last executing test programs: 12.858392769s ago: executing program 4 (id=3159): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014100000b7030000000000008500000083000000bc09f3000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095000000000000008a5c04eb25ef8006e179a55e88a3b0a28170ee01fca99c79eb52b58f9870c4951678cd07f6a02ac3d7aa25d765c5bbabde51669b827bd5d56a79799050c1c0fe2a320651ff2eef158378fcbffe12a3b45ecbbffa7c3973a397af"], &(0x7f0000000200)='syzkaller\x00', 0x2, 0x100b, &(0x7f0000001e40)=""/4107}, 0x4c) 12.634397348s ago: executing program 4 (id=3162): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz1\x00'}, 0x45c) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0xe) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2) ioctl$UI_DEV_CREATE(r0, 0x5501) 12.552377181s ago: executing program 1 (id=3165): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='net/dev_mcast\x00') read$FUSE(r0, &(0x7f00000099c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000000600)={0x2020}, 0x2020) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/154, 0x9a}], 0x1, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006980)={0x2020}, 0x2020) 12.229800425s ago: executing program 1 (id=3169): socket$can_raw(0x1d, 0x3, 0x1) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040), 0xe) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff, 0x34, 0x0, @val=@tcx}, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = dup2(r0, r0) listen(r0, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x2, 0x4) 12.201757187s ago: executing program 3 (id=3170): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) socket$alg(0x26, 0x5, 0x0) syz_usbip_server_init(0x1ef0ba0aacad5f35) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e) msgget$private(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_ts_info}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000003c0)="05", 0x1) 12.197173304s ago: executing program 4 (id=3171): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) syz_io_uring_setup(0x69a6, &(0x7f0000000200)={0x0, 0xae24, 0x80}, &(0x7f0000000340), &(0x7f0000000100)) io_uring_setup(0x4d23, &(0x7f0000000080)={0x0, 0x0, 0x80}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r4, &(0x7f0000000380)={0x2, 0x0, @loopback}, 0x10) r5 = socket(0x15, 0x5, 0x0) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) ptrace(0x8, r6) wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt(r5, 0x200000000114, 0x2715, 0x0, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000007893efa96330810a00000000950000000000f4ff1b83969e101b78ded27742c7518f3501419c8f5fa6d51bc9af05d0254623f2cb516e02caf1f441f12dc9480bbac85c49881f0bd7c8"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 10.914783898s ago: executing program 3 (id=3176): r0 = socket$igmp6(0xa, 0x3, 0x2) socket$inet6(0xa, 0x3, 0xff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup/../file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_IOC_FAIL(r4, 0x80044941, 0x100000000000000) connect$inet(0xffffffffffffffff, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, 0x0, 0x0) r6 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r7 = accept$alg(r6, 0x0, 0x0) recvmmsg(r7, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f00000000c0)) 10.887809264s ago: executing program 1 (id=3177): write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x66, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x46, &(0x7f0000000480)=ANY=[@ANYBLOB="ffffffffffe3ffffffffffff86dd600111fa00101100fe8000000000000000000000000000bbfe8000000000"], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x0}, 0x90) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=@setneightbl={0x24, 0x43, 0x1, 0x0, 0x0, {0xa}, [@NDTA_NAME={0xe, 0x1, '+]$.***^!\x00'}]}, 0x24}}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x8000000004) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000580)={@in={{0x2, 0x4e21, @loopback}}, 0x0, 0x0, 0x2e, 0x0, "6248bc9c8095fdfb8d639d954a0649542709e9baf27860bd22292b501f2c28d45a71ec3fa8539e7223c278d70126314aca030d71da9dcb99d1d087f250685685db59cf6de9c2a0496da59a4fcf3d9ceb"}, 0xd8) writev(r4, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000000480)=0x102, 0x4) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000080), 0x62) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$SO_TIMESTAMP(r5, 0x1, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4) r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee200090582"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) 10.130001197s ago: executing program 2 (id=3178): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) write$UHID_GET_REPORT_REPLY(r4, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0) getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4) sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000002c0)={0x450, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x0, [0x200, 0x1, 0x1, 0x8, 0xfffffff9, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x7, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x2, 0x4, 0x0, 0x7e0, 0x10000, 0x3, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x80000000, 0x2, 0x5, 0xc, 0x5, 0x101, 0x1, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x2, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0xc, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x2, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x0, 0x1, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x7, 0x300000, 0x200, 0x7, 0x2, 0xfffc, 0x0, 0xaf72, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x0, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0xcc8, 0x1, 0x9, 0x7, 0x3, 0xb, 0x1b9, 0x3, 0x2, 0x7f, 0x8, 0x6, 0x1, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x0, 0x0, 0x8, 0x1, 0x3e6f9426, 0x6, 0x1, 0x40b, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x0, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x9, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x2e, ['!}\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x450}}, 0x4000041) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e00050018010a"], 0x17) r5 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r2) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc9}}, 0x4) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001500)={0x30, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x30}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 9.540584761s ago: executing program 3 (id=3180): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000dc0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xfc5, 0xb080, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000000)={0x0, 0x0, 0x4, {0x4, 0x0, "441a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 9.515884601s ago: executing program 4 (id=3181): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000140)={0x0, r2}) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000000c0)={0x0, r2}) 8.551686355s ago: executing program 2 (id=3183): r0 = socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) r1 = getpgrp(0x0) sched_getscheduler(r1) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/diskstats\x00', 0x0, 0x0) preadv(r5, &(0x7f0000000180)=[{0x0}, {0x0}], 0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x10) epoll_create(0x802) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x5437, 0x0) capset(0x0, 0x0) fchdir(0xffffffffffffffff) r6 