last executing test programs: 1m43.016791975s ago: executing program 2 (id=3710): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000003c0)='V', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007c40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)='z', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240), 0xc) 1m24.456508502s ago: executing program 2 (id=3710): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000003c0)='V', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007c40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)='z', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240), 0xc) 1m13.015887648s ago: executing program 0 (id=5296): memfd_create(0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 1m5.150968073s ago: executing program 0 (id=5303): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r2, 0xffffffffffffffff, 0x2, 0x0, 0x4000}, 0x10) 1m5.150862799s ago: executing program 2 (id=3710): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000003c0)='V', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007c40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)='z', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240), 0xc) 1m4.375411903s ago: executing program 0 (id=5305): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000300)=0x2, 0x4) bind$xdp(r0, &(0x7f0000000200)={0x2c, 0x1, r2}, 0x10) 47.133585936s ago: executing program 2 (id=3710): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000003c0)='V', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007c40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)='z', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240), 0xc) 46.480289329s ago: executing program 0 (id=5305): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000300)=0x2, 0x4) bind$xdp(r0, &(0x7f0000000200)={0x2c, 0x1, r2}, 0x10) 29.341361202s ago: executing program 2 (id=3710): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000003c0)='V', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007c40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)='z', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240), 0xc) 27.445815263s ago: executing program 0 (id=5305): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000300)=0x2, 0x4) bind$xdp(r0, &(0x7f0000000200)={0x2c, 0x1, r2}, 0x10) 2.400021568s ago: executing program 1 (id=5640): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) pipe2(&(0x7f0000000000), 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setopts(0x4200, r0, 0x0, 0x300050) 2.350592515s ago: executing program 3 (id=5641): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r2, 0x104, 0x6, 0x0, &(0x7f0000000540)) 2.346859597s ago: executing program 4 (id=5642): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000f80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="0401020028000b05d25a806f8c6394f90324fc600d00020009000100ff3582c137153e370248", 0x26}], 0x1}, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000000c0)={0x26a, @tick=0xaa1414ac, 0x0, {}, 0x0, 0x0, 0x1}) 2.190169243s ago: executing program 3 (id=5643): r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x6, 0x0, 0x0, 0x0, &(0x7f0000001400)={0x0, 0x3938700}}) io_uring_enter(r0, 0x6b4d, 0x0, 0x0, 0x0, 0x0) r3 = eventfd2(0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000180)=r3, 0x1) io_uring_enter(r0, 0x0, 0x3, 0x7, 0x0, 0x0) 2.139659434s ago: executing program 4 (id=5644): r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='task\x00') fchdir(r1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r2) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40100, 0x0) 2.098127578s ago: executing program 1 (id=5645): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000080)=0x8) 2.012963302s ago: executing program 2 (id=3710): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000003c0)='V', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007c40)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000000c0)='z', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240), 0xc) 1.317831277s ago: executing program 0 (id=5305): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000005c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800}, 0x20) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000300)=0x2, 0x4) bind$xdp(r0, &(0x7f0000000200)={0x2c, 0x1, r2}, 0x10) 899.96521ms ago: executing program 3 (id=5646): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 898.649635ms ago: executing program 4 (id=5647): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f0000bf8000/0x1000)=nil, 0x1000, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/64, 0x40}], 0x1) 898.021258ms ago: executing program 1 (id=5648): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') mount$fuse(0x0, &(0x7f0000000180)='.\x00', 0x0, 0x970061, 0x0) 784.7997ms ago: executing program 1 (id=5649): openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x800, @fixed, 0x0, 0x2}, 0xe) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @none, 0x4}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none, 0x4, 0x2}, 0xe) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000100)) 621.073046ms ago: executing program 4 (id=5650): r0 = syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x1}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) r3 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000200)=@in6={0xa, 0x0, 0x0, @dev}}) io_uring_enter(r0, 0x4e67, 0xfee4, 0x0, 0x0, 0x0) shutdown(r3, 0x0) 555.224106ms ago: executing program 1 (id=5651): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x10) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r1, 0x5420, &(0x7f00000000c0)=0x3ff) sendfile(r0, r1, 0x0, 0x10ffff) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"}) 438.998364ms ago: executing program 3 (id=5652): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f00000000c0)={0x42}, 0x10) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}}, 0x0) 391.810764ms ago: executing program 4 (id=5653): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\'], 0x5c}}, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r1, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x400}, &(0x7f0000000080)=0x8) 270.674865ms ago: executing program 3 (id=5654): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) ppoll(0x0, 0x0, &(0x7f0000000680), 0x0, 0x0) 262.211642ms ago: executing program 4 (id=5655): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c831, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x9) 236.114905ms ago: executing program 1 (id=5656): r0 = syz_io_uring_setup(0x6908, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f0000000100)) r1 = io_uring_setup(0x7058, &(0x7f0000000040)={0x0, 0x2b99, 0x2, 0x0, 0x0, 0x0, r0}) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r3, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000a00, r2) 0s ago: executing program 3 (id=5657): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00') mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2) kernel console output (not intermixed with test programs): : auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25600 comm="syz.3.5068" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x0 [ 442.446753][ T5227] Bluetooth: hci2: command 0x0406 tx timeout [ 442.546745][ T46] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 442.621777][T24961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 442.694543][T24961] veth0_vlan: entered promiscuous mode [ 442.716035][T24961] veth1_vlan: entered promiscuous mode [ 442.759618][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.793957][T24961] veth0_macvtap: entered promiscuous mode [ 442.801755][ T46] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 442.843094][T24961] veth1_macvtap: entered promiscuous mode [ 442.850427][ T46] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 442.866882][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.884889][ T46] usb 1-1: config 0 descriptor?? [ 442.907656][T24961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.936784][T24961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 442.956476][T24961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 442.997052][T24961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.028138][T24961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 443.046820][T24961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.080862][T24961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 443.093436][T24961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.119576][T24961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.135145][T24961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.145743][T24961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.176821][T24961] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 443.192541][T24961] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 443.204035][T24961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 443.291909][T24961] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.308514][T24961] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.317404][T24961] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.326122][T24961] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.326810][ T46] plantronics 0003:047F:FFFF.002E: unknown main item tag 0x0 [ 443.354742][ T46] plantronics 0003:047F:FFFF.002E: No inputs registered, leaving [ 443.392173][ T46] plantronics 0003:047F:FFFF.002E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 443.641132][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.739330][ T5270] usb 1-1: USB disconnect, device number 49 [ 443.886766][T20482] Bluetooth: hci4: command tx timeout [ 443.900453][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.022514][T16747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.059325][T16747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 444.227972][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.448262][ T5227] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 444.472277][ T5227] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 444.483761][ T5227] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 444.485735][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.507129][ T5227] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 444.517387][ T5227] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 444.524848][ T5227] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 444.535640][T16712] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.543593][T16712] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 444.727643][T24121] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 444.967631][T24121] usb 2-1: Using ep0 maxpacket: 16 [ 444.974789][T24121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 444.994918][ T12] bridge_slave_1: left allmulticast mode [ 445.001213][T24121] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 445.004444][ T12] bridge_slave_1: left promiscuous mode [ 445.025225][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.026646][T24121] usb 2-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 445.043301][ T12] bridge_slave_0: left allmulticast mode [ 445.049152][ T12] bridge_slave_0: left promiscuous mode [ 445.055029][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.062867][T24121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.078349][T24121] usb 2-1: config 0 descriptor?? [ 445.428032][T20482] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 445.441426][T20482] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 445.451260][T20482] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 445.507079][T20482] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 445.523750][T20482] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 445.531344][T20482] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 445.550215][T24121] input: HID 28bd:0934 Mouse as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0934.002F/input/input64 [ 445.567788][T24121] uclogic 0003:28BD:0934.002F: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.1-1/input0 [ 445.774602][T24121] usb 2-1: USB disconnect, device number 47 [ 446.195847][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.210001][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.225821][ T12] bond0 (unregistering): Released all slaves [ 446.237948][ T12] bond1 (unregistering): Released all slaves [ 446.607358][T20482] Bluetooth: hci1: command tx timeout [ 446.610798][T25670] chnl_net:caif_netlink_parms(): no params data found [ 446.737837][T25881] input: syz1 as /devices/virtual/input/input65 [ 446.925134][ T12] hsr_slave_0: left promiscuous mode [ 446.931792][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 446.940406][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 446.949806][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 446.958652][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 446.988617][ T12] hsr_slave_1: left allmulticast mode [ 446.994053][ T12] hsr_slave_1: left promiscuous mode [ 447.000787][ T12] veth1_macvtap: left promiscuous mode [ 447.007125][ T12] veth0_macvtap: left promiscuous mode [ 447.012819][ T12] veth1_vlan: left promiscuous mode [ 447.018400][ T12] veth0_vlan: left promiscuous mode [ 447.572254][T20482] Bluetooth: hci3: command tx timeout [ 447.683436][ T12] team0 (unregistering): Port device team_slave_1 removed [ 447.755552][ T12] team0 (unregistering): Port device team_slave_0 removed [ 448.511271][T25670] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.523785][T25670] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.532424][T25670] bridge_slave_0: entered allmulticast mode [ 448.541721][T25670] bridge_slave_0: entered promiscuous mode [ 448.571036][T25670] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.580253][T25670] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.587585][T25670] bridge_slave_1: entered allmulticast mode [ 448.594463][T25670] bridge_slave_1: entered promiscuous mode [ 448.688717][T20482] Bluetooth: hci1: command tx timeout [ 448.753690][T25670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.787702][T25670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.850071][T25670] team0: Port device team_slave_0 added [ 448.864861][T25736] chnl_net:caif_netlink_parms(): no params data found [ 448.882588][T25670] team0: Port device team_slave_1 added [ 448.966034][T25670] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 448.987663][T25670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.021169][T25670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.047695][T25670] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.054686][T25670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.081234][T25670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.244903][T25736] bridge0: port 1(bridge_slave_0) entered blocking state [ 449.267223][T25736] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.287784][T25736] bridge_slave_0: