [ 482.542996][ T5272] usbhid 3-1:0.0: can't add hid device: -71 [ 482.584819][ T5272] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 482.640881][ T5272] usb 3-1: USB disconnect, device number 10 [ 485.220812][ T29] audit: type=1326 audit(1729019087.708:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8929 comm="syz.1.749" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f22bd77dff9 code=0x0 [ 489.905434][ T8968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.759'. [ 489.925254][ T8968] netlink: 12 bytes leftover after parsing attributes in process `syz.2.759'. [ 492.458864][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 492.636181][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 492.647675][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 492.673023][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 492.770992][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 492.808741][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 493.149916][ T29] audit: type=1326 audit(1729019096.628:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8986 comm="syz.3.766" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x0 [ 493.751659][ T9013] blktrace: Concurrent blktraces are not allowed on loop0 [ 495.187055][ T5234] Bluetooth: hci3: command tx timeout [ 495.195933][ T9014] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 495.202014][ T9014] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 495.208300][ T9014] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 495.214265][ T9014] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 495.294494][ T9014] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 495.305071][ T9014] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 495.376701][ T9014] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 495.382750][ T9014] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 495.395229][ T9014] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 495.546484][ T5663] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.127039][ T8993] chnl_net:caif_netlink_parms(): no params data found [ 496.369897][ T9022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.772'. [ 496.379756][ T9024] netlink: 12 bytes leftover after parsing attributes in process `syz.1.772'. [ 496.435397][ T5663] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 497.101330][ T5663] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 497.399221][ T5234] Bluetooth: hci4: command 0x0c1a tx timeout [ 497.405728][ T5234] Bluetooth: hci6: command 0x0406 tx timeout [ 497.414579][ T4613] Bluetooth: hci1: command 0x0406 tx timeout [ 497.924888][ T4613] Bluetooth: hci3: command 0x040f tx timeout [ 498.011848][ T8993] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.074760][ T8993] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.082025][ T8993] bridge_slave_0: entered allmulticast mode [ 498.166720][ T8993] bridge_slave_0: entered promiscuous mode [ 498.212926][ T8993] bridge0: port 2(bridge_slave_1) entered blocking state [ 498.267858][ T8993] bridge0: port 2(bridge_slave_1) entered disabled state [ 498.275562][ T8993] bridge_slave_1: entered allmulticast mode [ 498.282625][ T8993] bridge_slave_1: entered promiscuous mode [ 498.362046][ T29] audit: type=1326 audit(1729019101.848:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.1.780" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f22bd77dff9 code=0x0 [ 498.547261][ T5663] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 498.914819][ T9068] blktrace: Concurrent blktraces are not allowed on loop0 [ 499.424655][ T4613] Bluetooth: hci1: command 0x0406 tx timeout [ 499.529441][ T8993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 500.075372][ T8993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 500.329250][ T4613] Bluetooth: hci3: command 0x040f tx timeout [ 502.095476][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.101888][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.108328][ T4613] Bluetooth: hci1: command 0x0406 tx timeout [ 502.407740][ T4613] Bluetooth: hci3: command 0x040f tx timeout [ 502.915244][ T8993] team0: Port device team_slave_0 added [ 503.161038][ T8993] team0: Port device team_slave_1 added [ 503.510055][ T8993] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.553754][ T8993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.623810][ T8993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 503.659680][ T5663] bridge_slave_1: left allmulticast mode [ 503.681886][ T5663] bridge_slave_1: left promiscuous mode [ 503.688233][ T5663] bridge0: port 2(bridge_slave_1) entered disabled state [ 503.951685][ T5663] bridge_slave_0: left allmulticast mode [ 504.070856][ T5663] bridge_slave_0: left promiscuous mode [ 504.164474][ T4613] Bluetooth: hci1: command 0x0406 tx timeout [ 504.250910][ T5663] bridge0: port 1(bridge_slave_0) entered disabled state [ 504.628034][ T4613] Bluetooth: hci3: command 0x040f tx timeout [ 505.015264][ T51] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 505.535748][ T51] usb 5-1: device descriptor read/64, error -71 [ 506.425522][ T51] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 506.576400][ T5663] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 506.585305][ T51] usb 5-1: device descriptor read/64, error -71 [ 506.594010][ T5663] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 506.609030][ T5663] bond0 (unregistering): Released all slaves [ 506.618926][ T8993] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.626766][ T8993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.652988][ T8993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.695062][ T51] usb usb5-port1: attempt power cycle [ 506.708282][ T4613] Bluetooth: hci3: command 0x040f tx timeout [ 506.723434][ T9119] netlink: 16 bytes leftover after parsing attributes in process `syz.1.792'. [ 506.792466][ T8993] hsr_slave_0: entered promiscuous mode [ 506.803040][ T8993] hsr_slave_1: entered promiscuous mode [ 507.010884][ T5663] hsr_slave_0: left promiscuous mode [ 507.018760][ T5663] hsr_slave_1: left promiscuous mode [ 507.052417][ T5663] veth1_macvtap: left promiscuous mode [ 507.067175][ T5663] veth0_macvtap: left promiscuous mode [ 507.072988][ T5663] veth1_vlan: left promiscuous mode [ 507.079633][ T5663] veth0_vlan: left promiscuous mode [ 507.177364][ T51] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 507.214981][ T51] usb 5-1: device descriptor read/8, error -71 [ 507.464490][ T51] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 507.495182][ T51] usb 5-1: device descriptor read/8, error -71 [ 507.519032][ T5663] team0 (unregistering): Port device team_slave_1 removed [ 507.557291][ T5663] team0 (unregistering): Port device team_slave_0 removed [ 507.606312][ T51] usb usb5-port1: unable to enumerate USB device [ 509.239144][ T9158] input: syz1 as /devices/virtual/input/input15 [ 509.335173][ T9153] netlink: 16 bytes leftover after parsing attributes in process `syz.3.810'. [ 511.009065][ T9180] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 511.052842][ T9180] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 512.367721][ T8993] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 512.376872][ T8993] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 512.448922][ T8993] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 512.451764][ T8993] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 512.845558][ T8993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 512.965846][ T8993] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.016743][ T5663] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.023975][ T5663] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.267969][ T5305] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 514.074567][ T5301] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 514.088161][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.095389][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.134611][ T5301] usb 3-1: Using ep0 maxpacket: 32 [ 515.140294][ T5305] usb 4-1: device descriptor read/64, error -71 [ 515.146364][ T5301] usb 3-1: unable to get BOS descriptor or descriptor too short [ 515.233680][ T5301] usb 3-1: config 128 has an invalid interface number: 127 but max is 3 [ 515.497215][ T5301] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 515.617210][ T5301] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 515.707282][ T4613] Bluetooth: hci1: unexpected event for opcode 0x0c6d [ 515.714959][ T5301] usb 3-1: config 128 has no interface number 0 [ 515.721277][ T5301] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 515.738819][ T9216] bridge0: entered promiscuous mode [ 515.745916][ T5305] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 515.754641][ T5301] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 515.764903][ T5301] usb 3-1: config 128 interface 127 has no altsetting 0 [ 515.773210][ T8993] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 515.774873][ T5301] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 515.793064][ T5301] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.802038][ T5301] usb 3-1: Product: syz [ 515.806895][ T5301] usb 3-1: Manufacturer: syz [ 515.811535][ T5301] usb 3-1: SerialNumber: syz [ 515.833873][ T9215] bridge0: left promiscuous mode [ 517.424902][ T5301] usb 3-1: USB disconnect, device number 11 [ 518.011739][ T4613] Bluetooth: hci1: command 0x0406 tx timeout [ 519.074820][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 519.239941][ T8993] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 519.536335][ T8993] veth0_vlan: entered promiscuous mode [ 519.640289][ T8993] veth1_vlan: entered promiscuous mode [ 519.747089][ T4613] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 519.760703][ T4613] Bluetooth: hci1: Injecting HCI hardware error event [ 