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) faccessat2(r6, 0x0, 0x20, 0x200) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setresgid(0xee00, 0x0, 0xee00) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000900)={@ifindex, 0xffffffffffffffff, 0x11, 0x0, 0x0, @link_id}, 0x20) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt(r7, 0x0, 0x1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000008c0)=ANY=[@ANYBLOB="180000001b14010000000000000000000800"], 0x18}}, 0x0) 7.02116597s ago: executing program 2 (id=3184): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x1f, 0x5, 0x0) r1 = syz_io_uring_setup(0xd19, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0xfffffffffffffc33, 0x0, 0x0, 0x0, 0xfffffffffffffe88}}) io_uring_enter(r1, 0xcf6, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) io_setup(0x20, &(0x7f0000001140)) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180), 0x4000000000000181) socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x6a040000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) io_submit(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9}, 0x48) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00') read$char_usb(r4, &(0x7f0000000000)=""/178, 0xb2) 6.618000877s ago: executing program 4 (id=3185): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$inet(0x2, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000a80)={'wlan1\x00'}) r2 = socket$kcm(0x10, 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r2, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001540)=[{0x0}], 0x1}, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r4, 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f0000000180)) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f00000019c0)=ANY=[]) memfd_create(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) openat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x4001, 0x3, 0x1318, 0x1158, 0x0, 0x148, 0x0, 0x148, 0x1280, 0x240, 0x240, 0x1280, 0x240, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @remote, 0x0, 0x0, 'ip6gretap0\x00', 'bridge0\x00'}, 0x0, 0x10f8, 0x1158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @multicast}}}, {{@uncond, 0x0, 0xc0, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1378) r7 = socket(0x0, 0xa, 0x0) sendmsg$nl_route_sched(r7, 0x0, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r0, 0x0, 0x4000800) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r9, 0xc08c5335, &(0x7f0000000780)={0x0, 0x80, 0xffffffff}) 5.653822674s ago: executing program 3 (id=3186): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x9, 0x4000) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f00000000c0)=0x1) r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x4c, &(0x7f00000006c0)=ANY=[]) syz_clone(0x0, 0x0, 0x3f, 0x0, 0x0, 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r3, &(0x7f0000000000)=""/74, 0x4a) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0) 5.423908332s ago: executing program 0 (id=3187): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$peeksig(0x4209, r0, &(0x7f0000000000)={0x0, 0x1}, 0x0) 5.036739794s ago: executing program 2 (id=3188): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000000c0)={'wg1\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0xa4, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r2}, @WGDEVICE_A_PEERS={0x88, 0x8, 0x0, 0x1, [{0x54, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ALLOWEDIPS={0x2c, 0x9, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x7, 0x2, @dev}, {0x5}}]}]}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x0, 0x4, {0xa, 0x0, 0x0, @loopback}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}]}]}, 0xa4}}, 0x0) 4.905461988s ago: executing program 2 (id=3189): clock_gettime(0x0, &(0x7f0000000480)={0x0}) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x0, 0x969, 0x9, {0x0, 0xea60}, {r0}, {0x0, 0x1}, 0x1, @canfd={{0x2, 0x0, 0x0, 0x1}, 0x9, 0x0, 0x0, 0x0, "30458be423342a45a55e1e4a89f2cf04dcac08d7bcb828bcb4472c0830f39576b2be4842a2e655d6a37b708ffc325f461452a15a52ad4d9f42eff43aeff5cf9a"}}, 0x80}, 0x1, 0x0, 0x0, 0x400c054}, 0x4000000) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000005c0)={0x7, 0x98}, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x8, 0x8, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0xffffffff}, 0x48) syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000300000008050b221840000102030109022d000101000000090400000003010000092100000001220000090581030000000000090502030000000000870710b89541a128ebb723c4e2691e8391dd6b178e93b9487cf4595db046aa41526fef6a4ea91faf7a2de460d76c1054e1b6f2e5347f021d6ccd930962982eb64571639b8165120f8d0e9768e187e06624f09adfcd7e605985f7905f18777ef81bac0ea674937a4190ceae957919cbbfd85a1747ba007b1f3410a184d8a4db07fa569dcbd50cd1eecc"], &(0x7f00000002c0)={0xfffffffffffffe6b, &(0x7f0000000040)={0xa}, 0x153, &(0x7f0000000140)=ANY=[@ANYBLOB="050f5301038f100006e754cd1765caf11e44d320635d35e7726afeb5ad6617e3b35cca4c3de2a84e76da9055670bf90ede0f820d9599f5975a151a1668ef66678077b1fa70559d93d06de6c7a85b9b160f35d000ddaa4f0aef547fa9f87745217017c83fdc6388a11e9966b9c1a83344a39a58b7663c212f8b576d792d7b56d656f75c035a19957b4cf01c874ff4772e0c00d497a06f635452610b238b5f42f8c420100a000500000000000000000000000000000000000000000000000000000000100300000000000000"], 0x2, [{0x4, &(0x7f0000000240)=@lang_id={0x4}}, {0x61, &(0x7f0000000440)}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpriority(0x2, 0x0) link(0x0, &(0x7f0000000400)='./file0/../file0/file0\x00') r6 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0x0, 0xa, 0x148, 0x180, 0x10, 0x290, 0x2a8, 0x2a8, 0x290, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0xb8, 0x128, 0x0, {0x200003ae, 0x7f00}, [@common=@unspec=@limit={{0x48}, {0x6, 0x80000000, 0x5}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b90ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378b6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'pimreg1\x00', 'veth0_to_team\x00'}, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@tcp={{0x30}}, @common=@unspec=@state={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x330) r7 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) r8 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r9) newfstatat(0xffffffffffffff9c, &(0x7f0000000a40)='./file0/../file0/file0\x00', &(0x7f0000000a80), 0x400) fsconfig$FSCONFIG_SET_STRING(r7, 0x6, 0x0, 0x0, 0x0) r10 = fsmount(0xffffffffffffffff, 0x1, 0x87) symlinkat(&(0x7f0000000200)='./file0\x00', r10, &(0x7f0000000240)='./file0\x00') 4.8711285s ago: executing program 0 (id=3190): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$peeksig(0x4209, r0, &(0x7f0000000000)={0x7, 0x1, 0x1}, &(0x7f0000000240)=[{}]) 4.578133282s ago: executing program 0 (id=3191): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00'}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) write(0xffffffffffffffff, &(0x7f0000000400)="6f88b2a60614ef91a3f8ef9e1220b2675bce0f59b2", 0x15) sendmmsg$inet6(r5, &(0x7f00000090c0), 0x0, 0x4014) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@delneigh={0x4c, 0x18, 0xd241c58bd7da237d, 0x0, 0x0, {0xa, 0x2}, [@NDA_IFINDEX={0x8}, @NDA_DST_IPV6={0x14, 0x1, @private2}, @NDA_CACHEINFO={0x14}]}, 0x4c}}, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) timer_create(0x4, 0x0, &(0x7f0000000280)) 4.507683995s ago: executing program 