entered allmulticast mode [ 449.296106][T25736] bridge_slave_0: entered promiscuous mode [ 449.314167][T25736] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.329264][T25736] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.346765][T25736] bridge_slave_1: entered allmulticast mode [ 449.362293][T25736] bridge_slave_1: entered promiscuous mode [ 449.405801][T26175] netlink: 'syz.1.5099': attribute type 4 has an invalid length. [ 449.441076][T26175] netlink: 17 bytes leftover after parsing attributes in process `syz.1.5099'. [ 449.554413][ T5227] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 449.570623][ T5227] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 449.589101][ T5227] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 449.611565][ T5227] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 449.622970][ T5227] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 449.631321][ T5227] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 449.646757][ T5227] Bluetooth: hci3: command tx timeout [ 449.827010][T25736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 449.853670][T25670] hsr_slave_0: entered promiscuous mode [ 449.868107][T25670] hsr_slave_1: entered promiscuous mode [ 449.941871][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.971316][T25736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 450.141573][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.155067][ T5269] kernel read not supported for file /video37 (pid: 5269 comm: kworker/0:4) [ 450.205202][T25736] team0: Port device team_slave_0 added [ 450.227375][T26279] veth1_macvtap: left promiscuous mode [ 450.363199][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.391825][T25736] team0: Port device team_slave_1 added [ 450.478446][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.509768][T25736] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 450.517240][T25736] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.543128][ C1] vkms_vblank_simulate: vblank timer overrun [ 450.552059][T25736] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 450.641349][T25736] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 450.653741][T25736] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 450.706457][T25736] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 450.766661][ T5229] Bluetooth: hci1: command tx timeout [ 450.970156][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.073644][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.133103][T25736] hsr_slave_0: entered promiscuous mode [ 451.151462][T25736] hsr_slave_1: entered promiscuous mode [ 451.163202][T25736] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 451.174064][T25736] Cannot create hsr debugfs directory [ 451.231835][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.351406][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.486704][T22048] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 451.545023][T26190] chnl_net:caif_netlink_parms(): no params data found [ 451.678483][T22048] usb 2-1: config 0 has an invalid interface number: 65 but max is 0 [ 451.687288][T22048] usb 2-1: config 0 has no interface number 0 [ 451.697525][T22048] usb 2-1: New USB device found, idVendor=050d, idProduct=0128, bcdDevice=bc.ae [ 451.706813][T22048] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.714826][T22048] usb 2-1: Product: syz [ 451.719284][T22048] usb 2-1: Manufacturer: syz [ 451.723890][T22048] usb 2-1: SerialNumber: syz [ 451.726707][ T5229] Bluetooth: hci3: command tx timeout [ 451.729549][T20482] Bluetooth: hci4: command tx timeout [ 451.753908][T22048] usb 2-1: config 0 descriptor?? [ 451.761417][T22048] ax88179_178a 2-1:0.65: probe with driver ax88179_178a failed with error -22 [ 451.882798][T26190] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.886129][T26683] netlink: 'syz.3.5125': attribute type 1 has an invalid length. [ 451.890955][T26190] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.907735][T26190] bridge_slave_0: entered allmulticast mode [ 451.915062][T26190] bridge_slave_0: entered promiscuous mode [ 451.928545][ T12] bridge_slave_1: left allmulticast mode [ 451.934224][ T12] bridge_slave_1: left promiscuous mode [ 451.941101][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.951190][ T12] bridge_slave_0: left allmulticast mode [ 451.957763][ T12] bridge_slave_0: left promiscuous mode [ 451.963662][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.983205][ T12] bridge_slave_1: left allmulticast mode [ 451.989229][ T12] bridge_slave_1: left promiscuous mode [ 451.994986][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.014447][ T12] bridge_slave_0: left allmulticast mode [ 452.020613][ T12] bridge_slave_0: left promiscuous mode [ 452.027087][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.535987][ T5269] usb 2-1: USB disconnect, device number 48 [ 452.854606][T20482] Bluetooth: hci1: command tx timeout [ 453.160107][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 453.173148][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 453.189568][ T12] bond0 (unregistering): Released all slaves [ 453.373747][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 453.383289][ T12] bond_slave_0: left promiscuous mode [ 453.392515][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 453.402960][ T12] bond_slave_1: left promiscuous mode [ 453.411372][ T12] bond0 (unregistering): Released all slaves [ 453.427241][T26190] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.434355][T26190] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.447311][T26190] bridge_slave_1: entered allmulticast mode [ 453.454239][T26190] bridge_slave_1: entered promiscuous mode [ 453.465105][T26713] netlink: 'syz.1.5133': attribute type 10 has an invalid length. [ 453.473325][T26713] geneve0: entered promiscuous mode [ 453.495155][T26713] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.522431][T26713] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.531448][T26713] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.540800][T26713] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.568790][T26713] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 453.601216][T26717] macsec0: entered allmulticast mode [ 453.621567][T26717] macvlan0: entered allmulticast mode [ 453.636994][T26717] veth1_vlan: entered allmulticast mode [ 453.818763][T20482] Bluetooth: hci3: command tx timeout [ 453.826803][T20482] Bluetooth: hci4: command tx timeout [ 453.911113][T26190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.963428][T26190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.037282][T25670] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 454.125926][T25670] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 454.175813][T26190] team0: Port device team_slave_0 added [ 454.193776][T25670] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 454.232989][T26190] team0: Port device team_slave_1 added [ 454.279691][T25670] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 454.307406][T26190] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.315148][T26190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.341816][T26190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.394954][T26190] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.403257][T26190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.432709][T26190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 454.472735][ T12] hsr_slave_0: left promiscuous mode [ 454.479351][ T12] hsr_slave_1: left promiscuous mode [ 454.485544][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 454.497430][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.511243][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 454.519699][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 454.537482][ T12] hsr_slave_0: left promiscuous mode [ 454.543748][ T12] hsr_slave_1: left promiscuous mode [ 454.551470][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 454.559289][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.575568][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 454.584439][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 454.641254][ T12] veth1_macvtap: left promiscuous mode [ 454.654128][ T12] veth0_macvtap: left promiscuous mode [ 454.660951][ T12] veth1_vlan: left promiscuous mode [ 454.666780][ T12] veth0_vlan: left promiscuous mode [ 454.681296][ T12] veth1_macvtap: left promiscuous mode [ 454.691970][ T12] veth0_macvtap: left promiscuous mode [ 454.697884][ T12] veth1_vlan: left promiscuous mode [ 454.705270][ T12] veth0_vlan: left promiscuous mode [ 454.978066][T26859] syz.1.5148[26859] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 454.978328][T26859] syz.1.5148[26859] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 455.445212][ T46] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 455.655110][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.675427][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.675918][ T12] team0 (unregistering): Port device team_slave_1 removed [ 455.685582][ T46] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 455.685613][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.694733][ T46] usb 2-1: config 0 descriptor?? [ 455.775325][ T12] team0 (unregistering): Port device team_slave_0 removed [ 455.889189][T20482] Bluetooth: hci4: command tx timeout [ 456.579918][ T46] hid-led 0003:27B8:01ED.0030: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.1-1/input0 [ 456.599713][ T46] hid-led 0003:27B8:01ED.0030: ThingM blink(1) v1 initialized [ 456.854810][ T46] usb 2-1: USB disconnect, device number 49 [ 457.100820][ T12] team0 (unregistering): Port device team_slave_1 removed [ 457.163997][ T12] team0 (unregistering): Port device team_slave_0 removed [ 457.734965][ T46] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 457.892189][T26849] team0: entered promiscuous mode [ 457.898802][T26849] team_slave_0: entered promiscuous mode [ 457.904754][T26849] geneve0: entered promiscuous mode [ 457.921971][ T46] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 457.936736][T26854] team0: left promiscuous mode [ 457.941123][ T46] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 457.941532][T26854] team_slave_0: left promiscuous mode [ 457.953863][ T46] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 457.976749][T20482] Bluetooth: hci4: command tx timeout [ 457.977096][T26854] geneve0: left promiscuous mode [ 458.006083][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 458.029997][ T46] usb 2-1: SerialNumber: syz [ 458.136001][T26190] hsr_slave_0: entered promiscuous mode [ 458.153039][T26190] hsr_slave_1: entered promiscuous mode [ 458.162961][T26190] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 458.171038][T26190] Cannot create hsr debugfs directory [ 458.269773][ T46] usb 2-1: 0:2 : does not exist [ 458.278821][ T46] usb 2-1: unit 118 not found! [ 458.347126][ T46] usb 2-1: USB disconnect, device number 50 [ 458.518925][T25736] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 458.530918][T25736] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 458.587347][T25736] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 458.619739][T25736] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 458.674137][T25670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 458.783041][T25670] 8021q: adding VLAN 0 to HW filter on device team0 [ 458.825334][T16726] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.832534][T16726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.873852][T27031] input: syz1 as /devices/virtual/input/input66 [ 458.890375][T16726] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.897601][T16726] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.163266][T25736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.219905][T25736] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.357809][T26190] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 459.373766][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.380963][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.394413][T26190] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 459.418646][T26190] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 459.432834][T16712] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.440059][T16712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.459176][T26190] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 459.561506][T25670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.865876][T26190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.941063][T26190] 8021q: adding VLAN 0 to HW filter on device team0 [ 460.014469][T16747] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.021717][T16747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.031446][ T29] audit: type=1326 audit(1725403661.596:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27100 comm="syz.3.5167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 460.074388][T16747] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.081634][T16747] bridge0: port 2(bridge_slave_1) entered forwarding state [ 460.112685][ T29] audit: type=1326 audit(1725403661.626:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27100 comm="syz.3.5167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 460.152106][ T29] audit: type=1326 audit(1725403661.626:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27100 comm="syz.3.5167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 460.174184][ T29] audit: type=1326 audit(1725403661.626:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27100 comm="syz.3.5167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 460.210098][T25736] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.291531][T25670] veth0_vlan: entered promiscuous mode [ 460.365948][T25670] veth1_vlan: entered promiscuous mode [ 460.458309][T25736] veth0_vlan: entered promiscuous mode [ 460.515528][T25736] veth1_vlan: entered promiscuous mode [ 460.535185][T25670] veth0_macvtap: entered promiscuous mode [ 460.583815][T25670] veth1_macvtap: entered promiscuous mode [ 460.622197][T25670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.645926][T25670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.658901][T25670] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.694344][T25670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 460.716633][T25670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.737363][T25670] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 460.789625][T25670] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.799993][T25670] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.810179][T25670] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.819089][T25670] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 460.850113][T25736] veth0_macvtap: entered promiscuous mode [ 