519.769693][ T5229] Bluetooth: hci1: hardware error 0x00 [ 519.888212][ T8993] veth0_macvtap: entered promiscuous mode [ 520.185563][ T8993] veth1_macvtap: entered promiscuous mode [ 520.563904][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.674423][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.887013][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 520.950208][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.992536][ T8993] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 521.008455][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.216585][ T9272] input: syz1 as /devices/virtual/input/input16 [ 521.295290][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.589266][ T8993] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 521.688982][ T8993] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 521.718685][ T8993] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 521.780360][ T8993] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.804609][ T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 521.828377][ T8993] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.837527][ T8993] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.850433][ T8993] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 521.904910][ T5229] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 521.945089][ T8] usb 2-1: device descriptor read/64, error -71 [ 522.241653][ T5663] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.340946][ T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 522.358292][ T5663] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 522.882515][ T8] usb 2-1: device descriptor read/64, error -71 [ 522.937137][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 522.961323][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 523.164238][ T8] usb usb2-port1: attempt power cycle [ 523.592281][ T8] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 523.781578][ T8] usb 2-1: device descriptor read/8, error -71 [ 526.280355][ T9344] bridge0: entered promiscuous mode [ 526.323627][ T9343] bridge0: left promiscuous mode [ 526.789734][ T9364] netlink: 4 bytes leftover after parsing attributes in process `syz.4.840'. [ 526.810745][ T9364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.840'. [ 527.412692][ T51] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 528.278374][ T29] audit: type=1326 audit(1729019131.698:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.394534][ T29] audit: type=1326 audit(1729019131.698:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.493561][ T51] usb 1-1: device descriptor read/64, error -71 [ 528.500409][ T29] audit: type=1326 audit(1729019131.698:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.522953][ T29] audit: type=1326 audit(1729019131.698:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.544377][ T29] audit: type=1326 audit(1729019131.708:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.565714][ T29] audit: type=1326 audit(1729019131.708:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.587209][ T29] audit: type=1326 audit(1729019131.708:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.609107][ T29] audit: type=1326 audit(1729019131.708:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.817520][ T29] audit: type=1326 audit(1729019131.708:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.854652][ T29] audit: type=1326 audit(1729019131.708:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9366 comm="syz.3.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x7ffc0000 [ 528.984696][ T51] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 529.134701][ T51] usb 1-1: device descriptor read/64, error -71 [ 529.431772][ T51] usb usb1-port1: attempt power cycle [ 529.751181][ T4613] Bluetooth: hci3: unexpected event for opcode 0x0c6d [ 529.770021][ T9399] bridge0: entered promiscuous mode [ 529.777504][ T9398] bridge0: left promiscuous mode [ 531.381820][ T9434] netlink: 4 bytes leftover after parsing attributes in process `syz.3.865'. [ 531.395313][ T9434] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'. [ 533.644824][ T5301] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 533.836290][ T5229] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 533.846187][ T5229] Bluetooth: hci3: Injecting HCI hardware error event [ 533.855738][ T5229] Bluetooth: hci3: hardware error 0x00 [ 533.934833][ T5301] usb 1-1: device descriptor read/64, error -71 [ 534.091577][ T5234] Bluetooth: hci6: unexpected event for opcode 0x0c6d [ 534.106862][ T9461] bridge0: entered promiscuous mode [ 534.112930][ T9460] bridge0: left promiscuous mode [ 534.133503][ T29] kauditd_printk_skb: 13 callbacks suppressed [ 534.133522][ T29] audit: type=1326 audit(1729019137.618:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9458 comm="syz.3.875" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc97137dff9 code=0x0 [ 534.224880][ T5301] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 534.392002][ T5234] Bluetooth: hci4: command 0x0c1a tx timeout [ 534.563638][ T5301] usb 1-1: device descriptor read/64, error -71 [ 534.697244][ T5301] usb usb1-port1: attempt power cycle [ 535.217482][ T5301] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 535.376798][ T5301] usb 1-1: device descriptor read/8, error -71 [ 535.595145][ T9479] netlink: 4 bytes leftover after parsing attributes in process `syz.3.882'. [ 535.608557][ T9479] netlink: 12 bytes leftover after parsing attributes in process `syz.3.882'. [ 536.753762][ T5301] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 536.775199][ T5229] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 537.754672][ T5301] usb 1-1: device descriptor read/8, error -71 [ 538.748723][ T5229] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 538.758024][ T5229] Bluetooth: hci6: Injecting HCI hardware error event [ 538.767584][ T5229] Bluetooth: hci6: command 0x0406 tx timeout [ 538.808090][ T5301] usb usb1-port1: unable to enumerate USB device [ 538.837699][ T4613] Bluetooth: hci6: hardware error 0x00 [ 540.061362][ T9499] bridge0: entered promiscuous mode [ 540.100109][ T9495] bridge0: left promiscuous mode [ 540.226495][ T9508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.886'. [ 540.246903][ T9508] netlink: 16 bytes leftover after parsing attributes in process `syz.0.886'. [ 540.709862][ T29] audit: type=1326 audit(1729019144.188:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9505 comm="syz.1.891" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f22bd77dff9 code=0x0 [ 540.876962][ T4613] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 542.124500][ T25] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 542.497133][ T25] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 542.507702][ T25] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 542.519787][ T25] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 542.534776][ T25] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 542.551957][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.618777][ T5301] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 542.876942][ T5301] usb 3-1: device descriptor read/64, error -71 [ 543.252693][ T25] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 543.371656][ T25] usb 4-1: invalid MIDI out EP 0 [ 545.420213][ T5301] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 545.604600][ T25] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 545.618512][ T25] usb 4-1: USB disconnect, device number 11 [ 545.636300][ T5368] udevd[5368]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 546.064622][ T4613] Bluetooth: hci4: unexpected event for opcode 0x0c6d [ 546.078642][ T9556] bridge0: entered promiscuous mode [ 546.084747][ T9554] bridge0: left promiscuous mode [ 547.241642][ T9573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.907'. [ 547.267632][ T9573] netlink: 16 bytes leftover after parsing attributes in process `syz.3.907'. [ 550.077962][ T4613] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 550.092581][ T4613] Bluetooth: hci4: Injecting HCI hardware error event [ 550.103127][ T5229] Bluetooth: hci4: hardware error 0x00 [ 550.294675][ T5225] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 550.654403][ T5225] usb 4-1: Using ep0 maxpacket: 8 [ 550.670442][ T5225] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 550.712604][ T5225] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 550.783129][ T5225] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 550.846434][ T5225] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 550.869725][ T5225] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.898430][ T5225] usb 4-1: Product: syz [ 550.928681][ T5225] usb 4-1: Manufacturer: syz [ 550.933337][ T5225] usb 4-1: SerialNumber: syz [ 552.316305][ T5229] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 552.634688][ T25] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 552.798777][ T5225] usb 4-1: 0:2 : does not exist [ 552.817410][ T5225] usb 4-1: USB disconnect, device number 12 [ 552.850656][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 552.880446][ T25] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 552.909263][ T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 552.941548][ T25] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 553.173545][ T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 553.182825][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.198322][ T25] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 553.206577][ T25] usb 1-1: invalid MIDI out EP 0 [ 553.224400][ T51] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 553.435491][ T51] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 553.843462][ T51] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 553.865431][ T25] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 