1 (id=3192): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000040000000000, 0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.433983258s ago: executing program 1 (id=3193): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) mount(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000003240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, r3}) 3.346167189s ago: executing program 0 (id=3194): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, 0x0}, 0x90) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x55af) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc}) 2.815028406s ago: executing program 0 (id=3195): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0}, 0x90) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000000240)='syzkaller\x00'}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r1, r0, 0x16, 0x0, @val=@tcx={@prog_fd}}, 0x40) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_timeval(r2, 0x1, 0x42, &(0x7f0000000080)={0x77359400}, 0x10) 1.817110728s ago: executing program 3 (id=3196): socket$inet_icmp_raw(0x2, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) getpid() r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) pipe2$watch_queue(0x0, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r4 = creat(&(0x7f0000000400)='./bus\x00', 0x0) write$binfmt_elf64(r4, &(0x7f00000002c0)=ANY=[], 0x76) 1.792879069s ago: executing program 1 (id=3197): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x100000001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000140)={0x0, 0xd592, 0x100}, &(0x7f0000000040), 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f00000001c0), 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, 0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r2, 0x0, 0x0, 0x1000f4) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x7}}, 0x1c}}, 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0) sendfile(r3, r3, 0x0, 0x800000009) 1.546185595s ago: executing program 4 (id=3198): bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@map=0x1, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000016c0)={@cgroup, 0xffffffffffffffff, 0x1b, 0x0, 0xffffffffffffffff, @link_id, r0}, 0x20) 291.658145ms ago: executing program 0 (id=3199): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x1f, 0x5, 0x0) r1 = syz_io_uring_setup(0xd19, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x0, 0xfffffffffffffc33, 0x0, 0x0, 0x0, 0xfffffffffffffe88}}) io_uring_enter(r1, 0xcf6, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) io_setup(0x20, &(0x7f0000001140)) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180), 0x4000000000000181) socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x6a040000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) io_submit(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9}, 0x48) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/4\x00') read$char_usb(r4, &(0x7f0000000000)=""/178, 0xb2) 250.828372ms ago: executing program 2 (id=3200): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000000000f9000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x5609, &(0x7f0000000000)) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x0, 0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400) openat$audio(0xffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x8) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, 0x0) timer_create(0x2, &(0x7f00000001c0)={0x0, 0xc}, &(0x7f00000002c0)=0x0) timer_gettime(r6, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_udp(0xa, 0x2, 0x0) 0s ago: executing program 3 (id=3201): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f00000001c0)) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="020000000000000000000000054b0008800c00078008001c400000002f0c000780050003007f0000000c00074e2100000c0007802308000840000000a00c00078006001d40000a000014000880100007800900120073797a3200000000280007800c001b40000000000000000605000300000000000800094080000001080006400000000e08000940190000909c74a3055ff49cf8ed7e389b60f7ae5eef28e71005441f2011d4b5d9a8170c5532e7ecfa37fa8bab80b2fa268a9f772abdcba8d499c0d98859de5b3b8c1db138b3596545980090fdb6e4d5d99a206c660b37232976ac5e1c5fda1d16548bb186c02271777d9ba5463a5f634c1f19594b7aa91eac2a22a36353446492811e494ea95dbe95466158ea1b5fc7471ded1eaef693682ebfdb602e"], 0x98}, 0x1, 0x0, 0x0, 0x4}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0xfffff7ff, '\x00', 0x0, 0x0, 0x2, 0x0, 0x4}, 0x48) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x4, &(0x7f0000000480)=[{0x1ff, 0x0, 0x0, 0x7ff7fffc}, {0x4, 0x1, 0xfb, 0x10000}, {0x801, 0xc, 0x45, 0x7}, {0xb, 0x6, 0x12, 0x1}]}) socket(0x840000000002, 0x3, 0x100) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x0, 0x0, 0x8, 0x1}, 0x48) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}}, 0x0) prctl$PR_SET_MM(0x41555856, 0xf7354000, &(0x7f0000ffa000/0x3000)=nil) r4 = fsopen(&(0x7f0000000180)='binfmt_misc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsopen(&(0x7f0000000180)='binfmt_misc\x00', 0x1) r6 = userfaultfd(0x1) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000100)) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7d}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8) read(r6, &(0x7f0000000380)=""/167, 0xa7) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) fsmount(r5, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2c41, 0x122) kernel console output (not intermixed with test programs): ng state [ 803.281436][T13130] bridge0: port 2(bridge_slave_1) entered disabled state [ 803.297947][T13130] bridge_slave_1: entered allmulticast mode [ 803.319296][T13130] bridge_slave_1: entered promiscuous mode [ 803.473448][T13130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 803.515557][T13130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 803.596987][T13189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2482'. [ 803.834275][T13189] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2482'. [ 803.846337][T13130] team0: Port device team_slave_0 added [ 804.259179][T13130] team0: Port device team_slave_1 added [ 804.428888][T11922] Bluetooth: hci2: command tx timeout [ 804.752998][T13130] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 804.766732][T13130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 804.810968][T13130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 804.858947][T13130] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 804.865941][T13130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 804.877683][ T5273] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 804.924072][T13130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 805.069637][T13130] hsr_slave_0: entered promiscuous mode [ 805.104020][ T5273] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 805.104617][T13130] hsr_slave_1: entered promiscuous mode [ 805.117796][ T5273] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 805.136936][ T5273] usb 2-1: Product: syz [ 805.153799][ T5273] usb 2-1: Manufacturer: syz [ 805.163939][ T5273] usb 2-1: SerialNumber: syz [ 805.176749][ T5273] usb 2-1: config 0 descriptor?? [ 805.504825][ T9] usb 2-1: USB disconnect, device number 45 [ 805.574868][T12916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 805.695122][T12916] 8021q: adding VLAN 0 to HW filter on device team0 [ 805.732037][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 