460.864521][T26190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 460.891443][T25736] veth1_macvtap: entered promiscuous mode [ 460.972940][T25736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 460.983778][T25736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 460.994142][T25736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 461.004819][T25736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 461.018930][T25736] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.093175][T25736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 461.112497][T25736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 461.124784][T25736] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 461.135532][T25736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 461.153672][T25736] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.203774][T25736] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.218357][T25736] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.228860][T25736] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.243357][T25736] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.276098][T16726] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.298828][T16726] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.403799][T26190] veth0_vlan: entered promiscuous mode [ 461.428811][T16747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.445864][T26190] veth1_vlan: entered promiscuous mode [ 461.455763][T16747] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.635893][T26190] veth0_macvtap: entered promiscuous mode [ 461.703434][T26190] veth1_macvtap: entered promiscuous mode [ 461.722836][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.750667][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.810890][T26190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 461.841890][T26190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 461.866471][T26190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 461.884579][T26190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 461.896223][T26190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 461.906904][T26190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 461.931835][T26190] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.956738][T16712] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.977366][T16712] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.979757][T26190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.000253][T26190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.010275][ T5270] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 462.019821][T26190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.031473][T26190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.041377][T26190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 462.053461][T26190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 462.067179][T26190] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 462.114531][T26190] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.138390][T26190] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.148454][T26190] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.157237][T26190] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.213517][ T5270] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.246844][ T5270] usb 4-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 462.255936][ T5270] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.275015][ T5270] usb 4-1: config 0 descriptor?? [ 462.407029][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.440507][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.524745][T16712] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.546313][T16712] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.767131][ T5270] hid-steam 0003:28DE:1205.0031: : USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.3-1/input0 [ 462.848254][ T5270] hid-steam 0003:28DE:1205.0031: Steam Controller 'XXXXXXXXXX' connected [ 462.867970][T24145] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 462.884451][ T5270] input: Steam Deck as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1205.0031/input/input67 [ 462.904057][ T5270] input: Steam Deck Motion Sensors as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28DE:1205.0031/input/input68 [ 462.923379][T27170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.941825][ T5270] hid-steam 0003:28DE:1205.0032: hidraw0: USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.3-1/input0 [ 462.969341][T27170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 463.049346][ T46] usb 4-1: USB disconnect, device number 46 [ 463.066888][T24121] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 463.066926][T24145] usb 1-1: Using ep0 maxpacket: 16 [ 463.101796][ T46] hid-steam 0003:28DE:1205.0031: Steam Controller 'XXXXXXXXXX' disconnected [ 463.119753][T24145] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 463.131636][T24145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.143515][T24145] usb 1-1: Product: syz [ 463.150727][T24145] usb 1-1: Manufacturer: syz [ 463.155356][T24145] usb 1-1: SerialNumber: syz [ 463.168052][T24145] usb 1-1: config 0 descriptor?? [ 463.175491][T24145] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 463.188064][T24145] usb 1-1: Detected FT232H [ 463.247026][T24121] usb 2-1: Using ep0 maxpacket: 8 [ 463.262013][T24121] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 463.269632][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 463.281345][T24121] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 463.293177][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 463.305126][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 463.334382][T24121] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 463.342462][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 463.354055][T24121] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 463.366164][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 463.385383][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 463.405502][T24145] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 463.406682][T24121] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 463.438335][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 463.456434][T24121] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 463.468555][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 463.479711][T24121] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 463.495470][T24121] usb 2-1: string descriptor 0 read error: -22 [ 463.502063][T24121] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 463.511384][T24121] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.529098][T24121] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 463.617010][T24145] ftdi_sio 1-1:0.0: GPIO initialisation failed: -5 [ 463.639965][T24145] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 463.705971][T27288] netlink: 'syz.3.5200': attribute type 29 has an invalid length. [ 463.724569][T27288] netlink: 'syz.3.5200': attribute type 29 has an invalid length. [ 463.805268][T24121] usb 2-1: USB disconnect, device number 51 [ 463.829735][T27294] netlink: 'syz.3.5202': attribute type 10 has an invalid length. [ 463.858296][T27294] geneve0: entered promiscuous mode [ 463.892307][T27294] team0: Port device geneve0 removed [ 463.900192][ T5269] usb 1-1: USB disconnect, device number 50 [ 463.911511][ T5269] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 463.926226][T27294] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 463.948684][ T5269] ftdi_sio 1-1:0.0: device disconnected [ 464.062471][T27320] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 464.444689][T16747] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.443833][T16747] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.659314][T16747] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.959911][T16747] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.207514][ T29] audit: type=1326 audit(1725403667.766:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.316707][T16747] bridge_slave_1: left allmulticast mode [ 466.322395][T16747] bridge_slave_1: left promiscuous mode [ 466.335223][ T29] audit: type=1326 audit(1725403667.766:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.339610][T16747] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.426971][ T29] audit: type=1326 audit(1725403667.816:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.461643][ T29] audit: type=1326 audit(1725403667.816:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.489147][T16747] bridge_slave_0: left allmulticast mode [ 466.512101][ T29] audit: type=1326 audit(1725403667.816:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.540705][T16747] bridge_slave_0: left promiscuous mode [ 466.562188][T16747] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.574618][ T29] audit: type=1326 audit(1725403667.826:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.656697][ T29] audit: type=1326 audit(1725403667.826:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.702681][ T29] audit: type=1326 audit(1725403667.826:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.745926][ T29] audit: type=1326 audit(1725403667.826:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 466.812359][ T29] audit: type=1326 audit(1725403667.826:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27327 comm="syz.4.5209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 467.305041][T16747] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 467.320886][T16747] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 467.332911][T16747] bond0 (unregistering): Released all slaves [ 467.659002][T16747] hsr_slave_0: left promiscuous mode [ 467.664848][T16747] hsr_slave_1: left promiscuous mode [ 467.670773][T16747] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 467.678249][T16747] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 467.685984][T16747] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 467.695320][T16747] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 467.719637][T16747] veth1_macvtap: left promiscuous mode [ 467.726111][T16747] veth0_macvtap: left promiscuous mode [ 467.732433][T16747] veth1_vlan: left promiscuous mode [ 467.737870][T16747] veth0_vlan: left promiscuous mode [ 468.284274][T27376] netlink: 144 bytes leftover after parsing attributes in process `syz.1.5217'. [ 468.455167][ T5229] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 468.471756][ T5229] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 468.495354][ T5229] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 468.504342][ T5229] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 468.514598][ T5229] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 468.522369][ T5229] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 468.874058][T16747] team0 (unregistering): Port device team_slave_1 removed [ 468.986273][T16747] team0 (unregistering): Port device team_slave_0 removed [ 469.994257][T27365] netlink: 'syz.4.5215': attribute type 10 has an invalid length. [ 470.003468][T27365] geneve0: entered promiscuous mode [ 470.025340][T27365] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 470.523320][T27513] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 470.592471][T27378] chnl_net:caif_netlink_parms(): no params data found [ 470.628275][T20482] Bluetooth: hci4: command tx timeout [ 470.816848][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:2. Sending cookies. [ 470.948593][T27378] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.956790][T27378] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.964060][T27378] bridge_slave_0: entered allmulticast mode [ 470.972782][T27378] bridge_slave_0: entered promiscuous mode [ 470.981465][T27378] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.989879][T27378] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.998296][T27378] bridge_slave_1: entered allmulticast mode [ 471.005655][T27378] bridge_slave_1: entered promiscuous mode [ 471.104131][T27378] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 471.116847][T24145] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 471.145776][T27378] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 471.289029][T27378] team0: Port device team_slave_0 added [ 471.311997][T24145] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 471.344429][T24145] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 471.346740][T27378] team0: Port device team_slave_1 added [ 471.379118][T24145] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 471.427370][T24145] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.447670][T24145] usb 4-1: Product: syz [ 471.451883][T24145] usb 4-1: Manufacturer: syz [ 471.460425][T24145] usb 4-1: SerialNumber: syz [ 471.467339][T27378] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 471.504850][T27378] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.566771][T27378] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 471.588854][T27378] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 471.595831][T27378] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.655040][T27378] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 471.746866][T27562] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 471.848022][T27378] hsr_slave_0: entered promiscuous mode [ 471.871440][T27378] hsr_slave_1: entered promiscuous mode [ 471.902379][T27378] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 471.919810][T27378] Cannot create hsr debugfs directory [ 472.382371][T27562] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 472.614138][T24145] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 472.622129][T24145] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 472.636839][T24145] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 472.686748][T20482] Bluetooth: hci4: command tx timeout [ 472.726573][ T46] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 472.865647][T24145] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 472.908142][T24145] usb 4-1: USB disconnect, device number 47 [ 472.925009][ T46] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 472.926446][T27378] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 472.954448][T24145] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 472.969949][ T46] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 472.980720][T27378] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 472.991512][ T46] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 473.004195][T27378] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 473.016511][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 473.035041][ T46] usb 5-1: SerialNumber: syz [ 473.059785][T27378] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 473.241551][T27378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 473.272474][ T46] usb 5-1: 0:2 : does not exist [ 