553.909764][ T5226] udevd[5226]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 553.944863][ T51] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 553.953959][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.055357][ T51] usb 2-1: config 0 descriptor?? [ 554.105901][ T25] usb 1-1: USB disconnect, device number 18 [ 554.140955][ T9639] bridge0: entered promiscuous mode [ 554.151288][ T9638] bridge0: left promiscuous mode [ 555.184934][ T51] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 555.196508][ T51] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 556.163040][ T9663] No such timeout policy "syz0" [ 556.798281][ T25] usb 2-1: USB disconnect, device number 14 [ 561.046963][ T51] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 561.111993][ T25] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 561.244859][ T51] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 561.304715][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 561.320176][ T51] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x8C has invalid wMaxPacketSize 0 [ 561.471506][ T25] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 561.535784][ T51] usb 1-1: config 0 interface 0 has no altsetting 0 [ 561.636100][ T25] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 561.729178][ T51] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=1c.92 [ 561.764123][ T25] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 561.778826][ T51] usb 1-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 561.812089][ T51] usb 1-1: Product: syz [ 561.822435][ T25] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 561.836777][ T51] usb 1-1: Manufacturer: syz [ 561.841442][ T51] usb 1-1: SerialNumber: syz [ 561.866861][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.901237][ T25] usb 3-1: Product: syz [ 561.909383][ T51] usb 1-1: config 0 descriptor?? [ 561.931511][ T25] usb 3-1: Manufacturer: syz [ 561.941805][ T25] usb 3-1: SerialNumber: syz [ 562.152300][ T51] usbtest 1-1:0.0: couldn't get endpoints, -71 [ 562.210192][ T51] usbtest 1-1:0.0: probe with driver usbtest failed with error -71 [ 562.214434][ T5272] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 562.336468][ T51] usb 1-1: USB disconnect, device number 19 [ 563.027318][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.036229][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.227828][ T5272] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 563.254045][ T5272] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 563.269133][ T5272] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 563.270834][ T25] usb 3-1: 0:2 : does not exist [ 563.283733][ T5272] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 563.303263][ T5272] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.329346][ T5272] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 563.338201][ T25] usb 3-1: USB disconnect, device number 14 [ 563.345204][ T5272] usb 2-1: invalid MIDI out EP 0 [ 563.443084][ T5231] udevd[5231]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 563.477644][ T5272] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 563.525509][ T5225] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 563.593401][ T5272] usb 2-1: USB disconnect, device number 15 [ 563.826597][ T5225] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 563.838528][ T5225] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 563.861753][ T5225] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 563.888075][ T5225] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.126643][ T5225] usb 1-1: config 0 descriptor?? [ 564.777573][ T5225] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 565.031871][ T5225] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 568.474074][ T25] usb 1-1: USB disconnect, device number 20 [ 572.194740][ T5272] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 572.696258][ T5272] usb 5-1: Using ep0 maxpacket: 8 [ 572.753788][ T5272] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 573.015177][ T5272] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 573.039085][ T5272] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 573.051362][ T5272] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 573.501572][ T5272] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.861834][ T5272] usb 5-1: Product: syz [ 573.885098][ T5272] usb 5-1: Manufacturer: syz [ 573.910669][ T5272] usb 5-1: SerialNumber: syz [ 573.988180][ T5272] usb 5-1: can't set config #1, error -71 [ 574.042749][ T5272] usb 5-1: USB disconnect, device number 20 [ 574.246784][ T5305] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 575.315787][ T5305] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 575.340584][ T5305] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 575.386129][ T5305] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 575.414443][ T5305] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.517408][ T5305] usb 3-1: config 0 descriptor?? [ 576.481430][ T5305] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 576.495047][ T5305] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 577.129015][ T25] usb 3-1: USB disconnect, device number 15 [ 579.734105][ T9854] syzkaller1: entered promiscuous mode [ 579.739701][ T9854] syzkaller1: entered allmulticast mode [ 579.749527][ T9854] erofs: (device nbd4): erofs_read_superblock: cannot find valid erofs superblock [ 584.184428][ T51] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 584.906848][ T51] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 585.164476][ T51] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x8C has invalid wMaxPacketSize 0 [ 585.184380][ T51] usb 4-1: config 0 interface 0 has no altsetting 0 [ 585.193281][ T51] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=1c.92 [ 585.209494][ T51] usb 4-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 585.218691][ T51] usb 4-1: Product: syz [ 585.222935][ T51] usb 4-1: Manufacturer: syz [ 585.227651][ T51] usb 4-1: SerialNumber: syz [ 585.247000][ T51] usb 4-1: config 0 descriptor?? [ 585.423802][ T9908] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 585.541691][ T51] usbtest 4-1:0.0: couldn't get endpoints, -71 [ 585.762354][ T51] usbtest 4-1:0.0: probe with driver usbtest failed with error -71 [ 586.137428][ T51] usb 4-1: USB disconnect, device number 13 [ 586.694427][ T51] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 586.924535][ T51] usb 5-1: Using ep0 maxpacket: 8 [ 587.114943][ T51] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 587.176682][ T51] usb 5-1: New USB device found, idVendor=13d3, idProduct=3340, bcdDevice=ab.0b [ 587.240809][ T51] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.546465][ T51] usb 5-1: config 0 descriptor?? [ 587.556499][ T51] r8712u: register rtl8712_netdev_ops to netdev_ops [ 587.564613][ T51] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 588.116647][ T51] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 588.208171][ T51] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 588.277743][ T51] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 589.510526][ T5225] usb 5-1: USB disconnect, device number 21 [ 590.187607][ T9962] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 595.784447][ T25] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 596.479371][ T25] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 596.569076][ T25] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 596.726493][T10028] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 597.078495][ T25] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 597.112292][ T25] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 597.374471][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.443044][ T25] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 597.785442][ T25] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 597.850075][ T25] usb 4-1: USB disconnect, device number 14 [ 599.111961][T10044] kvm: kvm [10041]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1000020a1 [ 599.236506][T10060] syz.4.1031[10060] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 599.236631][T10060] syz.4.1031[10060] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 599.248761][T10060] syz.4.1031[10060] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 601.510379][T10072] syz.3.1044[10072] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 601.522515][T10072] syz.3.1044[10072] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 601.534200][T10072] syz.3.1044[10072] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 602.625565][T10080] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 609.473360][T10138] syz.2.1054[10138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 609.473473][T10138] syz.2.1054[10138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 609.485296][T10138] syz.2.1054[10138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 609.680322][ T4613] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 610.654422][ T4613] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 610.681772][ T4613] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 610.716939][ T4613] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 611.338466][ T4613] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 611.346122][ T4613] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 611.833645][ T6291] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.882234][ T6291] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.896369][T10155] syz.2.1067[10155] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 612.896488][T10155] syz.2.1067[10155] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 612.908440][T10155] syz.2.1067[10155] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 613.894847][ T4613] Bluetooth: hci2: command tx