805.739428][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 805.811170][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 805.818402][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 805.836656][T13209] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2488'. [ 806.255010][T13130] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 806.311523][T13130] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 806.332589][T13130] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 806.361467][T13130] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 806.429689][T12916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 806.576399][T12916] veth0_vlan: entered promiscuous mode [ 806.620860][T12916] veth1_vlan: entered promiscuous mode [ 806.723032][T13130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 806.791163][T13130] 8021q: adding VLAN 0 to HW filter on device team0 [ 806.824095][T12916] veth0_macvtap: entered promiscuous mode [ 806.885725][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.893148][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 806.922093][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.929320][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 806.964464][T12916] veth1_macvtap: entered promiscuous mode [ 807.059490][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 807.059510][ T29] audit: type=1326 audit(1722909449.485:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13227 comm="syz.1.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975af779f9 code=0x7ffc0000 [ 807.087262][ C1] vkms_vblank_simulate: vblank timer overrun [ 807.106191][T12916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 807.147857][T12916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.159210][ T29] audit: type=1326 audit(1722909449.485:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13227 comm="syz.1.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f975af779f9 code=0x7ffc0000 [ 807.197992][T12916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 807.227696][T12916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.237723][ T29] audit: type=1326 audit(1722909449.485:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13227 comm="syz.1.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975af779f9 code=0x7ffc0000 [ 807.274688][T12916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 807.311315][T12916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.327759][ T29] audit: type=1326 audit(1722909449.485:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13227 comm="syz.1.2493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975af779f9 code=0x7ffc0000 [ 807.370075][T12916] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 807.420583][T12916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 807.447814][T12916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.472041][T12916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 807.483782][T12916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.495265][T12916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 807.505889][T12916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.516906][T12916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 807.527567][T12916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 807.539600][T12916] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 807.554511][T12916] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.573871][T12916] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.598872][T12916] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.617392][T12916] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 807.922385][T13130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 808.091048][T13246] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2497'. [ 808.095896][ T159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 808.145029][ T159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 808.230335][T13244] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2497'. [ 808.290039][ T2560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 808.308948][ T2560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.993930][T13130] veth0_vlan: entered promiscuous mode [ 813.072374][T13130] veth1_vlan: entered promiscuous mode [ 813.156284][T13291] syzkaller0: entered promiscuous mode [ 813.162295][T13291] syzkaller0: entered allmulticast mode [ 813.199564][T13130] veth0_macvtap: entered promiscuous mode [ 813.254260][T13130] veth1_macvtap: entered promiscuous mode [ 814.433121][ T5271] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 814.679765][ T5271] usb 4-1: Using ep0 maxpacket: 8 [ 814.691462][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 814.710068][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 814.727378][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 814.737277][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 814.747255][ T5271] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 814.762505][ T5271] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 814.772196][ T5271] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 814.780389][ T5271] usb 4-1: Product: syz [ 814.784662][ T5271] usb 4-1: Manufacturer: syz [ 814.789383][ T5271] usb 4-1: SerialNumber: syz [ 814.807024][ T5271] usb 4-1: config 0 descriptor?? [ 814.822208][ T5271] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 815.163867][ T5273] usb 4-1: USB disconnect, device number 44 [ 815.201820][T13314] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 815.212542][T13314] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 817.237513][T11922] Bluetooth: hci0: command tx timeout [ 817.721417][T13322] netlink: 'syz.2.2520': attribute type 14 has an invalid length. [ 817.730879][T13324] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2521'. [ 817.859998][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 817.897546][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 817.934398][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 817.954869][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 817.964833][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 817.984753][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 817.994948][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 818.012680][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 818.049747][T13130] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 818.085873][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 818.103988][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 818.126226][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 818.160615][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 818.198885][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 818.222125][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 818.307426][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 818.324124][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 818.355760][T13130] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 818.382121][T13130] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 818.413313][T13130] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 818.476150][T13130] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.504525][T13130] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.542433][T13130] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.582031][T13130] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 