473.286090][T27378] 8021q: adding VLAN 0 to HW filter on device team0 [ 473.312922][T16726] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.320188][T16726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 473.322697][ T46] usb 5-1: USB disconnect, device number 43 [ 473.344427][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.351704][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.264871][T27378] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 474.471343][T27378] veth0_vlan: entered promiscuous mode [ 474.503339][T27378] veth1_vlan: entered promiscuous mode [ 474.774703][T20482] Bluetooth: hci4: command tx timeout [ 474.944572][T27378] veth0_macvtap: entered promiscuous mode [ 474.969962][T27378] veth1_macvtap: entered promiscuous mode [ 475.058256][T27378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 475.078217][T27378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.087345][T27803] syz.0.5254 (27803): drop_caches: 2 [ 475.100201][T27378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 475.126674][T27378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.136628][T27378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 475.156446][T27378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.184648][T27378] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 475.210031][T27378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 475.250453][T27378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.272470][T27378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 475.289165][T27809] syz.0.5254 (27809): drop_caches: 2 [ 475.296209][T27378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.316582][T27378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 475.335482][T27378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 475.348843][T27378] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 475.388698][T27917] geneve2: entered promiscuous mode [ 475.401682][T27917] geneve2: entered allmulticast mode [ 475.425122][T27378] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.434996][T27378] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.443773][T27378] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.452991][T27378] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.570057][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.583073][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.629142][T16712] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.642848][T16712] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.666592][ T46] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 475.676945][T24142] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 475.830294][T24144] kernel write not supported for file /input/mice (pid: 24144 comm: kworker/1:15) [ 475.846979][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 475.863146][ T46] usb 1-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=c4.6d [ 475.872366][T24142] usb 4-1: Using ep0 maxpacket: 8 [ 475.887023][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.900748][T24142] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 475.917884][ T46] usb 1-1: Product: syz [ 475.922187][ T46] usb 1-1: Manufacturer: syz [ 475.927493][T24142] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.938964][ T46] usb 1-1: SerialNumber: syz [ 475.945001][T24142] usb 4-1: Product: syz [ 475.953471][ T46] usb 1-1: config 0 descriptor?? [ 475.959030][T24142] usb 4-1: Manufacturer: syz [ 475.976730][T24142] usb 4-1: SerialNumber: syz [ 475.984145][ T46] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 475.993183][T24142] usb 4-1: config 0 descriptor?? [ 476.244384][T24142] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 476.655537][T24142] usb write operation failed. (-71) [ 476.678572][T24142] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 476.707897][T24142] dvbdev: DVB: registering new adapter (Terratec H7) [ 476.714710][T24142] usb 4-1: media controller created [ 476.720913][T24142] usb read operation failed. (-71) [ 476.727348][T24142] usb write operation failed. (-71) [ 476.739349][T24142] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 476.754020][T24142] usb 4-1: USB disconnect, device number 48 [ 476.856202][T28017] batadv_slave_1: entered promiscuous mode [ 476.866100][T28016] batadv_slave_1: left promiscuous mode [ 476.904758][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 476.904776][ T29] audit: type=1326 audit(1725403678.466:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 476.950735][ T29] audit: type=1326 audit(1725403678.466:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 476.993851][ T29] audit: type=1326 audit(1725403678.486:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.016913][ T29] audit: type=1326 audit(1725403678.486:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.039369][ T29] audit: type=1326 audit(1725403678.486:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.071603][T24142] usb 1-1: USB disconnect, device number 51 [ 477.102913][ T29] audit: type=1326 audit(1725403678.486:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.134901][ T29] audit: type=1326 audit(1725403678.486:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.168344][ T29] audit: type=1326 audit(1725403678.486:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.190608][ T29] audit: type=1326 audit(1725403678.486:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.214653][ T29] audit: type=1326 audit(1725403678.496:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28018 comm="syz.4.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 477.322557][T28038] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5289'. [ 477.343944][T28041] input: syz0 as /devices/virtual/input/input69 [ 477.949625][T28082] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 478.655352][ T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.762731][ T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.148792][ T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.830788][ T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.690177][ T52] bridge_slave_1: left allmulticast mode [ 481.695874][ T52] bridge_slave_1: left promiscuous mode [ 481.756683][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.812992][ T52] bridge_slave_0: left allmulticast mode [ 481.833199][ T52] bridge_slave_0: left promiscuous mode [ 481.866843][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.664232][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 485.716295][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 485.737805][ T52] bond0 (unregistering): Released all slaves [ 486.107215][ T52] hsr_slave_0: left promiscuous mode [ 486.113793][ T52] hsr_slave_1: left promiscuous mode [ 486.122022][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 486.130654][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 486.138767][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 486.146191][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 486.175712][ T52] veth1_macvtap: left promiscuous mode [ 486.181432][ T52] veth0_macvtap: left promiscuous mode [ 486.187408][ T52] veth1_vlan: left promiscuous mode [ 486.192757][ T52] veth0_vlan: left promiscuous mode [ 486.564510][T28143] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 486.649649][T24142] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 486.848283][T24142] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 486.895055][T24142] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 486.900028][ T5227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 486.908545][T24142] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 486.915324][ T9] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 486.926617][T24142] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 486.940403][ T5227] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 486.964063][ T5227] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 486.974037][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 486.993839][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 487.001429][T24142] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 487.001535][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 487.022265][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 487.029401][T24142] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.030617][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 487.044972][ T5227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 487.049294][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 487.077135][ T5229] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 487.085704][ T5229] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 487.086513][T24142] usb 5-1: config 0 descriptor?? [ 487.145313][T28138] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 487.328632][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 487.344832][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 487.366836][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 487.376120][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.387952][ T9] usb 2-1: config 0 descriptor?? [ 487.400926][ T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input70 [ 487.585789][T24142] plantronics 0003:047F:FFFF.0033: unknown main item tag 0xd [ 487.617264][T24142] plantronics 0003:047F:FFFF.0033: No inputs registered, leaving [ 487.632408][ T4660] bcm5974 2-1:0.0: could not read from device [ 487.657819][T24142] plantronics 0003:047F:FFFF.0033: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 487.664321][ T9] bcm5974 2-1:0.0: could not read from device [ 487.705231][ T4660] bcm5974 2-1:0.0: could not read from device [ 487.714161][ T9] input: failed to attach handler mousedev to device input70, error: -5 [ 487.743948][ T4660] bcm5974 2-1:0.0: could not read from device [ 487.757071][ T9] usb 2-1: USB disconnect, device number 52 [ 487.767433][ T4660] bcm5974 2-1:0.0: could not read from device [ 487.833342][ T52] team0 (unregistering): Port device team_slave_1 removed [ 487.937869][T28138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.958900][T28138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.976493][ T52] team0 (unregistering): Port device team_slave_0 removed [ 488.121313][T24142] usb 5-1: USB disconnect, device number 44 [ 489.055958][T28227] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 489.169963][ T5229] Bluetooth: hci3: command tx timeout [ 489.176120][T20482] Bluetooth: hci4: command tx timeout [ 489.885764][T28153] chnl_net:caif_netlink_parms(): no params data found [ 490.274882][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.379871][T28154] chnl_net:caif_netlink_parms(): no params data found [ 490.518168][T28153] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.528586][T28153] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.548992][T28153] bridge_slave_0: entered allmulticast mode [ 490.566313][T28153] bridge_slave_0: entered promiscuous mode [ 490.635718][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.679615][T28153] bridge0: port 2(bridge_slave_1) entered blocking state [ 490.687586][T28153] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.694977][T28153] bridge_slave_1: entered allmulticast mode [ 490.703036][T28153] bridge_slave_1: entered promiscuous mode [ 490.831755][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.079924][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.124479][T28568] loop8: detected capacity change from 0 to 6 [ 491.148122][T28153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 491.164942][T28568] Dev loop8: unable to read RDB block 6 [ 491.170968][T28568] loop8: unable to read partition table [ 491.180655][T28153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 491.195547][T28568] loop8: partition table beyond EOD, truncated [ 491.245703][T28568] loop_reread_partitions: partition scan of loop8 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 491.245703][T28568] ) failed (rc=-5) [ 491.267753][T20482] Bluetooth: hci4: command tx timeout [ 491.267765][ T5229] Bluetooth: hci3: command tx timeout [ 491.412103][T28154] bridge0: port 1(bridge_slave_0) entered blocking state [ 491.426659][T28154] bridge0: port 1(bridge_slave_0) entered disabled state [ 491.433898][T28154] bridge_slave_0: entered allmulticast mode [ 491.458476][T28154] bridge_slave_0: entered promiscuous mode [ 491.470711][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 491.470730][ T29] audit: type=1326 audit(1725403693.036:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28627 comm="syz.1.5337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 491.483166][T28154] bridge0: port 2(bridge_slave_1) entered blocking state [ 491.516643][T28154] bridge0: port 2(bridge_slave_1) entered disabled state [ 491.524004][T28154] bridge_slave_1: entered allmulticast mode [ 491.532294][T28154] bridge_slave_1: entered promiscuous mode [ 491.536531][ T29] audit: type=1326 audit(1725403693.036:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28627 comm="syz.1.5337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 491.581157][T28153] team0: Port device team_slave_0 added [ 491.588268][ T29] audit: type=1326 audit(1725403693.036:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28627 comm="syz.1.5337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 491.617357][T28153] team0: Port device team_slave_1 added [ 491.814893][T28154] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 491.844318][T28153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 491.853681][T28153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 491.880254][T28153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 491.898688][T28153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 491.905837][T28153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 491.933232][T28153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 491.949059][T28154] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 492.022027][ T52] bridge_slave_1: left allmulticast mode [ 492.035213][ T52] bridge_slave_1: left promiscuous mode [ 492.043967][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.060634][ T52] bridge_slave_0: left allmulticast mode [ 492.071883][ T52] bridge_slave_0: left promiscuous mode [ 492.081346][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.107079][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 493.127018][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 493.148856][ T52] bond0 (unregistering): Released all slaves [ 493.326847][ T5229] Bluetooth: hci4: command tx timeout [ 493.329654][T28154] team0: Port device team_slave_0 added [ 493.338521][ T5229] Bluetooth: hci3: command tx timeout [ 493.377682][T28154] team0: Port device team_slave_1 added [ 493.612984][T28154] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 493.621898][T28154] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 