timeout [ 614.296718][ T6291] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 615.998274][ T4613] Bluetooth: hci2: command tx timeout [ 617.376142][ T6291] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.706404][T10137] chnl_net:caif_netlink_parms(): no params data found [ 617.753330][ T6291] bridge_slave_1: left allmulticast mode [ 617.773406][ T6291] bridge_slave_1: left promiscuous mode [ 617.796509][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state [ 617.825372][ T6291] bridge_slave_0: left allmulticast mode [ 617.832555][ T6291] bridge_slave_0: left promiscuous mode [ 618.562653][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.570924][ T5229] Bluetooth: hci2: command tx timeout [ 618.615487][ T1175] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 618.870218][ T1175] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 618.898900][ T1175] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 618.912693][ T1175] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 618.931430][ T1175] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 618.942079][ T1175] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.966327][ T1175] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 619.110668][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 619.180530][ T1175] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 619.527136][ T6291] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 619.549797][ T6291] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 619.579850][ T6291] bond0 (unregistering): Released all slaves [ 619.634077][ T8] usb 3-1: USB disconnect, device number 16 [ 620.050059][T10137] bridge0: port 1(bridge_slave_0) entered blocking state [ 620.068265][T10137] bridge0: port 1(bridge_slave_0) entered disabled state [ 620.091450][T10137] bridge_slave_0: entered allmulticast mode [ 620.126396][T10137] bridge_slave_0: entered promiscuous mode [ 620.404452][ T6291] hsr_slave_0: left promiscuous mode [ 620.439054][ T6291] hsr_slave_1: left promiscuous mode [ 620.634844][ T4613] Bluetooth: hci2: command tx timeout [ 621.270276][ T6291] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 621.304478][ T6291] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 622.923043][ T6291] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 622.930709][ T6291] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 623.049651][ T6291] veth1_macvtap: left promiscuous mode [ 623.069444][ T6291] veth0_macvtap: left promiscuous mode [ 623.250295][ T6291] veth1_vlan: left promiscuous mode [ 623.261481][ T6291] veth0_vlan: left promiscuous mode [ 625.077359][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.083714][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 628.351682][T10259] syz.2.1072[10259] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 628.351795][T10259] syz.2.1072[10259] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 628.364539][T10259] syz.2.1072[10259] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 629.611975][ T1175] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 629.641644][ T6291] team0 (unregistering): Port device team_slave_1 removed [ 629.760802][ T6291] team0 (unregistering): Port device team_slave_0 removed [ 630.936091][ T1175] usb 4-1: Using ep0 maxpacket: 16 [ 631.856381][ T1175] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 631.866148][ T1175] usb 4-1: can't read configurations, error -71 [ 633.167245][ T5229] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 633.178688][ T5229] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 633.190931][ T5229] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 633.917602][T10295] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 633.927462][T10295] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 633.935444][T10295] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 636.152011][T10306] syz.2.1093[10306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 636.152128][T10306] syz.2.1093[10306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 636.163994][T10306] syz.2.1093[10306] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 636.175990][T10295] Bluetooth: hci3: command tx timeout [ 636.235597][T10137] bridge0: port 2(bridge_slave_1) entered blocking state [ 636.248999][T10137] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.257232][T10137] bridge_slave_1: entered allmulticast mode [ 636.270156][T10137] bridge_slave_1: entered promiscuous mode [ 636.336826][T10137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 636.358313][T10137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 636.411637][T10137] team0: Port device team_slave_0 added [ 636.418642][T10214] tc_dump_action: action bad kind [ 637.354508][T10137] team0: Port device team_slave_1 added [ 638.486477][ T4613] Bluetooth: hci3: command tx timeout [ 640.844897][T10295] Bluetooth: hci3: command tx timeout [ 641.277447][ T4613] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 641.289939][ T4613] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 641.334763][ T4613] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 641.364985][ T4613] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 641.378384][ T4613] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 641.387104][ T4613] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 641.405193][T10137] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 641.412322][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 641.717720][T10137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 641.754837][T10137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 641.763089][T10137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 641.790407][T10137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 643.216854][T10295] Bluetooth: hci3: command tx timeout [ 643.505200][T10295] Bluetooth: hci5: command tx timeout [ 643.928895][T10137] hsr_slave_0: entered promiscuous mode [ 643.984561][ T25] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 643.989374][T10137] hsr_slave_1: entered promiscuous mode [ 644.305275][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 644.414201][ T25] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 644.804349][ T25] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 644.894405][ T25] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 644.978157][ T25] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 645.125920][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.134004][ T25] usb 4-1: Product: syz [ 645.154601][ T25] usb 4-1: Manufacturer: syz [ 645.159299][ T25] usb 4-1: SerialNumber: syz [ 645.374479][ T5220] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 645.400266][ T25] usb 4-1: 0:2 : does not exist [ 645.435104][ T25] usb 4-1: USB disconnect, device number 17 [ 645.465316][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 645.544413][ T5220] usb 3-1: device descriptor read/64, error -71 [ 645.584438][T10295] Bluetooth: hci5: command tx timeout [ 645.733801][T10288] chnl_net:caif_netlink_parms(): no params data found [ 645.784497][ T5220] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 645.849528][T10333] chnl_net:caif_netlink_parms(): no params data found [ 645.934808][ T5220] usb 3-1: device descriptor read/64, error -71 [ 646.054911][ T5220] usb usb3-port1: attempt power cycle [ 646.153066][ T6291] bridge_slave_1: left allmulticast mode [ 646.164073][ T6291] bridge_slave_1: left promiscuous mode [ 646.175072][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.190208][ T6291] bridge_slave_0: left allmulticast mode [ 646.196192][ T6291] bridge_slave_0: left promiscuous mode [ 646.202193][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.424406][ T5220] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 646.465267][ T5220] usb 3-1: device descriptor read/8, error -71 [ 646.729770][ T5220] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 646.763616][ T6291] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 646.765123][ T5220] usb 3-1: device descriptor read/8, error -71 [ 646.784609][ T6291] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 646.794783][ T6291] bond0 (unregistering): Released all slaves [ 646.888210][ T5220] usb usb3-port1: unable to enumerate USB device [ 646.969072][T10333] bridge0: port 1(bridge_slave_0) entered blocking state [ 646.994868][T10333] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.002320][T10333] bridge_slave_0: entered allmulticast mode [ 647.017877][T10333] bridge_slave_0: entered promiscuous mode [ 647.118227][T10333] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.141763][T10333] bridge0: port 2(bridge_slave_1) entered disabled state [ 647.164595][T10333] bridge_slave_1: entered allmulticast mode [ 647.171828][T10333] bridge_slave_1: entered promiscuous mode [ 647.665348][T10295] Bluetooth: hci5: command tx timeout [ 647.870832][T10333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 647.887591][T10288] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.899871][T10288] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.934640][T10288] bridge_slave_0: entered allmulticast mode [ 647.946812][T10288] bridge_slave_0: entered promiscuous mode [ 647.961816][T10288] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.969338][T10288] bridge0: port 2(bridge_slave_1) entered disabled state [ 647.977644][T10288] bridge_slave_1: entered allmulticast mode [ 647.985558][T10288] bridge_slave_1: entered promiscuous mode [ 648.031401][T10333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 648.435568][ T6291] hsr_slave_0: left promiscuous mode [ 648.441654][ T6291] hsr_slave_1: left promiscuous mode [ 650.374454][T10295] Bluetooth: hci5: command tx timeout [ 650.767132][T10434] syz.3.1114[10434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 