818.955966][ T159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 818.983300][ T159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 819.161433][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 819.201534][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 819.287487][ T5271] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 819.550910][ T5271] usb 3-1: Using ep0 maxpacket: 32 [ 825.388123][ T5271] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 825.535760][ T5271] usb 3-1: can't read configurations, error -71 [ 825.560696][T13362] netlink: 'syz.1.2533': attribute type 14 has an invalid length. [ 826.824231][ T5225] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 826.839691][ T5225] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 826.849535][ T5225] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 826.859508][ T5225] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 826.868154][ T5225] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 826.875559][ T5225] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 828.686675][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 828.735464][T13378] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2537'. [ 828.908002][T11922] Bluetooth: hci4: command tx timeout [ 828.942376][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 828.960102][T13393] binder: 13388:13393 ioctl c0306201 20000580 returned -14 [ 829.109195][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.120829][ T5271] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 829.300262][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.317512][ T5271] usb 3-1: Using ep0 maxpacket: 32 [ 829.333133][ T5271] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 829.344856][ T5271] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 829.353806][ T5271] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 829.368458][ T5271] usb 3-1: config 1 has no interface number 0 [ 829.374628][ T5271] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 829.389682][ T5271] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 829.410098][ T5271] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 829.426363][ T5271] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.434435][T13374] chnl_net:caif_netlink_parms(): no params data found [ 829.450412][ T5271] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 829.582930][T13374] bridge0: port 1(bridge_slave_0) entered blocking state [ 829.591664][T13374] bridge0: port 1(bridge_slave_0) entered disabled state [ 829.602342][T13374] bridge_slave_0: entered allmulticast mode [ 829.610269][T13374] bridge_slave_0: entered promiscuous mode [ 829.640149][T13374] bridge0: port 2(bridge_slave_1) entered blocking state [ 829.653279][T13374] bridge0: port 2(bridge_slave_1) entered disabled state [ 829.683057][T13374] bridge_slave_1: entered allmulticast mode [ 829.717005][T13374] bridge_slave_1: entered promiscuous mode [ 829.749887][ T35] bridge_slave_1: left allmulticast mode [ 829.755619][ T35] bridge_slave_1: left promiscuous mode [ 829.789190][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 829.842668][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 830.316848][ T5271] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 830.422911][T13418] block nbd1: shutting down sockets [ 831.116721][T11922] Bluetooth: hci4: command tx timeout [ 831.399820][ T5271] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 831.581869][T13434] syz.1.2552[13434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 831.582009][T13434] syz.1.2552[13434] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 831.815336][ T29] audit: type=1326 audit(1722909474.235:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13432 comm="syz.1.2552" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f975af779f9 code=0x0 [ 833.073913][T13438] syz.4.2551 (13438): drop_caches: 2 [ 833.157808][T11922] Bluetooth: hci4: command tx timeout [ 833.398428][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 833.425112][T13436] syz.4.2551 (13436): drop_caches: 2 [ 833.436188][ T35] bond_slave_0: left promiscuous mode [ 833.464187][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 833.479532][T13430] syz.4.2551 (13430): drop_caches: 2 [ 833.497270][ T35] bond_slave_1: left promiscuous mode [ 833.517165][ T35] bond0 (unregistering): (slave macvlan2): Releasing backup interface [ 833.545216][ T35] macvlan2: left promiscuous mode [ 833.553157][ T35] mac80211_hwsim hwsim18 wlan0: left promiscuous mode [ 833.568757][ T35] mac80211_hwsim hwsim18 wlan0: left allmulticast mode [ 833.596453][ T35] bond0 (unregistering): Released all slaves [ 833.694374][T13374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 833.769684][T13374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 833.771038][ T5274] usb 3-1: USB disconnect, device number 44 [ 833.806449][ T5274] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 833.987061][ T35] IPVS: stopping master sync thread 11937 ... [ 834.154940][T13374] team0: Port device team_slave_0 added [ 834.204456][T13374] team0: Port device team_slave_1 added [ 834.343182][T13470] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2563'. [ 834.477868][T13473] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2563'. [ 834.622432][T13476] nbd: illegal input index 15335424 [ 834.684959][T13374] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 834.697395][T13374] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.726950][T13482] netlink: 392 bytes leftover after parsing attributes in process `syz.2.2567'. [ 834.789502][T13374] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 834.824189][T13374] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 834.832269][T13374] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.863731][T13374] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 834.880527][T13481] smc: net device lo applied user defined pnetid SYZ2 [ 835.048531][T13489] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2568'. [ 835.064446][ T35] hsr_slave_0: left promiscuous mode [ 835.102083][ T35] hsr_slave_1: left promiscuous mode [ 835.109758][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 835.117492][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 835.130027][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 835.137656][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 835.189144][ T35] veth1_macvtap: left promiscuous mode [ 835.195025][ T35] veth0_macvtap: left promiscuous mode [ 835.206685][ T35] veth1_vlan: left promiscuous mode [ 835.216979][ T35] veth0_vlan: left promiscuous mode [ 835.227512][T11922] Bluetooth: hci4: command tx timeout [ 835.278655][T13493] syz.3.2570 (13493): drop_caches: 2 [ 835.287192][T13493] syz.3.2570 (13493): drop_caches: 2 [ 835.317899][T13493] syz.3.2570 (13493): drop_caches: 2 [ 835.323935][T13493] syz.3.2570 (13493): drop_caches: 2 [ 835.336898][T13493] syz.3.2570 (13493): drop_caches: 2 [ 835.345490][T13493] syz.3.2570 (13493): drop_caches: 2 [ 835.993287][ T5271] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 836.197451][ T5271] usb 5-1: Using ep0 maxpacket: 32 [ 836.205583][ T5271] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 255 [ 