493.662417][T28154] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 493.714669][T28153] hsr_slave_0: entered promiscuous mode [ 493.728114][T28153] hsr_slave_1: entered promiscuous mode [ 493.755558][T28153] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 493.769940][T28153] Cannot create hsr debugfs directory [ 493.870356][T28154] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 493.885696][T28154] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 493.935887][T28154] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 494.109847][ T52] hsr_slave_0: left promiscuous mode [ 494.130602][ T52] hsr_slave_1: left promiscuous mode [ 494.142863][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 494.156922][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 494.187691][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 494.210187][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 494.238597][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 494.324280][ T52] veth1_macvtap: left promiscuous mode [ 494.347542][ T52] veth0_macvtap: left promiscuous mode [ 494.376746][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 494.376965][ T52] veth1_vlan: left promiscuous mode [ 494.418884][ T52] veth0_vlan: left promiscuous mode [ 495.419155][ T5229] Bluetooth: hci3: command tx timeout [ 495.424672][ T5229] Bluetooth: hci4: command tx timeout [ 496.194916][ T52] team0 (unregistering): Port device team_slave_1 removed [ 496.318573][ T52] team0 (unregistering): Port device team_slave_0 removed [ 497.411398][T28154] hsr_slave_0: entered promiscuous mode [ 497.426974][T28154] hsr_slave_1: entered promiscuous mode [ 497.433492][T28154] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 497.450053][T28154] Cannot create hsr debugfs directory [ 498.389907][T28153] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 498.459936][T28153] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 498.480688][T28153] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 498.501262][T28153] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 498.775095][T28153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 498.820697][T28153] 8021q: adding VLAN 0 to HW filter on device team0 [ 498.878307][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.885542][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 498.968018][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 498.975248][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 499.073605][T28154] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 499.110210][T28154] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 499.171510][T28154] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 499.215612][T28154] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 499.343270][T28153] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 499.386868][T28153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 499.605297][T28154] 8021q: adding VLAN 0 to HW filter on device bond0 [ 499.683113][T29067] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 499.696499][T28154] 8021q: adding VLAN 0 to HW filter on device team0 [ 499.731338][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.738569][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 499.826008][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 499.833244][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 500.009154][T28153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 500.186106][T28153] veth0_vlan: entered promiscuous mode [ 500.266468][T28153] veth1_vlan: entered promiscuous mode [ 500.360828][T28153] veth0_macvtap: entered promiscuous mode [ 500.427257][T28153] veth1_macvtap: entered promiscuous mode [ 500.489238][T28153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.528132][T28153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.568432][T28153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.586424][T28153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.611887][T28153] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.701201][T28153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.728589][T28153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.759041][T28153] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.786581][T28153] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.819004][T28153] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.835153][T28154] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 500.869892][T28153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.889110][T28153] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.916601][T28153] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.925350][T28153] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.197759][T28154] veth0_vlan: entered promiscuous mode [ 501.222584][T28154] veth1_vlan: entered promiscuous mode [ 501.244310][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.267760][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.355957][T28154] veth0_macvtap: entered promiscuous mode [ 501.375396][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.389978][T28154] veth1_macvtap: entered promiscuous mode [ 501.397441][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.444478][T28154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 501.455562][T28154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 501.465953][T28154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 501.477559][T28154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 501.491848][T28154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 501.502338][T28154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 501.514491][T28154] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 501.528638][T28154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 501.543465][T28154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 501.553988][T28154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 501.565381][T28154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 501.575415][T28154] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 501.586028][T28154] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 501.600641][T28154] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 501.628139][T24123] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 501.689175][T28154] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.698195][T28154] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.707094][T28154] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.715953][T28154] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 501.736665][T24142] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 501.811445][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.836065][T24123] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 501.857134][T24123] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 501.870070][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.881201][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.890609][T24123] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.917103][T24123] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 501.935020][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.938831][T24123] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 501.943421][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.965015][T24142] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 501.978548][T24123] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 501.983517][T24142] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 502.001743][T24142] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.013166][T24142] usb 4-1: Product: syz [ 502.020232][T24123] usb 2-1: Manufacturer: syz [ 502.032483][T24142] usb 4-1: Manufacturer: syz [ 502.038796][T24142] usb 4-1: SerialNumber: syz [ 502.049386][T24123] usb 2-1: config 0 descriptor?? [ 502.487266][T24123] appleir 0003:05AC:8243.0034: unknown main item tag 0x0 [ 502.494957][T24123] appleir 0003:05AC:8243.0034: No inputs registered, leaving [ 502.510780][T24123] appleir 0003:05AC:8243.0034: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 503.103465][T24142] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 503.110076][T24142] cdc_ncm 4-1:1.0: dwNtbInMaxSize=1044 is too small. Using 2048 [ 503.117781][T24142] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 503.305208][T24142] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 503.322404][T24142] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 503.340307][T24142] usb 4-1: USB disconnect, device number 49 [ 503.348383][T24142] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 503.378708][ T29] audit: type=1326 audit(1725403704.936:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.431603][ T29] audit: type=1326 audit(1725403704.946:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.465661][ T29] audit: type=1326 audit(1725403704.966:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.487906][ T29] audit: type=1326 audit(1725403704.966:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.511517][ T29] audit: type=1326 audit(1725403704.966:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.543886][ T29] audit: type=1326 audit(1725403704.966:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.576543][ T29] audit: type=1326 audit(1725403704.966:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.613021][ T29] audit: type=1326 audit(1725403704.966:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.644118][T29190] tipc: Started in network mode [ 503.650180][T29190] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 503.670340][ T29] audit: type=1326 audit(1725403704.966:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.693462][T29190] tipc: Enabled bearer , priority 10 [ 503.741833][ T29] audit: type=1326 audit(1725403704.966:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29178 comm="syz.4.5387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e4b7cef9 code=0x7ffc0000 [ 503.877361][ T2923] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.535370][ T2923] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.659803][ T5227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 504.669234][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 504.686038][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 504.701922][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 504.712274][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 504.721680][ T5227] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 504.721826][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 504.742805][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 504.751714][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 504.762832][ T5227] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 504.794901][ T5229] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 504.806695][T24123] tipc: Node number set to 4269801488 [ 504.816008][ T5227] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 504.844873][ T2923] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.924597][ T5270] usb 2-1: USB disconnect, device number 53 [ 505.043157][T29233] syz.1.5398 (29233): drop_caches: 2 [ 505.049280][T29242] syz.1.5398 (29242): drop_caches: 2 [ 505.053129][ T2923] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.055720][T29233] syz.1.5398 (29233): drop_caches: 2 [ 505.071124][T29242] syz.1.5398 (29242): drop_caches: 2 [ 505.186784][T24144] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 505.386866][T24144] usb 5-1: Using ep0 maxpacket: 8 [ 505.394811][T24144] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 505.404046][T24144] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 505.416819][T24144] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 505.427939][T24144] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 505.438112][T24144] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 505.451492][T24144] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 505.461130][T24144] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.516539][ T5269] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 505.555993][ T2923] bridge_slave_1: left allmulticast mode [ 505.562164][ T2923] bridge_slave_1: left promiscuous mode [ 505.570012][ T2923] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.590928][ T2923] bridge_slave_0: left allmulticast mode [ 505.606404][ T2923] bridge_slave_0: left promiscuous mode [ 505.612500][ T2923] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.692982][T24144] usb 5-1: usb_control_msg returned -32 [ 505.698758][T24144] usbtmc 5-1:16.0: can't read capabilities [ 505.705334][ T5269] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 505.721503][ T5269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 505.743852][ T5269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.774536][ T5269] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 505.800331][ T5269] usb 2-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 505.830448][ T5269] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.847784][ T5269] usb 2-1: config 0 descriptor?? [ 506.338933][ T5269] nintendo 0003:057E:2009.0035: unknown main item tag 0x0 [ 506.349312][ T5269] nintendo 0003:057E:2009.0035: unknown main item tag 0x0 [ 506.361170][ T5269] nintendo 0003:057E:2009.0035: item fetching failed at offset 2/5 [ 506.375550][ T5269] nintendo 0003:057E:2009.0035: HID parse failed [ 506.413093][ T5269] nintendo 0003:057E:2009.0035: probe - fail = -22 [ 506.421133][ T5269] nintendo 0003:057E:2009.0035: probe with driver nintendo failed with error -22 [ 506.504559][ T2923] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 506.520198][ T2923] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 506.541066][ T2923] bond0 (unregistering): Released all slaves [ 506.551783][ T5269] usb 2-1: USB disconnect, device number 54 [ 506.804304][T29208] chnl_net:caif_netlink_parms(): no params data found [ 506.847330][T20482] Bluetooth: hci4: command tx timeout [ 506.866334][T20482] Bluetooth: hci3: command tx timeout [ 506.969454][T29209] chnl_net:caif_netlink_parms(): no params data found [ 507.032173][T29208] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.039892][T29208] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.047690][T29208] bridge_slave_0: entered allmulticast mode [ 507.055480][T29208] bridge_slave_0: entered promiscuous mode [ 507.082388][ T2923] hsr_slave_0: left promiscuous mode [ 507.089762][ T2923] hsr_slave_1: left promiscuous mode [ 507.108495][ T2923] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 507.124480][ T2923] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 507.145898][ T2923] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 507.163281][ T2923] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 507.244425][ T2923] veth1_macvtap: left promiscuous mode [ 507.250883][ T2923] veth0_macvtap: left promiscuous mode [ 507.258073][ T2923] veth1_vlan: left promiscuous mode [ 507.263446][ T2923] veth0_vlan: left promiscuous mode [ 507.465193][ T9] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 507.672292][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 507.682854][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 507.692130][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.700386][ T9] usb 2-1: Product: syz [ 507.727092][ T9] usb 2-1: Manufacturer: syz [ 507.734440][ T9] usb 2-1: SerialNumber: syz [ 507.759628][ T9] usb 2-1: config 0 descriptor?? [ 507.834990][T29592] Bluetooth: MGMT ver 1.23 [ 507.839643][T29592] Bluetooth: hci3: unsupported parameter 64512 [ 507.845998][T29592] Bluetooth: hci3: invalid length 0, exp 2 for type 5 [ 507.931220][T24142] usb 5-1: USB disconnect, device number 45 [ 508.010971][ T9] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 508.440873][ T9] usb write operation failed. (-71) [ 508.453098][ T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 508.497249][ T9] dvbdev: DVB: registering new adapter (Terratec H7) [ 508.504646][ T9] usb 2-1: media controller created [ 508.537892][ T9] usb read operation failed. (-71) [ 508.543552][ T9] usb write operation failed. (-71) [ 508.590694][ T9] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 508.627575][ T9] usb 2-1: USB disconnect, device number 55 [ 508.722686][ T2923] team0 (unregistering): Port device team_slave_1 removed [ 508.793019][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 508.833004][T29640] sg_read: process 222 (syz.4.5423) changed security contexts after opening file descriptor, this is not allowed. [ 508.849001][ T2923] team0 (unregistering): Port device team_slave_0 removed [ 508.936699][T20482] Bluetooth: hci3: command tx timeout [ 508.942165][T20482] Bluetooth: hci4: command tx timeout [ 510.360866][T29208] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.376607][T29208] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.386797][T29208] bridge_slave_1: entered allmulticast mode [ 510.397410][T29208] bridge_slave_1: entered promiscuous mode [ 510.588865][T29208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 510.712394][T29208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 510.901915][T29208] team0: Port device team_slave_0 added [ 510.913001][T29208] team0: Port device team_slave_1 added [ 511.006645][ T5227] Bluetooth: hci3: command tx timeout [ 511.012236][T20482] Bluetooth: hci4: command tx timeout [ 511.105944][T29209] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.117840][T29209] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.125984][T29209] bridge_slave_0: entered allmulticast mode [ 511.134008][T29209] bridge_slave_0: entered promiscuous mode [ 511.145595][T29208] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 511.165278][T29208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.206726][T29208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 511.219619][T29209] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.229894][T29209] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.237517][T29209] bridge_slave_1: entered allmulticast mode [ 511.247003][T29209] bridge_slave_1: entered promiscuous mode [ 511.289532][T29208] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 511.297201][T29208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 511.323894][T29208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 511.440558][T29209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.491818][T29208] hsr_slave_0: entered promiscuous mode [ 511.500218][T29208] hsr_slave_1: entered promiscuous mode [ 511.516520][T29208] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 511.524381][T29208] Cannot create hsr debugfs directory [ 511.538190][T29209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.739709][T29209] team0: Port device team_slave_0 added [ 511.803045][T29209] team0: Port device team_slave_1 added [ 511.837932][T29954] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.5445'. [ 511.975326][T16712] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.091781][T29209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.098702][T29984] loop0: detected capacity change from 0 to 7 [ 512.107523][T29209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.133665][T29984] Dev loop0: unable to read RDB block 7 [ 512.133700][T29984] loop0: AHDI p2 p3 [ 512.133731][T29984] loop0: partition table partially beyond EOD, truncated [ 512.133871][T29984] loop0: p2 start 6514546 is beyond EOD, truncated [ 512.174971][T29209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.256191][T16712] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.291736][T29209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 512.313480][T29209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.347699][T29209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 512.413542][T16712] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.650261][T16712] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.792486][T30039] dummy0: entered promiscuous mode [ 512.799791][T30039] dummy0: left promiscuous mode [ 512.953723][T29209] hsr_slave_0: entered promiscuous mode [ 512.982183][T29209] hsr_slave_1: entered promiscuous mode [ 512.993652][T29209] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 513.008821][T29209] Cannot create hsr debugfs directory [ 513.036572][ T5269] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 513.086539][ T5227] Bluetooth: hci3: command tx timeout [ 513.092858][T20482] Bluetooth: hci4: command tx timeout [ 513.226697][ T5269] usb 2-1: Using ep0 maxpacket: 8 [ 513.251516][ T5269] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 513.275237][ T5269] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.296571][ T5269] usb 2-1: Product: syz [ 513.300783][ T5269] usb 2-1: Manufacturer: syz [ 513.305395][ T5269] usb 2-1: SerialNumber: syz [ 513.335292][ T5269] usb 2-1: config 0 descriptor?? [ 513.430455][T16712] bridge_slave_1: left allmulticast mode [ 513.440895][T16712] bridge_slave_1: left promiscuous mode [ 513.448070][T16712] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.463766][T16712] bridge_slave_0: left allmulticast mode [ 513.473225][T16712] bridge_slave_0: left promiscuous mode [ 513.486246][T16712] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.582555][ T5269] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 514.379058][T16712] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 514.423601][T16712] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 514.435766][T16712] bond0 (unregistering): Released all slaves [ 514.616814][ T5269] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 514.662585][ T5269] usb 2-1: USB disconnect, device number 56 [ 514.813423][T29208] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 514.830534][T29208] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 514.870464][T29208] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 514.916548][T29208] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 514.996213][T16712] hsr_slave_0: left promiscuous mode [ 515.005631][T16712] hsr_slave_1: left promiscuous mode [ 515.012708][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 515.023045][T16712] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 515.031647][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 515.040211][T16712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 515.066171][T16712] veth1_macvtap: left promiscuous mode [ 515.071979][T16712] veth0_macvtap: left promiscuous mode [ 515.077829][T16712] veth1_vlan: left promiscuous mode [ 515.083109][T16712] veth0_vlan: left promiscuous mode [ 515.837152][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 515.837172][ T29] audit: type=1326 audit(1725403717.406:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 515.905057][ T29] audit: type=1326 audit(1725403717.406:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 515.941193][ T29] audit: type=1326 audit(1725403717.436:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 515.983574][ T29] audit: type=1326 audit(1725403717.436:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 516.056677][ T29] audit: type=1326 audit(1725403717.436:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 516.079221][ T29] audit: type=1326 audit(1725403717.436:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 516.104554][ T29] audit: type=1326 audit(1725403717.436:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 516.131717][ T29] audit: type=1326 audit(1725403717.436:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 516.162052][ T29] audit: type=1326 audit(1725403717.436:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 516.190295][ T29] audit: type=1326 audit(1725403717.436:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30252 comm="syz.3.5476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f786d17cef9 code=0x7ffc0000 [ 516.246989][T16712] team0 (unregistering): Port device team_slave_1 removed [ 516.344497][T16712] team0 (unregistering): Port device team_slave_0 removed [ 517.048354][T30278] 9pnet: p9_errstr2errno: server reported unknown error œæçæŒÎsÅ‚Ümý¼§6°'ßtÿT ð#>÷‰r¹[›5´ [ 517.568954][T29208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 517.613618][T29208] 8021q: adding VLAN 0 to HW filter on device team0 [ 517.641641][T16726] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.648851][T16726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 517.740120][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.747347][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 517.822962][T30301] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 1 [ 517.863799][T30305] netlink: 6 bytes leftover after parsing attributes in process `syz.4.5493'. [ 518.004915][T29209] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 518.020487][T29209] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 518.040008][T29209] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 518.066522][T29209] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 518.381287][T29209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 518.419214][T29209] 8021q: adding VLAN 0 to HW filter on device team0 [ 518.460182][T16712] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.467395][T16712] bridge0: port 1(bridge_slave_0) entered forwarding state [ 518.494186][T16712] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.501380][T16712] bridge0: port 2(bridge_slave_1) entered forwarding state [ 518.543157][T29208] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 518.721792][T29208] veth0_vlan: entered promiscuous mode [ 518.760070][T29208] veth1_vlan: entered promiscuous mode [ 518.861458][T29208] veth0_macvtap: entered promiscuous mode [ 518.895162][T29208] veth1_macvtap: entered promiscuous mode [ 518.953009][T29208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 518.989942][T29208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.030806][T29208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.053938][T29208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.077252][T29208] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 519.133384][T29208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 519.159434][T29208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.172265][T29208] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 519.183079][T29208] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.215639][T29208] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 519.269863][T29209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 519.298554][T29208] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.309770][T29208] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.323071][T29208] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.337568][T29208] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.551583][T29209] veth0_vlan: entered promiscuous mode [ 519.562777][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.592512][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.638427][T29209] veth1_vlan: entered promiscuous mode [ 519.671028][T16712] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.695186][T16712] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.740757][T29209] veth0_macvtap: entered promiscuous mode [ 519.794178][T29209] veth1_macvtap: entered promiscuous mode [ 519.849442][T29209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.860752][T29209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.871533][T29209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.890051][T29209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.913107][T29209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 519.939587][T29209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 519.981493][T29209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 520.020629][T29209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.033577][T29209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.044504][T29209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.056166][T29209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.079057][T29209] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 520.099946][T29209] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 520.146135][T29209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 520.321429][T29209] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.346647][T29209] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.365750][T29209] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.396518][T29209] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 520.660819][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 520.689486][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 520.756586][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 520.776293][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 521.274263][T30455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5524'. [ 521.436459][T16712] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.578873][T16712] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.658560][T16712] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.728930][T16712] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.813594][T16712] bridge_slave_1: left allmulticast mode [ 522.820083][T16712] bridge_slave_1: left promiscuous mode [ 522.825761][T16712] bridge0: port 2(bridge_slave_1) entered disabled state [ 522.834393][T16712] bridge_slave_0: left allmulticast mode [ 522.840607][T16712] bridge_slave_0: left promiscuous mode [ 522.846315][T16712] bridge0: port 1(bridge_slave_0) entered disabled state [ 523.837796][ T5227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 523.850686][ T5227] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 523.865313][ T5227] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 523.877317][ T5227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 