650.767254][T10434] syz.3.1114[10434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 650.781221][T10434] syz.3.1114[10434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 650.971089][ T8] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 651.254394][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 651.276228][ T8] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 651.311725][ T8] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 651.330139][ T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 651.342237][ T8] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 651.362895][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 651.374507][ T8] usb 3-1: Product: syz [ 651.379368][ T8] usb 3-1: Manufacturer: syz [ 651.385223][ T8] usb 3-1: SerialNumber: syz [ 651.532401][ T6291] team0 (unregistering): Port device team_slave_1 removed [ 651.627130][ T8] usb 3-1: 0:2 : does not exist [ 651.636882][ T5305] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 651.640086][ T6291] team0 (unregistering): Port device team_slave_0 removed [ 651.666076][ T8] usb 3-1: USB disconnect, device number 21 [ 651.700900][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 651.814649][ T5305] usb 4-1: device descriptor read/64, error -71 [ 652.064618][ T5305] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 652.205081][ T5305] usb 4-1: device descriptor read/64, error -71 [ 652.271996][T10137] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 652.296733][T10288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 652.324146][T10137] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 652.354633][ T5305] usb usb4-port1: attempt power cycle [ 652.369748][T10333] team0: Port device team_slave_0 added [ 652.401381][T10288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 652.419238][T10137] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 652.449254][T10333] team0: Port device team_slave_1 added [ 652.473890][T10137] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 652.594921][T10288] team0: Port device team_slave_0 added [ 652.606098][T10333] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 652.620505][T10333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 652.660499][T10333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 652.699773][T10288] team0: Port device team_slave_1 added [ 652.722594][ T5305] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 652.751676][T10333] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 652.763792][ T5305] usb 4-1: device descriptor read/8, error -71 [ 652.771261][T10333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 652.818881][T10333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 652.860067][T10288] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 652.879000][T10288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 652.942205][T10288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 653.005538][T10288] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 653.023908][T10288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 653.064444][ T5305] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 653.086867][T10288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 653.110938][ T5305] usb 4-1: device descriptor read/8, error -71 [ 653.229531][ T5305] usb usb4-port1: unable to enumerate USB device [ 653.242919][T10333] hsr_slave_0: entered promiscuous mode [ 653.259903][T10333] hsr_slave_1: entered promiscuous mode [ 653.269991][T10333] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 653.283622][T10333] Cannot create hsr debugfs directory [ 653.419160][T10288] hsr_slave_0: entered promiscuous mode [ 653.445799][T10288] hsr_slave_1: entered promiscuous mode [ 653.455971][T10288] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 653.468810][T10288] Cannot create hsr debugfs directory [ 654.423293][T10333] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 654.942306][T10333] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.554063][T10333] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 655.576387][T10477] syz.2.1123[10477] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 655.576601][T10477] syz.2.1123[10477] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 655.589865][T10477] syz.2.1123[10477] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 656.386456][T10333] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.561446][T10137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 656.634092][T10137] 8021q: adding VLAN 0 to HW filter on device team0 [ 656.715399][ T6291] bridge_slave_1: left allmulticast mode [ 656.715597][ T5305] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 656.721154][ T6291] bridge_slave_1: left promiscuous mode [ 656.764460][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state [ 656.808784][ T6291] bridge_slave_0: left allmulticast mode [ 656.825264][ T6291] bridge_slave_0: left promiscuous mode [ 656.832600][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state [ 656.944529][ T5305] usb 3-1: Using ep0 maxpacket: 8 [ 656.999945][ T5305] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 657.056313][ T5305] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 657.118202][ T5305] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 657.949289][ T5305] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 657.964574][ T5305] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.005020][ T5305] usb 3-1: Product: syz [ 658.013590][ T5305] usb 3-1: Manufacturer: syz [ 658.046605][ T5305] usb 3-1: SerialNumber: syz [ 658.276505][ T5301] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 658.324152][ T5305] usb 3-1: 0:2 : does not exist [ 658.373449][ T5305] usb 3-1: USB disconnect, device number 22 [ 658.469646][ T5301] usb 4-1: config 0 has no interfaces? [ 658.481892][ T5301] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=1c.92 [ 658.493470][ T5301] usb 4-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 658.505659][ T5301] usb 4-1: Product: syz [ 658.510188][ T5301] usb 4-1: Manufacturer: syz [ 658.523900][ T5301] usb 4-1: SerialNumber: syz [ 658.532236][ T5301] usb 4-1: config 0 descriptor?? [ 658.606950][ T6291] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 658.621619][ T6291] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 658.642673][ T6291] bond0 (unregistering): Released all slaves [ 658.680542][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 658.688482][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 658.730602][ T1106] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.737958][ T1106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 658.772821][ T5220] usb 4-1: USB disconnect, device number 22 [ 659.005816][T10333] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 659.096709][T10333] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 659.180341][T10333] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 659.303740][T10333] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 659.461573][ T6291] hsr_slave_0: left promiscuous mode [ 659.548526][ T6291] hsr_slave_1: left promiscuous mode [ 659.573562][ T6291] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 659.608416][ T6291] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 659.653811][ T6291] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 659.695926][ T6291] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 659.735122][ T6291] veth1_macvtap: left promiscuous mode [ 659.741636][ T6291] veth0_macvtap: left promiscuous mode [ 659.749324][ T6291] veth1_vlan: left promiscuous mode [ 659.756355][ T6291] veth0_vlan: left promiscuous mode [ 660.653200][T10538] syz.3.1132[10538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 660.653388][T10538] syz.3.1132[10538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 660.665951][T10538] syz.3.1132[10538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 662.044500][ T1175] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 662.204437][ T5272] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 662.234587][ T1175] usb 4-1: Using ep0 maxpacket: 8 [ 662.246493][ T1175] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 662.260308][ T1175] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 662.272814][ T1175] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 662.291591][ T1175] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 662.303880][ T1175] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.318990][ T6291] team0 (unregistering): Port device team_slave_1 removed [ 662.320111][ T1175] usb 4-1: Product: syz [ 662.331629][ T1175] usb 4-1: Manufacturer: syz [ 662.348960][ T1175] usb 4-1: SerialNumber: syz [ 662.365448][ T5272] usb 3-1: Using ep0 maxpacket: 16 [ 662.379006][ T5272] usb 3-1: config 137 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 662.392624][ T5272] usb 3-1: config 137 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 662.407769][ T5272] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 662.419578][ T5272] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 662.442332][ T6291] team0 (unregistering): Port device team_slave_0 removed [ 662.595994][ T1175] usb 4-1: 0:2 : does not exist [ 662.638107][ T1175] usb 4-1: USB disconnect, device number 23 [ 662.685101][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 663.080537][ T5272] usbhid 3-1:137.0: can't add hid device: -71 [ 663.092501][ T5272] usbhid 3-1:137.0: probe with driver usbhid failed with error -71 [ 663.111447][ T5272] usb 3-1: USB disconnect, device number 23 [ 663.843022][T10333] 8021q: adding VLAN 0 to HW filter on device bond0 [ 663.885292][T10137] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 663.947110][T10333] 8021q: adding VLAN 0 to HW filter on device team0 [ 664.081551][T10288] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 664.149365][ T1106] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.158213][ T1106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 664.535120][T10288] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 664.766605][T10288] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 664.858385][T10288] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 664.928305][ T6289] bridge0: port 2(bridge_slave_1) entered blocking state [ 664.935851][ T6289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 664.977056][T10137] veth0_vlan: entered promiscuous mode [ 664.991080][T10137] veth1_vlan: entered promiscuous mode [ 665.019203][T10137] veth0_macvtap: entered promiscuous mode [ 665.106327][T10137] veth1_macvtap: entered promiscuous mode [ 665.136266][T10585] syz.2.1141[10585] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 665.136384][T10585] syz.2.1141[10585] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 665.148618][T10585] syz.2.1141[10585] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 666.304885][T10137] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.514656][T10137] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.578831][T10137] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 666.750468][T10288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.841665][T10288] 8021q: adding VLAN 0 to HW filter on device team0 [ 666.920429][ T6314] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.927680][ T6314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 667.065254][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 667.075073][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 668.416326][ T4613] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 668.430618][ T4613] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 668.442299][ T4613] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 668.685660][ T4613] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 668.718954][ T4613] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 669.224227][ T4613] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 670.160563][T10333] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 670.231156][T10645] syz.3.1151[10645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 670.231256][T10645] syz.3.1151[10645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 670.245049][T10645] syz.3.1151[10645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 670.534870][ T1175] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 670.610903][T10288] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 670.790946][T10658] No such timeout policy "syz0" [ 671.555563][ T4613] Bluetooth: hci1: command tx timeout [ 671.614768][ T1175] usb 3-1: config 0 has no interfaces? [ 671.635240][ T1175] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=1c.92 [ 671.665321][ T1175] usb 3-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 671.689849][ T1175] usb 3-1: Product: syz [ 671.698475][ T1175] usb 3-1: Manufacturer: syz [ 671.703205][ T1175] usb 3-1: SerialNumber: syz [ 671.761180][ T1175] usb 3-1: config 0 descriptor?? [ 671.933134][T10333] veth0_vlan: entered promiscuous mode [ 671.970775][T10333] veth1_vlan: entered promiscuous mode [ 672.024881][ T5272] usb 3-1: USB disconnect, device number 24 [ 672.196848][ T1106] bridge_slave_1: left allmulticast mode [ 672.222866][ T1106] bridge_slave_1: left promiscuous mode [ 672.233510][ T1106] bridge0: port 2(bridge_slave_1) entered disabled state [ 672.259569][ T1106] bridge_slave_0: left allmulticast mode [ 672.266416][ T1106] bridge_slave_0: left promiscuous mode [ 672.281603][ T1106] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.584916][ T4613] Bluetooth: hci1: command tx timeout [ 674.845436][T10726] syz.2.1160[10726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 674.845546][T10726] syz.2.1160[10726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 674.858088][T10726] syz.2.1160[10726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 675.052357][ T1106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 675.128973][ T1106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 675.162195][ T1106] bond0 (unregistering): Released all slaves [ 675.359927][ T1106] hsr_slave_0: left promiscuous mode [ 675.384169][ T1106] hsr_slave_1: left promiscuous mode [ 675.423802][ T1106] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 675.455318][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 675.475843][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 675.613220][ T1106] veth1_macvtap: left promiscuous mode [ 675.619179][ T1106] veth0_macvtap: left promiscuous mode [ 675.635520][ T1106] veth1_vlan: left promiscuous mode [ 675.641121][ T1106] veth0_vlan: left promiscuous mode [ 675.667150][ T4613] Bluetooth: hci1: command tx timeout [ 677.449597][ T1106] team0 (unregistering): Port device team_slave_1 removed [ 677.521809][ T1106] team0 (unregistering): Port device team_slave_0 removed [ 677.774515][ T4613] Bluetooth: hci1: command tx timeout [ 678.390292][T10766] syz.3.1170[10766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 678.390401][T10766] syz.3.1170[10766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 678.402633][T10766] syz.3.1170[10766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 679.976653][ T5225] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 680.147286][T10333] veth0_macvtap: entered promiscuous mode [ 680.206263][ T5225] usb 3-1: Using ep0 maxpacket: 8 [ 680.355578][ T5225] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 680.533891][T10333] veth1_macvtap: entered promiscuous mode [ 680.568387][ T5225] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 680.597139][T10288] veth0_vlan: entered promiscuous mode [ 680.658442][T10628] chnl_net:caif_netlink_parms(): no params data found [ 680.665919][ T5225] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 680.725649][ T5225] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 680.749710][T10288] veth1_vlan: entered promiscuous mode [ 680.758598][ T5225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 680.782230][ T5225] usb 3-1: Product: syz [ 680.790845][T10333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 680.794324][ T5225] usb 3-1: Manufacturer: syz [ 680.830565][ T5225] usb 3-1: SerialNumber: syz [ 680.842678][T10333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.882353][T10333] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 680.895846][T10333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 680.907057][T10333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 680.919415][T10333] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 681.110013][T10333] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.139725][T10333] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.141883][ T5225] usb 3-1: 0:2 : does not exist [ 681.165205][ T5225] usb 3-1: USB disconnect, device number 25 [ 681.187126][T10333] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.197756][T10333] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 681.214685][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 681.839452][T10288] veth0_macvtap: entered promiscuous mode [ 681.937195][T10288] veth1_macvtap: entered promiscuous mode [ 682.042810][T10628] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.066405][T10628] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.073892][T10628] bridge_slave_0: entered allmulticast mode [ 682.090604][T10628] bridge_slave_0: entered promiscuous mode [ 682.131121][T10628] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.152348][T10628] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.179673][T10628] bridge_slave_1: entered allmulticast mode [ 682.201433][T10628] bridge_slave_1: entered promiscuous mode [ 682.278566][ T6289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 682.313796][ T6289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 682.350881][T10628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 682.373845][T10288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.411702][T10288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.441393][T10288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.464412][T10288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.476601][T10288] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 682.502920][T10628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.185167][ T6289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.245358][ T6289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.261161][T10628] team0: Port device team_slave_0 added [ 683.317098][T10628] team0: Port device team_slave_1 added [ 683.318081][T10820] syz.3.1179[10820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 683.323037][T10820] syz.3.1179[10820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 683.336393][T10820] syz.3.1179[10820] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 683.362370][T10288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.387056][T10288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.401661][T10288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 683.414995][T10288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 683.426842][T10288] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 683.574107][T10628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 683.592053][T10628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 683.726562][T10628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 684.727903][T10288] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.754615][T10288] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.763840][T10288] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.908698][T10288] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.931766][T10628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 