836.226517][ T5271] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 836.236218][ T5271] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 836.258414][ T5271] usb 5-1: Product: syz [ 836.263057][ T5271] usb 5-1: Manufacturer: syz [ 836.293622][ T5271] usb 5-1: SerialNumber: syz [ 836.330960][ T5271] usb 5-1: config 0 descriptor?? [ 836.350552][T13503] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 836.386878][ T5271] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 836.507229][ T35] team0 (unregistering): Port device team_slave_1 removed [ 836.596670][ T35] team0 (unregistering): Port device team_slave_0 removed [ 837.605738][T13374] hsr_slave_0: entered promiscuous mode [ 837.631698][T13374] hsr_slave_1: entered promiscuous mode [ 837.663434][T13374] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 837.684473][T13374] Cannot create hsr debugfs directory [ 838.158052][T13514] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2579'. [ 838.234291][T13514] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2579'. [ 838.532430][ T5308] usb 5-1: USB disconnect, device number 43 [ 839.637649][ T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.808743][ T5228] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 840.820695][ T5228] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 840.829130][ T5228] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 840.838458][ T5228] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 840.846958][ T5228] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 840.854441][ T5228] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 840.935730][ T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 841.302313][ T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.356728][ T29] audit: type=1326 audit(1722909484.775:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13548 comm="syz.4.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68fcf779f9 code=0x7ffc0000 [ 842.378769][ T29] audit: type=1326 audit(1722909484.775:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13548 comm="syz.4.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68fcf779f9 code=0x7ffc0000 [ 842.401114][ T35] bond0: (slave netdevsim0): Releasing backup interface [ 842.433436][ T29] audit: type=1326 audit(1722909484.855:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13548 comm="syz.4.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=310 compat=0 ip=0x7f68fcf779f9 code=0x7ffc0000 [ 842.462097][ T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.467817][ T29] audit: type=1326 audit(1722909484.855:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13548 comm="syz.4.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68fcf779f9 code=0x7ffc0000 [ 842.517626][ T29] audit: type=1326 audit(1722909484.855:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13548 comm="syz.4.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68fcf779f9 code=0x7ffc0000 [ 842.909024][ T5225] Bluetooth: hci3: command tx timeout [ 843.784593][T13374] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 843.817270][ T35] bridge_slave_1: left allmulticast mode [ 843.823440][ T35] bridge_slave_1: left promiscuous mode [ 843.844282][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 843.865005][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 843.982308][ T35] ip6gretap0: left allmulticast mode [ 845.170310][ T5225] Bluetooth: hci3: command tx timeout [ 846.801078][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 846.815784][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 846.858799][ T35] bond0 (unregistering): Released all slaves [ 846.884514][ T35] bond1 (unregistering): Released all slaves [ 846.936015][T13374] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 846.977617][ T5273] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 846.978050][T13374] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 847.153488][T13374] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 847.193760][ T5273] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 847.207474][ T5273] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 847.227471][ T5225] Bluetooth: hci3: command tx timeout [ 847.248613][ T5273] usb 4-1: config 0 descriptor?? [ 847.504875][ T5273] [drm] vendor descriptor length:e0 data:00 00 00 00 00 00 00 00 00 00 00 [ 847.522461][ T5273] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 847.586791][ T5273] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 847.603642][ T5273] [drm] Initialized udl on minor 2 [ 847.679049][T13528] chnl_net:caif_netlink_parms(): no params data found [ 847.740923][ T5273] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 847.781159][ T35] hsr_slave_0: left promiscuous mode [ 847.804945][ T35] hsr_slave_1: left promiscuous mode [ 847.807477][ T5273] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 847.824817][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 847.842300][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 847.874150][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 847.908391][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 847.910307][ T5313] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 847.927463][ T5273] usb 4-1: USB disconnect, device number 45 [ 847.968745][ T5313] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 847.997929][ T35] veth1_macvtap: left promiscuous mode [ 848.007599][ T35] veth0_macvtap: left promiscuous mode [ 848.013352][ T35] veth1_vlan: left promiscuous mode [ 848.028155][ T35] veth0_vlan: left promiscuous mode [ 848.237507][ T9] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 849.279393][ T9] usb 5-1: too many configurations: 65, using maximum allowed: 8 [ 849.290455][ T9] usb 5-1: config 0 has no interfaces? [ 849.300184][ T9] usb 5-1: config 0 has no interfaces? [ 849.307977][ T5225] Bluetooth: hci3: command tx timeout [ 849.323660][ T9] usb 5-1: config 0 has no interfaces? [ 849.330788][ T9] usb 5-1: config 0 has no interfaces? [ 849.339422][ T9] usb 5-1: config 0 has no interfaces? [ 849.354997][ T9] usb 5-1: config 0 has no interfaces? [ 849.365957][ T9] usb 5-1: config 0 has no interfaces? [ 849.373509][ T9] usb 5-1: config 0 has no interfaces? [ 849.379478][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 849.392964][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 849.432502][ T9] usb 5-1: config 0 descriptor?? [ 849.691605][T13609] input: syz0 as /devices/virtual/input/input35 [ 849.705222][ T5308] usb 5-1: USB disconnect, device number 44 [ 849.965765][ T35] team0 (unregistering): Port device team_slave_1 removed [ 850.035212][ T35] team0 (unregistering): Port device team_slave_0 removed [ 850.526963][T13617] program syz.3.2608 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 851.120002][T13374] 8021q: adding VLAN 0 to HW filter on device bond0 [ 852.215418][T13528] bridge0: port 1(bridge_slave_0) entered blocking state [ 852.228697][T13528] bridge0: port 1(bridge_slave_0) entered disabled state [ 852.236007][T13528] bridge_slave_0: entered allmulticast mode [ 852.255093][T13528] bridge_slave_0: entered promiscuous mode [ 852.275467][T13374] 8021q: adding VLAN 0 to HW filter on device team0 [ 852.301025][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state [ 852.308242][ T5269] bridge0: port 1(bridge_slave_0) entered forwarding state [ 