523.897383][ T5227] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 523.897946][T16712] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 523.914044][ T5227] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 523.937796][T16712] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 523.981857][T16712] bond0 (unregistering): Released all slaves [ 524.327180][ T5269] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 524.355433][T20482] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 524.370405][T20482] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 524.379873][T20482] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 524.415916][T20482] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 524.425174][T20482] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 524.435478][T20482] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 524.524779][ T5269] usb 2-1: Using ep0 maxpacket: 8 [ 524.584887][ T5269] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice= 1.ef [ 524.626918][ T5269] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 524.667093][ T5269] usb 2-1: SerialNumber: syz [ 524.713513][ T5269] usb 2-1: config 0 descriptor?? [ 524.937858][T16712] hsr_slave_0: left promiscuous mode [ 524.973642][ T46] usb 2-1: USB disconnect, device number 57 [ 524.980596][T16712] hsr_slave_1: left promiscuous mode [ 524.995445][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 525.005376][T16712] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 525.015167][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 525.023296][T16712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 525.049746][T16712] veth1_macvtap: left promiscuous mode [ 525.055332][T16712] veth0_macvtap: left promiscuous mode [ 525.061652][T16712] veth1_vlan: left promiscuous mode [ 525.067500][T16712] veth0_vlan: left promiscuous mode [ 525.995581][T20482] Bluetooth: hci3: command tx timeout [ 526.184794][T16712] team0 (unregistering): Port device team_slave_1 removed [ 526.302631][T16712] team0 (unregistering): Port device team_slave_0 removed [ 526.470021][ T29] audit: type=1326 audit(1725403728.036:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30695 comm="syz.1.5553" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x0 [ 526.527681][T20482] Bluetooth: hci4: command tx timeout [ 527.442377][T30489] chnl_net:caif_netlink_parms(): no params data found [ 528.056483][T20482] Bluetooth: hci3: command tx timeout [ 528.394893][T16712] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.606692][T20482] Bluetooth: hci4: command tx timeout [ 528.801560][T16712] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.048660][T16712] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.270459][T16712] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.716674][T16712] bridge_slave_1: left allmulticast mode [ 529.722386][T16712] bridge_slave_1: left promiscuous mode [ 529.767328][T16712] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.794289][T16712] bridge_slave_0: left allmulticast mode [ 529.837103][T16712] bridge_slave_0: left promiscuous mode [ 529.842937][T16712] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.137350][T20482] Bluetooth: hci3: command tx timeout [ 530.696474][T20482] Bluetooth: hci4: command tx timeout [ 532.214171][T20482] Bluetooth: hci3: command tx timeout [ 532.766667][T20482] Bluetooth: hci4: command tx timeout [ 533.136901][T16712] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 533.205262][T16712] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 533.227409][T16712] bond0 (unregistering): Released all slaves [ 533.607482][T30489] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.614713][T30489] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.626739][T30489] bridge_slave_0: entered allmulticast mode [ 533.634033][T30489] bridge_slave_0: entered promiscuous mode [ 534.142955][T16712] hsr_slave_0: left promiscuous mode [ 534.252307][T16712] hsr_slave_1: left promiscuous mode [ 534.276510][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 534.283965][T16712] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 534.357528][T16712] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 534.364967][T16712] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 534.496569][T16712] veth1_macvtap: left promiscuous mode [ 534.502154][T16712] veth0_macvtap: left promiscuous mode [ 534.536624][T16712] veth1_vlan: left promiscuous mode [ 534.566587][T16712] veth0_vlan: left promiscuous mode [ 536.370529][T16712] team0 (unregistering): Port device team_slave_1 removed [ 536.460685][T16712] team0 (unregistering): Port device team_slave_0 removed [ 537.506732][T30489] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.520953][T30489] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.530673][T30489] bridge_slave_1: entered allmulticast mode [ 537.542616][T30489] bridge_slave_1: entered promiscuous mode [ 537.622733][T30489] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 537.658265][T30523] chnl_net:caif_netlink_parms(): no params data found [ 537.685304][T30966] usb usb9: usbfs: interface 0 claimed by hub while 'syz.4.5595' sets config #0 [ 537.699019][T30489] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 537.897012][T30489] team0: Port device team_slave_0 added [ 538.024599][T30489] team0: Port device team_slave_1 added [ 538.180117][T30489] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 538.197556][T30489] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.224355][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 538.239091][T30489] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 538.345316][T30489] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 538.355103][T30489] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.381033][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.392860][T30489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 538.451306][T30523] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.476592][T30523] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.483852][T30523] bridge_slave_0: entered allmulticast mode [ 538.494039][T30523] bridge_slave_0: entered promiscuous mode [ 538.537906][T30523] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.545199][T30523] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.553496][T30523] bridge_slave_1: entered allmulticast mode [ 538.567862][T30523] bridge_slave_1: entered promiscuous mode [ 538.704042][T30489] hsr_slave_0: entered promiscuous mode [ 538.711980][T30489] hsr_slave_1: entered promiscuous mode [ 538.719311][T30489] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 538.727396][T30489] Cannot create hsr debugfs directory [ 538.740262][T30523] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.752859][T30523] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 538.861941][T30523] team0: Port device team_slave_0 added [ 538.880504][T30523] team0: Port device team_slave_1 added [ 538.988672][T30523] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 538.996205][T30523] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.024720][T30523] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.044874][T30523] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.052061][T30523] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 539.078012][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.084277][T30523] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.240540][T30523] hsr_slave_0: entered promiscuous mode [ 539.249106][ T5269] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 539.267041][T30523] hsr_slave_1: entered promiscuous mode [ 539.274876][T30523] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 539.298563][T30523] Cannot create hsr debugfs directory [ 539.447621][ T5269] usb 5-1: Using ep0 maxpacket: 32 [ 539.458400][ T5269] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 539.474055][ T5269] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 539.484880][ T5269] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.497798][ T5269] usb 5-1: Product: syz [ 539.502308][ T5269] usb 5-1: Manufacturer: syz [ 539.507702][ T5269] usb 5-1: SerialNumber: syz [ 539.515497][ T5269] usb 5-1: config 0 descriptor?? [ 539.530134][T31266] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 539.548002][ T5269] hub 5-1:0.0: bad descriptor, ignoring hub [ 539.553952][ T5269] hub 5-1:0.0: probe with driver hub failed with error -5 [ 539.566042][ T5269] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input72 [ 539.735530][T31408] netlink: 'syz.3.5613': attribute type 11 has an invalid length. [ 539.743473][T31408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5613'. [ 539.852108][ T58] usb 5-1: USB disconnect, device number 46 [ 539.852266][ C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 539.981295][T30489] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 539.992613][T30489] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 540.002272][T30489] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 540.012136][T30489] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 540.083120][T30523] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 540.094759][T30523] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 540.109510][T30523] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 540.122250][T30523] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 540.265026][T30489] 8021q: adding VLAN 0 to HW filter on device bond0 [ 540.310811][T30523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 540.346226][T30489] 8021q: adding VLAN 0 to HW filter on device team0 [ 540.374399][T30523] 8021q: adding VLAN 0 to HW filter on device team0 [ 540.394074][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.401261][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 540.417371][T31454] overlay: filesystem on ./bus not supported as upperdir [ 540.457113][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.464382][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.507421][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.514640][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 540.543415][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.550633][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.604337][ T9] libceph: connect (1)[c::]:6789 error -101 [ 540.621413][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 540.631242][ T9] libceph: connect (1)[c::]:6789 error -101 [ 540.686710][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 540.775745][T31459] ceph: No mds server is up or the cluster is laggy [ 540.946715][ T9] libceph: connect (1)[c::]:6789 error -101 [ 540.952802][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 545.972825][T30523] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 546.202568][T31476] bridge0: port 3(gretap0) entered blocking state [ 546.213355][T31476] bridge0: port 3(gretap0) entered disabled state [ 546.220418][T31476] gretap0: entered allmulticast mode [ 546.227264][T31476] gretap0: entered promiscuous mode [ 546.238505][T31476] bridge0: port 3(gretap0) entered blocking state [ 546.245057][T31476] bridge0: port 3(gretap0) entered forwarding state [ 546.446072][T30489] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 546.489409][T30523] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 546.607951][T30489] veth0_vlan: entered promiscuous mode [ 546.664348][T30489] veth1_vlan: entered promiscuous mode [ 546.673616][T30523] veth0_vlan: entered promiscuous mode [ 546.726808][T30523] veth1_vlan: entered promiscuous mode [ 546.750000][T30489] veth0_macvtap: entered promiscuous mode [ 546.775029][T30489] veth1_macvtap: entered promiscuous mode [ 546.842940][T30489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.863947][T30489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.887789][T30489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.900427][T30489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.913531][T30489] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 546.954737][T30489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 546.970096][T30489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.989099][T30489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 547.002106][T30489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.017990][T30489] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 547.053575][T30523] veth0_macvtap: entered promiscuous mode [ 547.079005][T30489] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.106462][T30489] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.115203][T30489] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.137506][T30489] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.236178][T30523] veth1_macvtap: entered promiscuous mode [ 547.353628][T30523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.397082][T30523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.420676][T30523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.442031][T30523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.466492][T30523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.494986][T30523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.518739][T30523] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 547.554267][T30523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 547.583596][T30523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.593923][T30523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 547.605284][T30523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.615269][T30523] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 547.623605][T31540] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 547.636657][T30523] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.651170][T30523] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 547.662839][T30523] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.672435][T30523] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.675746][T31548] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5635'. [ 547.681183][T30523] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.681216][T30523] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.819465][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 547.842628][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.042771][T16712] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.065255][T16712] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.095361][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.125224][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.256579][T16726] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.264435][T16726] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.349895][ T29] audit: type=1326 audit(1725403749.916:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.426734][ T29] audit: type=1326 audit(1725403749.916:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.517311][ T29] audit: type=1326 audit(1725403749.916:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.562534][ T29] audit: type=1326 audit(1725403749.926:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.587131][ T29] audit: type=1326 audit(1725403749.926:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.692221][ T29] audit: type=1326 audit(1725403749.926:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.750624][ T29] audit: type=1326 audit(1725403749.926:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.784162][ T29] audit: type=1326 audit(1725403749.926:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.808996][ T29] audit: type=1326 audit(1725403749.926:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.831247][ T29] audit: type=1326 audit(1725403749.956:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31582 comm="syz.1.