684.982317][T10628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 685.016379][T10628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 685.228558][T10628] hsr_slave_0: entered promiscuous mode [ 685.276512][T10628] hsr_slave_1: entered promiscuous mode [ 685.435731][ T25] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 685.574164][ T6291] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.595690][ T6291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.614526][T10374] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 685.636238][ T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 685.670231][ T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=1c.92 [ 685.685255][ T25] usb 3-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 685.711220][ T25] usb 3-1: Product: syz [ 685.713597][ T6314] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 685.736169][ T25] usb 3-1: Manufacturer: syz [ 685.750023][ T6314] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 685.754403][ T25] usb 3-1: SerialNumber: syz [ 685.786115][ T25] usb 3-1: config 0 descriptor?? [ 685.795430][T10374] usb 2-1: Using ep0 maxpacket: 8 [ 685.807456][ T25] usbtest 3-1:0.0: couldn't get endpoints, -22 [ 685.813758][ T25] usbtest 3-1:0.0: probe with driver usbtest failed with error -22 [ 685.846368][T10374] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 685.864348][T10374] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 685.900021][T10374] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 685.914879][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.921508][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.949216][T10374] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 685.966658][T10374] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.975517][T10374] usb 2-1: Product: syz [ 685.979835][T10374] usb 2-1: Manufacturer: syz [ 685.985096][T10374] usb 2-1: SerialNumber: syz [ 686.016623][ T25] usb 3-1: USB disconnect, device number 26 [ 686.206810][T10374] usb 2-1: 0:2 : does not exist [ 686.254628][T10374] usb 2-1: USB disconnect, device number 16 [ 686.375507][ T5235] udevd[5235]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 688.067566][T10628] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 688.612973][T10628] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 688.877416][T10628] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 688.949044][T10628] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 690.034780][T10374] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 690.346424][T10374] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 690.405574][T10628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 690.428496][T10374] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=1c.92 [ 690.460538][T10374] usb 5-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 690.520393][T10374] usb 5-1: Product: syz [ 690.525508][T10628] 8021q: adding VLAN 0 to HW filter on device team0 [ 690.554797][T10374] usb 5-1: Manufacturer: syz [ 690.559517][T10374] usb 5-1: SerialNumber: syz [ 690.587017][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 690.594301][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 690.616037][T10374] usb 5-1: config 0 descriptor?? [ 690.641451][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 690.648791][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 690.666985][T10374] usbtest 5-1:0.0: couldn't get endpoints, -22 [ 690.712327][T10374] usbtest 5-1:0.0: probe with driver usbtest failed with error -22 [ 690.861440][ T5225] usb 5-1: USB disconnect, device number 22 [ 691.116081][ T5272] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 691.252017][T10628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.284596][ T5272] usb 4-1: Using ep0 maxpacket: 8 [ 691.294847][ T5272] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 691.862163][T10628] veth0_vlan: entered promiscuous mode [ 691.977352][ T5272] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 692.008911][ T5272] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 692.102527][ T5272] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 692.132815][T10628] veth1_vlan: entered promiscuous mode [ 692.159312][ T5272] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 692.780906][T10628] veth0_macvtap: entered promiscuous mode [ 692.873086][T10628] veth1_macvtap: entered promiscuous mode [ 692.935864][ T5272] usb 4-1: Product: syz [ 692.940349][ T5272] usb 4-1: Manufacturer: syz [ 692.948851][ T5272] usb 4-1: SerialNumber: syz [ 692.989649][T10628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 693.063697][T10628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.083580][T10628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 693.102550][T10628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.139374][T10628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 693.196439][ T4613] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 693.207061][ T4613] CPU: 0 UID: 0 PID: 4613 Comm: kworker/u9:1 Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 693.217994][ T4613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 693.228289][ T4613] Workqueue: hci5 hci_rx_work [ 693.233056][ T4613] Call Trace: [ 693.236491][ T4613] [ 693.239563][ T4613] dump_stack_lvl+0x241/0x360 [ 693.244314][ T4613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 693.249769][ T4613] ? __pfx__printk+0x10/0x10 [ 693.254397][ T4613] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 693.259912][ T4613] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 693.265430][T10628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.265497][ T4613] sysfs_create_dir_ns+0x2ce/0x3a0 [ 693.280596][ T4613] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 693.285475][T10628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 693.286293][ T4613] kobject_add_internal+0x435/0x8d0 [ 693.298771][ T4613] kobject_add+0x152/0x220 [ 693.303212][ T4613] ? do_raw_spin_unlock+0x13c/0x8b0 [ 693.308431][ T4613] ? device_add+0x3e7/0xbf0 [ 693.312958][ T4613] ? __pfx_kobject_add+0x10/0x10 [ 693.317938][ T4613] ? _raw_spin_unlock+0x28/0x50 [ 693.322873][ T4613] ? get_device_parent+0x165/0x410 [ 693.328043][ T4613] device_add+0x4e5/0xbf0 [ 693.332504][ T4613] hci_conn_add_sysfs+0xe8/0x200 [ 693.337518][ T4613] le_conn_complete_evt+0xc9f/0x12e0 [ 693.338738][T10628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 693.342865][ T4613] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 693.355486][T10628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.359171][ T4613] ? __mutex_unlock_slowpath+0x21d/0x750 [ 693.359213][ T4613] ? __copy_skb_header+0x437/0x5b0 [ 693.380558][ T4613] ? skb_pull_data+0x112/0x230 [ 693.381644][T10628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 693.385472][ T4613] hci_le_conn_complete_evt+0x18c/0x420 [ 693.385537][ T4613] hci_event_packet+0xa55/0x1540 [ 693.385575][ T4613] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 693.397025][T10628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.402102][ T4613] ? __pfx_hci_event_packet+0x10/0x10 [ 693.402153][ T4613] ? tlv_data_is_valid+0x240/0x420 [ 693.407920][T10628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 693.412571][ T4613] ? kcov_remote_start+0x97/0x7d0 [ 693.412621][ T4613] hci_rx_work+0x3fe/0xd80 [ 693.428361][T10628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 693.433244][ T4613] ? process_scheduled_works+0x976/0x1850 [ 693.446592][T10628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 693.448733][ T4613] process_scheduled_works+0xa63/0x1850 [ 693.448807][ T4613] ? __pfx_process_scheduled_works+0x10/0x10 [ 693.488518][T10628] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.488533][ T4613] ? assign_work+0x364/0x3d0 [ 693.488582][ T4613] worker_thread+0x870/0xd30 [ 693.497471][T10628] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.502153][ T4613] ? __kthread_parkme+0x169/0x1d0 [ 693.502209][ T4613] ? __pfx_worker_thread+0x10/0x10 [ 693.507847][T10628] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.515719][ T4613] kthread+0x2f0/0x390 [ 693.515761][ T4613] ? __pfx_worker_thread+0x10/0x10 [ 693.515794][ T4613] ? __pfx_kthread+0x10/0x10 [ 693.515820][ T4613] ret_from_fork+0x4b/0x80 [ 693.515854][ T4613] ? __pfx_kthread+0x10/0x10 [ 693.515876][ T4613] ret_from_fork_asm+0x1a/0x30 [ 693.515926][ T4613] [ 693.524144][ T5272] usb 4-1: 0:2 : does not exist [ 693.598342][T10628] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.787625][ T4613] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 693.809257][ T4613] Bluetooth: hci5: failed to register connection device [ 694.477303][ T4613] ================================================================== [ 694.485526][ T4613] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 694.494444][ T4613] Read of size 8 at addr ffff88814c0c0580 by task kworker/u9:1/4613 [ 694.502996][ T4613] [ 694.505673][ T4613] CPU: 1 UID: 0 PID: 4613 Comm: kworker/u9:1 Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 694.517169][ T4613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 694.529213][ T4613] Workqueue: hci5 hci_rx_work [ 694.535083][ T4613] Call Trace: [ 694.538495][ T4613] [ 694.541461][ T4613] dump_stack_lvl+0x241/0x360 [ 694.546535][ T4613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 694.551995][ T4613] ? __pfx__printk+0x10/0x10 [ 694.556599][ T4613] ? _printk+0xd5/0x120 [ 694.560763][ T4613] ? __virt_addr_valid+0x183/0x530 [ 694.565978][ T4613] ? __virt_addr_valid+0x183/0x530 [ 694.571215][ T4613] print_report+0x169/0x550 [ 694.575790][ T4613] ? __virt_addr_valid+0x183/0x530 [ 694.580951][ T4613] ? __virt_addr_valid+0x183/0x530 [ 694.586101][ T4613] ? __virt_addr_valid+0x45f/0x530 [ 694.591277][ T4613] ? __phys_addr+0xba/0x170 [ 694.595809][ T4613] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 694.601925][ T4613] kasan_report+0x143/0x180 [ 694.606483][ T4613] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 694.612589][ T4613] l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 694.618524][ T4613] l2cap_connect_cfm+0x377/0x1220 [ 694.623601][ T4613] ? hci_connect_cfm+0x24/0x150 [ 694.628543][ T4613] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 694.634109][ T4613] ? device_add+0x460/0xbf0 [ 694.638676][ T4613] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 694.644165][ T4613] hci_connect_cfm+0xa2/0x150 [ 694.648868][ T4613] le_conn_complete_evt+0xd3e/0x12e0 [ 694.654530][ T4613] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 694.660283][ T4613] ? __mutex_unlock_slowpath+0x21d/0x750 [ 694.666016][ T4613] ? __copy_skb_header+0x437/0x5b0 [ 694.671146][ T4613] ? skb_pull_data+0x112/0x230 [ 694.675948][ T4613] hci_le_conn_complete_evt+0x18c/0x420 [ 694.681519][ T4613] hci_event_packet+0xa55/0x1540 [ 694.686481][ T4613] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 694.691794][ T4613] ? __pfx_hci_event_packet+0x10/0x10 [ 694.697373][ T4613] ? tlv_data_is_valid+0x240/0x420 [ 694.703115][ T4613] ? kcov_remote_start+0x97/0x7d0 [ 694.708169][ T4613] hci_rx_work+0x3fe/0xd80 [ 694.712631][ T4613] ? process_scheduled_works+0x976/0x1850 [ 694.718465][ T4613] process_scheduled_works+0xa63/0x1850 [ 694.724044][ T4613] ? __pfx_process_scheduled_works+0x10/0x10 [ 694.730223][ T4613] ? assign_work+0x364/0x3d0 [ 694.734925][ T4613] worker_thread+0x870/0xd30 [ 694.739898][ T4613] ? __kthread_parkme+0x169/0x1d0 [ 694.744945][ T4613] ? __pfx_worker_thread+0x10/0x10 [ 694.750160][ T4613] kthread+0x2f0/0x390 [ 694.754316][ T4613] ? __pfx_worker_thread+0x10/0x10 [ 694.759448][ T4613] ? __pfx_kthread+0x10/0x10 [ 694.764155][ T4613] ret_from_fork+0x4b/0x80 [ 694.768645][ T4613] ? __pfx_kthread+0x10/0x10 [ 694.773332][ T4613] ret_from_fork_asm+0x1a/0x30 [ 694.778242][ T4613] [ 694.781374][ T4613] [ 694.783698][ T4613] Allocated by task 4613: [ 694.788048][ T4613] kasan_save_track+0x3f/0x80 [ 694.792748][ T4613] __kasan_kmalloc+0x98/0xb0 [ 694.797454][ T4613] __kmalloc_noprof+0x1fc/0x400 [ 694.802403][ T4613] sk_prot_alloc+0xe0/0x210 [ 694.806936][ T4613] sk_alloc+0x38/0x370 [ 694.811152][ T4613] bt_sock_alloc+0x3c/0x340 [ 694.815767][ T4613] l2cap_sock_new_connection_cb+0xe1/0x2b0 [ 694.821592][ T4613] l2cap_connect_cfm+0x377/0x1220 [ 694.826651][ T4613] hci_connect_cfm+0xa2/0x150 [ 694.831819][ T4613] le_conn_complete_evt+0xd3e/0x12e0 [ 694.838014][ T4613] hci_le_conn_complete_evt+0x18c/0x420 [ 694.843780][ T4613] hci_event_packet+0xa55/0x1540 [ 694.848755][ T4613] hci_rx_work+0x3fe/0xd80 [ 694.853283][ T4613] process_scheduled_works+0xa63/0x1850 [ 694.859049][ T4613] worker_thread+0x870/0xd30 [ 694.863796][ T4613] kthread+0x2f0/0x390 [ 694.868071][ T4613] ret_from_fork+0x4b/0x80 [ 694.872618][ T4613] ret_from_fork_asm+0x1a/0x30 [ 694.878207][ T4613] [ 694.881021][ T4613] Freed by task 10977: [ 694.886605][ T4613] kasan_save_track+0x3f/0x80 [ 694.892194][ T4613] kasan_save_free_info+0x40/0x50 [ 694.897343][ T4613] __kasan_slab_free+0x59/0x70 [ 694.902219][ T4613] kfree+0x1a0/0x440 [ 694.906266][ T4613] __sk_destruct+0x479/0x5f0 [ 694.911882][ T4613] l2cap_sock_cleanup_listen+0xdd/0x3c0 [ 694.917639][ T4613] l2cap_sock_release+0x5d/0x1d0 [ 694.923046][ T4613] sock_close+0xbc/0x240 [ 694.927695][ T4613] __fput+0x23f/0x880 [ 694.932162][ T4613] task_work_run+0x24f/0x310 [ 694.937300][ T4613] get_signal+0x15e8/0x1740 [ 694.942022][ T4613] arch_do_signal_or_restart+0x96/0x860 [ 694.947988][ T4613] syscall_exit_to_user_mode+0xc9/0x370 [ 694.953823][ T4613] do_syscall_64+0x100/0x230 [ 694.958603][ T4613] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.964795][ T4613] [ 694.967762][ T4613] The buggy address belongs to the object at ffff88814c0c0000 [ 694.967762][ T4613] which belongs to the cache kmalloc-2k of size 2048 [ 694.982717][ T4613] The buggy address is located 1408 bytes inside of [ 694.982717][ T4613] freed 2048-byte region [ffff88814c0c0000, ffff88814c0c0800) [ 694.997751][ T4613] [ 695.000170][ T4613] The buggy address belongs to the physical page: [ 695.007187][ T4613] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14c0c0 [ 695.016163][ T4613] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 695.025843][ T4613] anon flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 695.033927][ T4613] page_type: f5(slab) [ 695.037959][ T4613] raw: 057ff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 695.046847][ T4613] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 695.055945][ T4613] head: 057ff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 695.064932][ T4613] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 695.074193][ T4613] head: 057ff00000000003 ffffea0005303001 ffffffffffffffff 0000000000000000 [ 695.083154][ T4613] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 695.091866][ T4613] page dumped because: kasan: bad access detected [ 695.099431][ T4613] page_owner tracks the page as allocated [ 695.106461][ T4613] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17119186413, free_ts 0 [ 695.127769][ T4613] post_alloc_hook+0x1f3/0x230 [ 695.133888][ T4613] get_page_from_freelist+0x3039/0x3180 [ 695.139478][ T4613] __alloc_pages_noprof+0x292/0x710 [ 695.144802][ T4613] alloc_pages_mpol_noprof+0x3e8/0x680 [ 695.150295][ T4613] alloc_slab_page+0x6a/0x120 [ 695.155438][ T4613] allocate_slab+0x5a/0x2f0 [ 695.159954][ T4613] ___slab_alloc+0xcd1/0x14b0 [ 695.164734][ T4613] __slab_alloc+0x58/0xa0 [ 695.169091][ T4613] __kmalloc_node_track_caller_noprof+0x281/0x440 [ 695.175581][ T4613] kmalloc_reserve+0x111/0x2a0 [ 695.180444][ T4613] pskb_expand_head+0x1f0/0x1380 [ 695.185411][ T4613] netlink_trim+0x183/0x220 [ 695.189934][ T4613] netlink_broadcast_filtered+0x76/0x12a0 [ 695.195933][ T4613] nlmsg_notify+0xfb/0x1c0 [ 695.200500][ T4613] register_netdevice+0x1774/0x1b00 [ 695.206092][ T4613] register_netdev+0x3b/0x50 [ 695.210919][ T4613] page_owner free stack trace missing [ 695.216410][ T4613] [ 695.218803][ T4613] Memory state around the buggy address: [ 695.224556][ T4613] ffff88814c0c0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 695.232656][ T4613] ffff88814c0c0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 695.240920][ T4613] >ffff88814c0c0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 695.249022][ T4613] ^ [ 695.253188][ T4613] ffff88814c0c0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 695.261465][ T4613] ffff88814c0c0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 695.269734][ T4613] ================================================================== [ 695.365042][ T5272] usb 4-1: USB disconnect, device number 24 [ 695.371700][ T4613] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 695.379041][ T4613] CPU: 0 UID: 0 PID: 4613 Comm: kworker/u9:1 Not tainted 6.12.0-rc3-syzkaller-00013-geca631b8fe80 #0 [ 695.391519][ T4613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 695.402866][ T4613] Workqueue: hci5 hci_rx_work [ 695.407902][ T4613] Call Trace: [ 695.411447][ T4613] [ 695.415125][ T4613] dump_stack_lvl+0x241/0x360 [ 695.420222][ T4613] ? __pfx_dump_stack_lvl+0x10/0x10 [ 695.425823][ T4613] ? __pfx__printk+0x10/0x10 [ 695.430835][ T4613] ? preempt_schedule+0xe1/0xf0 [ 695.436009][ T4613] ? vscnprintf+0x5d/0x90 [ 695.441116][ T4613] panic+0x349/0x880 [ 695.445722][ T4613] ? check_panic_on_warn+0x21/0xb0 [ 695.450908][ T4613] ? __pfx_panic+0x10/0x10 [ 695.456061][ T4613] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 695.463086][ T4613] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 695.470551][ T4613] ? print_report+0x502/0x550 [ 695.475564][ T4613] check_panic_on_warn+0x86/0xb0 [ 695.480639][ T4613] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 695.487332][ T4613] end_report+0x77/0x160 [ 695.491599][ T4613] kasan_report+0x154/0x180 [ 695.496395][ T4613] ? l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 695.502696][ T4613] l2cap_sock_new_connection_cb+0x1f8/0x2b0 [ 695.510156][ T4613] l2cap_connect_cfm+0x377/0x1220 [ 695.515656][ T4613] ? hci_connect_cfm+0x24/0x150 [ 695.522281][ T4613] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 695.528511][ T4613] ? device_add+0x460/0xbf0 [ 695.536905][ T4613] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 695.542516][ T4613] hci_connect_cfm+0xa2/0x150 [ 695.547351][ T4613] le_conn_complete_evt+0xd3e/0x12e0 [ 695.553417][ T4613] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 695.559265][ T4613] ? __mutex_unlock_slowpath+0x21d/0x750 [ 695.566230][ T4613] ? __copy_skb_header+0x437/0x5b0 [ 695.572002][ T4613] ? skb_pull_data+0x112/0x230 [ 695.577084][ T4613] hci_le_conn_complete_evt+0x18c/0x420 [ 695.583173][ T4613] hci_event_packet+0xa55/0x1540 [ 695.589139][ T4613] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 695.595064][ T4613] ? __pfx_hci_event_packet+0x10/0x10 [ 695.602077][ T4613] ? tlv_data_is_valid+0x240/0x420 [ 695.607387][ T4613] ? kcov_remote_start+0x97/0x7d0 [ 695.612805][ T4613] hci_rx_work+0x3fe/0xd80 [ 695.617390][ T4613] ? process_scheduled_works+0x976/0x1850 [ 695.623386][ T4613] process_scheduled_works+0xa63/0x1850 [ 695.630478][ T4613] ? __pfx_process_scheduled_works+0x10/0x10 [ 695.637178][ T4613] ? assign_work+0x364/0x3d0 [ 695.642868][ T4613] worker_thread+0x870/0xd30 [ 695.648479][ T4613] ? __kthread_parkme+0x169/0x1d0 [ 695.654022][ T4613] ? __pfx_worker_thread+0x10/0x10 [ 695.659809][ T4613] kthread+0x2f0/0x390 [ 695.664033][ T4613] ? __pfx_worker_thread+0x10/0x10 [ 695.669394][ T4613] ? __pfx_kthread+0x10/0x10 [ 695.675161][ T4613] ret_from_fork+0x4b/0x80 [ 695.679709][ T4613] ? __pfx_kthread+0x10/0x10 [ 695.684429][ T4613] ret_from_fork_asm+0x1a/0x30 [ 695.689280][ T4613] [ 695.693318][ T4613] Kernel Offset: disabled [ 695.697764][ T4613] Rebooting in 86400 seconds..