852.323446][T13528] bridge0: port 2(bridge_slave_1) entered blocking state [ 852.381951][T13528] bridge0: port 2(bridge_slave_1) entered disabled state [ 852.418105][T13528] bridge_slave_1: entered allmulticast mode [ 852.469254][T13528] bridge_slave_1: entered promiscuous mode [ 852.510333][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 852.517583][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 852.678816][T13528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 852.721163][T13528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 853.104557][T13528] team0: Port device team_slave_0 added [ 853.130228][T13528] team0: Port device team_slave_1 added [ 853.275960][T13528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 853.291456][T13528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 853.320773][T13528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 853.349872][T13528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 853.358389][T13528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 853.474237][T13528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 853.675209][T13528] hsr_slave_0: entered promiscuous mode [ 853.688079][T13528] hsr_slave_1: entered promiscuous mode [ 853.699140][T13528] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 853.706781][T13528] Cannot create hsr debugfs directory [ 854.061774][ T5269] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 854.069511][T13374] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 854.145818][T13374] veth0_vlan: entered promiscuous mode [ 854.178631][ T5268] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 854.221976][T13374] veth1_vlan: entered promiscuous mode [ 854.267421][ T5269] usb 3-1: Using ep0 maxpacket: 32 [ 854.290162][ T5269] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 854.301205][T13374] veth0_macvtap: entered promiscuous mode [ 854.316752][T13374] veth1_macvtap: entered promiscuous mode [ 854.319465][ T5269] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 854.339443][T13374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 854.351113][T13374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 854.361637][T13374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 854.369216][ T5269] usb 3-1: Product: syz [ 854.372889][T13374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 854.383009][ T5269] usb 3-1: Manufacturer: syz [ 854.386996][T13374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 854.392535][ T5268] usb 4-1: Using ep0 maxpacket: 16 [ 854.405667][T13374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 854.419418][T13374] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 854.427486][ T5269] usb 3-1: SerialNumber: syz [ 854.430632][T13374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 854.443456][T13374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 854.450235][ T5268] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 854.453406][T13374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 854.474818][T13374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 854.484726][T13374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 854.489961][ T5269] usb 3-1: config 0 descriptor?? [ 854.501802][ T5268] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 854.507114][T13374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 854.526339][T13374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 854.535263][ T5268] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 854.537462][T13374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 854.562618][T13374] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 854.569613][ T5268] usb 4-1: config 0 interface 0 has no altsetting 0 [ 854.603791][ T5268] usb 4-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 854.618238][T13374] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.627080][T13374] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.652187][T13374] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.657537][ T5268] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 854.661543][T13374] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 854.702422][ T5268] usb 4-1: config 0 descriptor?? [ 854.958929][ T6337] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 854.976616][ T5269] airspy 3-1:0.0: Board ID: 00 [ 854.983141][ T5269] airspy 3-1:0.0: Firmware version: [ 854.988322][ T6337] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 855.010187][T13528] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 855.030193][T13528] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 855.055876][T13528] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 855.070153][T13528] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 855.079054][ T6337] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 855.086979][ T6337] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 855.175453][ T5268] hid-generic 0003:045E:05DA.0026: ignoring exceeding usage max [ 855.202350][ T5268] hid-generic 0003:045E:05DA.0026: hidraw0: USB HID v0.00 Device [HID 045e:05da] on usb-dummy_hcd.3-1/input0 [ 855.393583][T13528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 855.461437][ T5301] usb 4-1: USB disconnect, device number 46 [ 855.501438][T13528] 8021q: adding VLAN 0 to HW filter on device team0 [ 855.560082][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state [ 855.567267][ T5273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 855.611414][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.618679][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 856.126698][ T5269] airspy 3-1:0.0: Registered as swradio16 [ 856.292002][ T5269] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 856.419190][ T5269] usb 3-1: USB disconnect, device number 45 [ 856.707458][T13681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2628'. [ 857.397912][ T5308] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 857.751950][ T5308] usb 4-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 857.795345][ T5308] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 857.813294][T13528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 857.833936][T13691] af_packet: tpacket_rcv: packet too big, clamped from 64989 to 3952. macoff=96 [ 857.847992][ T5308] usb 4-1: config 0 descriptor?? [ 857.888752][ T5308] usb 4-1: bad CDC descriptors [ 857.950833][T13528] veth0_vlan: entered promiscuous mode [ 857.967890][T13528] veth1_vlan: entered promiscuous mode [ 858.021606][T13528] veth0_macvtap: entered promiscuous mode [ 858.113431][T13528] veth1_macvtap: entered promiscuous mode [ 858.167053][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 858.195505][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.206109][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 858.217634][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.227716][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 858.243390][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.254971][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 858.266889][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.309072][T13700] xt_CT: You must specify a L4 protocol and not use inversions on it [ 858.335521][T13528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 858.424529][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 