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f755c37cef9 code=0x7ffc0000 [ 548.903366][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.272006][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.479352][ T5227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 549.498683][ T5227] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 549.508427][ T5227] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 549.516889][ T5227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 549.532906][ T5227] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 549.541509][ T5227] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 549.594030][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.685594][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.036286][T31607] chnl_net:caif_netlink_parms(): no params data found [ 550.240061][ T12] bridge_slave_1: left allmulticast mode [ 550.263681][ T12] bridge_slave_1: left promiscuous mode [ 550.286283][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.312145][ T12] bridge_slave_0: left allmulticast mode [ 550.318083][ T12] bridge_slave_0: left promiscuous mode [ 550.323967][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.440207][ T5227] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 550.460015][ T5227] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 550.470306][ T5227] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 550.481241][ T5227] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 550.489184][ T5227] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 550.500286][ T5227] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 550.667887][T31781] ================================================================== [ 550.676017][T31781] BUG: KASAN: slab-use-after-free in uprobe_mmap+0xb9a/0x11a0 [ 550.683467][T31781] Read of size 8 at addr ffff8880651d4730 by task syz.1.5656/31781 [ 550.691336][T31781] [ 550.693647][T31781] CPU: 0 UID: 0 PID: 31781 Comm: syz.1.5656 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 550.704386][T31781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 550.714425][T31781] Call Trace: [ 550.717688][T31781] [ 550.720608][T31781] dump_stack_lvl+0x241/0x360 [ 550.725274][T31781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 550.730464][T31781] ? __pfx__printk+0x10/0x10 [ 550.735040][T31781] ? _printk+0xd5/0x120 [ 550.739179][T31781] ? __virt_addr_valid+0x183/0x530 [ 550.744267][T31781] ? __virt_addr_valid+0x183/0x530 [ 550.749357][T31781] print_report+0x169/0x550 [ 550.753848][T31781] ? __virt_addr_valid+0x183/0x530 [ 550.758937][T31781] ? __virt_addr_valid+0x183/0x530 [ 550.764028][T31781] ? __virt_addr_valid+0x45f/0x530 [ 550.769116][T31781] ? __phys_addr+0xba/0x170 [ 550.773604][T31781] ? uprobe_mmap+0xb9a/0x11a0 [ 550.778274][T31781] kasan_report+0x143/0x180 [ 550.782766][T31781] ? uprobe_mmap+0xb9a/0x11a0 [ 550.787423][T31781] uprobe_mmap+0xb9a/0x11a0 [ 550.791906][T31781] ? shmem_is_huge+0x28e/0x2f0 [ 550.796660][T31781] ? __pfx_uprobe_mmap+0x10/0x10 [ 550.801577][T31781] mmap_region+0x1891/0x2090 [ 550.806144][T31781] ? mark_lock+0x9a/0x350 [ 550.810462][T31781] ? __pfx_mmap_region+0x10/0x10 [ 550.815384][T31781] ? mm_get_unmapped_area+0xa5/0xd0 [ 550.820564][T31781] ? shmem_get_unmapped_area+0x2a7/0x8f0 [ 550.826260][T31781] ? cap_mmap_addr+0x163/0x2c0 [ 550.831013][T31781] ? __get_unmapped_area+0x2f0/0x360 [ 550.836279][T31781] do_mmap+0x8f9/0x1010 [ 550.840419][T31781] ? __pfx_do_mmap+0x10/0x10 [ 550.844986][T31781] ? __pfx_down_write_killable+0x10/0x10 [ 550.850598][T31781] ? __pfx_ima_file_mmap+0x10/0x10 [ 550.855690][T31781] ? security_mmap_file+0x178/0x1a0 [ 550.860869][T31781] vm_mmap_pgoff+0x1dd/0x3d0 [ 550.865440][T31781] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 550.870529][T31781] ? __fget_files+0x29/0x470 [ 550.875102][T31781] ? __fget_files+0x3f6/0x470 [ 550.879780][T31781] ksys_mmap_pgoff+0x4f1/0x720 [ 550.884554][T31781] ? __x64_sys_mmap+0x7f/0x140 [ 550.889308][T31781] do_syscall_64+0xf3/0x230 [ 550.893793][T31781] ? clear_bhb_loop+0x35/0x90 [ 550.898450][T31781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.904323][T31781] RIP: 0033:0x7f755c37cef9 [ 550.908720][T31781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.928309][T31781] RSP: 002b:00007f755d262038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 550.936703][T31781] RAX: ffffffffffffffda RBX: 00007f755c535f80 RCX: 00007f755c37cef9 [ 550.944652][T31781] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020000000 [ 550.952603][T31781] RBP: 00007f755c3ef01e R08: 0000000000000005 R09: 0000000000000000 [ 550.960551][T31781] R10: 0000000000010012 R11: 0000000000000246 R12: 0000000000000000 [ 550.968500][T31781] R13: 0000000000000000 R14: 00007f755c535f80 R15: 00007ffccd2a1168 [ 550.976471][T31781] [ 550.979483][T31781] [ 550.981787][T31781] Allocated by task 16747: [ 550.986174][T31781] kasan_save_track+0x3f/0x80 [ 550.990833][T31781] __kasan_kmalloc+0x98/0xb0 [ 550.995400][T31781] __kmalloc_cache_noprof+0x19c/0x2c0 [ 551.000752][T31781] sctp_inet6addr_event+0x366/0x730 [ 551.005930][T31781] notifier_call_chain+0x19f/0x3e0 [ 551.011021][T31781] atomic_notifier_call_chain+0xdb/0x180 [ 551.016632][T31781] ipv6_add_addr+0xde0/0x1090 [ 551.021294][T31781] addrconf_add_linklocal+0x36c/0xa30 [ 551.026653][T31781] addrconf_addr_gen+0x510/0xbb0 [ 551.031584][T31781] addrconf_init_auto_addrs+0x96a/0xeb0 [ 551.037108][T31781] addrconf_notify+0xaff/0x1020 [ 551.041934][T31781] notifier_call_chain+0x19f/0x3e0 [ 551.047025][T31781] netdev_state_change+0x11f/0x1a0 [ 551.052109][T31781] linkwatch_do_dev+0x112/0x170 [ 551.056937][T31781] __linkwatch_run_queue+0x44f/0x6c0 [ 551.062206][T31781] linkwatch_event+0x4c/0x60 [ 551.066771][T31781] process_scheduled_works+0xa2c/0x1830 [ 551.072294][T31781] worker_thread+0x86d/0xd10 [ 551.076864][T31781] kthread+0x2f0/0x390 [ 551.080919][T31781] ret_from_fork+0x4b/0x80 [ 551.085319][T31781] ret_from_fork_asm+0x1a/0x30 [ 551.090065][T31781] [ 551.092397][T31781] Freed by task 5270: [ 551.096358][T31781] kasan_save_track+0x3f/0x80 [ 551.101029][T31781] kasan_save_free_info+0x40/0x50 [ 551.106032][T31781] poison_slab_object+0xe0/0x150 [ 551.110946][T31781] __kasan_slab_free+0x37/0x60 [ 551.115683][T31781] kfree+0x149/0x360 [ 551.119557][T31781] kvfree_rcu_list+0xf9/0x280 [ 551.124212][T31781] kfree_rcu_work+0x3f2/0x500 [ 551.128893][T31781] process_scheduled_works+0xa2c/0x1830 [ 551.134431][T31781] worker_thread+0x86d/0xd10 [ 551.139010][T31781] kthread+0x2f0/0x390 [ 551.143062][T31781] ret_from_fork+0x4b/0x80 [ 551.147502][T31781] ret_from_fork_asm+0x1a/0x30 [ 551.152263][T31781] [ 551.154564][T31781] Last potentially related work creation: [ 551.160253][T31781] kasan_save_stack+0x3f/0x60 [ 551.164904][T31781] __kasan_record_aux_stack+0xac/0xc0 [ 551.170253][T31781] kvfree_call_rcu+0xfc/0x790 [ 551.174912][T31781] sctp_inet6addr_event+0x693/0x730 [ 551.180092][T31781] notifier_call_chain+0x19f/0x3e0 [ 551.185191][T31781] atomic_notifier_call_chain+0xdb/0x180 [ 551.190808][T31781] addrconf_ifdown+0xefd/0x1bd0 [ 551.195641][T31781] addrconf_notify+0x3cb/0x1020 [ 551.200481][T31781] notifier_call_chain+0x19f/0x3e0 [ 551.205597][T31781] dev_close_many+0x33c/0x4c0 [ 551.210285][T31781] unregister_netdevice_many_notify+0x50b/0x1c40 [ 551.216599][T31781] default_device_exit_batch+0xa0f/0xa90 [ 551.222210][T31781] cleanup_net+0x89d/0xcc0 [ 551.226606][T31781] process_scheduled_works+0xa2c/0x1830 [ 551.232141][T31781] worker_thread+0x86d/0xd10 [ 551.236708][T31781] kthread+0x2f0/0x390 [ 551.240756][T31781] ret_from_fork+0x4b/0x80 [ 551.245166][T31781] ret_from_fork_asm+0x1a/0x30 [ 551.249912][T31781] [ 551.252213][T31781] The buggy address belongs to the object at ffff8880651d4700 [ 551.252213][T31781] which belongs to the cache kmalloc-64 of size 64 [ 551.266088][T31781] The buggy address is located 48 bytes inside of [ 551.266088][T31781] freed 64-byte region [ffff8880651d4700, ffff8880651d4740) [ 551.279686][T31781] [ 551.281987][T31781] The buggy address belongs to the physical page: [ 551.288385][T31781] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880651d4580 pfn:0x651d4 [ 551.298434][T31781] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff) [ 551.306476][T31781] page_type: 0xfdffffff(slab) [ 551.311126][T31781] raw: 00fff00000000200 ffff88801a8418c0 ffffea0001220cd0 ffffea0000b8b190 [ 551.319683][T31781] raw: ffff8880651d4580 0000000000200001 00000001fdffffff 0000000000000000 [ 551.328239][T31781] page dumped because: kasan: bad access detected [ 551.334634][T31781] page_owner tracks the page as allocated [ 551.340321][T31781] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5230, tgid 5230 (syz-executor), ts 56885757229, free_ts 15088327005 [ 551.359567][T31781] post_alloc_hook+0x1f3/0x230 [ 551.364309][T31781] get_page_from_freelist+0x2e4c/0x2f10 [ 551.369833][T31781] __alloc_pages_noprof+0x256/0x6c0 [ 551.375006][T31781] alloc_slab_page+0x5f/0x120 [ 551.379670][T31781] allocate_slab+0x5a/0x2f0 [ 551.384163][T31781] ___slab_alloc+0xcd1/0x14b0 [ 551.388835][T31781] __slab_alloc+0x58/0xa0 [ 551.393150][T31781] __kmalloc_node_track_caller_noprof+0x281/0x440 [ 551.399568][T31781] kmemdup_noprof+0x2a/0x60 [ 551.404050][T31781] mpls_dev_sysctl_register+0xd1/0x280 [ 551.409488][T31781] mpls_dev_notify+0x33f/0x7a0 [ 551.414230][T31781] notifier_call_chain+0x19f/0x3e0 [ 551.419322][T31781] register_netdevice+0x167f/0x1b00 [ 551.424502][T31781] __ip_tunnel_create+0x2b4/0x380 [ 551.429507][T31781] ip_tunnel_init_net+0x21c/0x710 [ 551.434514][T31781] ops_init+0x359/0x610 [ 551.438647][T31781] page last free pid 1 tgid 1 stack trace: [ 551.444425][T31781] free_unref_page+0xd19/0xea0 [ 551.449172][T31781] free_contig_range+0x9e/0x160 [ 551.454005][T31781] destroy_args+0x8a/0x890 [ 551.458401][T31781] debug_vm_pgtable+0x4be/0x550 [ 551.463229][T31781] do_one_initcall+0x248/0x880 [ 551.467972][T31781] do_initcall_level+0x157/0x210 [ 551.472888][T31781] do_initcalls+0x3f/0x80 [ 551.477197][T31781] kernel_init_freeable+0x435/0x5d0 [ 551.482376][T31781] kernel_init+0x1d/0x2b0 [ 551.486683][T31781] ret_from_fork+0x4b/0x80 [ 551.491086][T31781] ret_from_fork_asm+0x1a/0x30 [ 551.495835][T31781] [ 551.498138][T31781] Memory state around the buggy address: [ 551.503745][T31781] ffff8880651d4600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 551.511797][T31781] ffff8880651d4680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 551.519833][T31781] >ffff8880651d4700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 551.527870][T31781] ^ [ 551.533475][T31781] ffff8880651d4780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 551.541514][T31781] ffff8880651d4800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 551.549548][T31781] ================================================================== [ 551.596643][T31781] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 551.603885][T31781] CPU: 1 UID: 0 PID: 31781 Comm: syz.1.5656 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 551.614668][T31781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 551.624742][T31781] Call Trace: [ 551.628030][T31781] [ 551.630966][T31781] dump_stack_lvl+0x241/0x360 [ 551.635659][T31781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 551.640868][T31781] ? __pfx__printk+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 551.645466][T31781] ? preempt_schedule+0xe1/0xf0 [ 551.650340][T31781] ? vscnprintf+0x5d/0x90 [ 551.654694][T31781] panic+0x349/0x860 [ 551.658601][T31781] ? check_panic_on_warn+0x21/0xb0 [ 551.663734][T31781] ? __pfx_panic+0x10/0x10 [ 551.668164][T31781] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 551.674162][T31781] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 551.680508][T31781] ? print_report+0x502/0x550 [ 551.685185][T31781] check_panic_on_warn+0x86/0xb0 [ 551.690113][T31781] ? uprobe_mmap+0xb9a/0x11a0 [ 551.694779][T31781] end_report+0x77/0x160 [ 551.699013][T31781] kasan_report+0x154/0x180 [ 551.703507][T31781] ? uprobe_mmap+0xb9a/0x11a0 [ 551.708174][T31781] uprobe_mmap+0xb9a/0x11a0 [ 551.712670][T31781] ? shmem_is_huge+0x28e/0x2f0 [ 551.717432][T31781] ? __pfx_uprobe_mmap+0x10/0x10 [ 551.722362][T31781] mmap_region+0x1891/0x2090 [ 551.726944][T31781] ? mark_lock+0x9a/0x350 [ 551.731275][T31781] ? __pfx_mmap_region+0x10/0x10 [ 551.736199][T31781] ? mm_get_unmapped_area+0xa5/0xd0 [ 551.741392][T31781] ? shmem_get_unmapped_area+0x2a7/0x8f0 [ 551.747013][T31781] ? cap_mmap_addr+0x163/0x2c0 [ 551.751771][T31781] ? __get_unmapped_area+0x2f0/0x360 [ 551.757056][T31781] do_mmap+0x8f9/0x1010 [ 551.761205][T31781] ? __pfx_do_mmap+0x10/0x10 [ 551.765780][T31781] ? __pfx_down_write_killable+0x10/0x10 [ 551.771403][T31781] ? __pfx_ima_file_mmap+0x10/0x10 [ 551.776504][T31781] ? security_mmap_file+0x178/0x1a0 [ 551.781692][T31781] vm_mmap_pgoff+0x1dd/0x3d0 [ 551.786273][T31781] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 551.791370][T31781] ? __fget_files+0x29/0x470 [ 551.795953][T31781] ? __fget_files+0x3f6/0x470 [ 551.800621][T31781] ksys_mmap_pgoff+0x4f1/0x720 [ 551.805374][T31781] ? __x64_sys_mmap+0x7f/0x140 [ 551.810139][T31781] do_syscall_64+0xf3/0x230 [ 551.814632][T31781] ? clear_bhb_loop+0x35/0x90 [ 551.819302][T31781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.825199][T31781] RIP: 0033:0x7f755c37cef9 [ 551.829606][T31781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.849202][T31781] RSP: 002b:00007f755d262038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 551.857621][T31781] RAX: ffffffffffffffda RBX: 00007f755c535f80 RCX: 00007f755c37cef9 [ 551.865595][T31781] RDX: 0000000000000000 RSI: 0000000000400000 RDI: 0000000020000000 [ 551.873564][T31781] RBP: 00007f755c3ef01e R08: 0000000000000005 R09: 0000000000000000 [ 551.881529][T31781] R10: 0000000000010012 R11: 0000000000000246 R12: 0000000000000000 [ 551.889494][T31781] R13: 0000000000000000 R14: 00007f755c535f80 R15: 00007ffccd2a1168 [ 551.897469][T31781] [ 551.900707][T31781] Kernel Offset: disabled [ 551.905020][T31781] Rebooting in 86400 seconds..