858.483675][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.530322][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 858.554870][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.584056][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 858.612543][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.639609][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 858.711409][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.725482][T13528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 858.737891][T13528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 858.842261][T13528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 858.922062][T13528] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.004809][T13528] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.032210][T13528] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.064464][T13528] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.358979][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 859.366951][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 859.492462][ T2560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 859.524758][ T2560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 859.530846][T13668] usb 4-1: USB disconnect, device number 47 [ 859.697789][ T9] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 860.074821][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 860.385503][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 860.510996][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 860.530123][ T9] usb 3-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00 [ 860.560026][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.572837][ T9] usb 3-1: config 0 descriptor?? [ 860.778913][T13723] tap0: tun_chr_ioctl cmd 1074025677 [ 860.795849][T13723] tap0: linktype set to 780 [ 861.013232][ T9] waltop 0003:172F:0038.0027: hidraw0: USB HID v0.00 Device [HID 172f:0038] on usb-dummy_hcd.2-1/input0 [ 861.540490][ T5301] usb 3-1: USB disconnect, device number 46 [ 862.780449][T11922] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 862.793058][T11922] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 862.804483][T11922] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 862.825472][T11922] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 862.835734][T11922] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 862.843831][T11922] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 863.869593][T13753] /dev/nullb0: Can't open blockdev [ 865.756960][T11922] Bluetooth: hci5: command tx timeout [ 865.831017][T13740] chnl_net:caif_netlink_parms(): no params data found [ 866.076295][T13740] bridge0: port 1(bridge_slave_0) entered blocking state [ 866.084625][T13740] bridge0: port 1(bridge_slave_0) entered disabled state [ 866.102997][T13740] bridge_slave_0: entered allmulticast mode [ 866.131014][T13740] bridge_slave_0: entered promiscuous mode [ 866.155064][T13740] bridge0: port 2(bridge_slave_1) entered blocking state [ 866.186878][T13740] bridge0: port 2(bridge_slave_1) entered disabled state [ 866.196440][T13740] bridge_slave_1: entered allmulticast mode [ 866.209791][T13740] bridge_slave_1: entered promiscuous mode [ 866.324682][T13740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 866.375962][T13740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 866.586149][T13740] team0: Port device team_slave_0 added [ 866.629221][T13740] team0: Port device team_slave_1 added [ 866.743982][T13740] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 866.760677][T13740] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.789081][T13740] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 866.819735][T13740] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 866.826830][T13740] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 866.862909][T13740] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 866.989781][T13740] hsr_slave_0: entered promiscuous mode [ 867.022409][T13740] hsr_slave_1: entered promiscuous mode [ 867.049950][T13740] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 867.065047][T13740] Cannot create hsr debugfs directory [ 867.317481][ T5273] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 867.413404][T13740] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.429448][T13787] input: syz0 as /devices/virtual/input/input36 [ 867.522403][ T5273] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 867.568297][ T5273] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 867.588455][ T5273] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 867.596600][ T5273] usb 4-1: Product: syz [ 867.602790][T13740] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.618562][ T5273] usb 4-1: Manufacturer: syz [ 867.623216][ T5273] usb 4-1: SerialNumber: syz [ 867.758486][T13740] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.778110][T13790] netlink: 'syz.2.2659': attribute type 25 has an invalid length. [ 867.786668][T13790] netlink: 'syz.2.2659': attribute type 8 has an invalid length. [ 867.807322][T11922] Bluetooth: hci5: command tx timeout [ 867.909862][T13740] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 868.104698][T13740] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 868.116954][T13740] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 868.135797][T13740] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 868.149884][T13740] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 868.386164][T13740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 868.799124][ T5273] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 868.891163][ T5273] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 868.960417][T13740] 8021q: adding VLAN 0 to HW filter on device team0 [ 868.981178][ T5273] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 869.035268][ T5273] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 869.217618][ T5273] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 869.230245][ T5308] bridge0: port 1(bridge_slave_0) entered blocking state [ 869.237553][ T5308] bridge0: port 1(bridge_slave_0) entered forwarding state [ 869.295021][ T5273] usb 4-1: USB disconnect, device number 48 [ 869.307248][ T5273] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 869.309431][ T5308] bridge0: port 2(bridge_slave_1) entered blocking state [ 869.325751][ T5308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 869.497032][T13740] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 869.535250][T13798] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2662'. [ 869.782259][T13740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 869.868738][T11922] Bluetooth: hci5: command tx timeout [ 870.172746][T13806] bridge0: port 2(bridge_slave_1) entered disabled state [ 870.182478][T13806] bridge0: port 1(bridge_slave_0) entered disabled state [ 870.693309][T13806] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 870.723123][T13806] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 870.828349][T13667] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 871.042488][T13667] usb 4-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.02 [ 871.054385][T13667] usb 4-1: New USB device strings: Mfr=0, Product=232, SerialNumber=255 [ 871.070602][T13667] usb 4-1: Product: syz [ 871.075017][T13667] usb 4-1: SerialNumber: syz [ 871.094266][T13667] usb 4-1: config 0 descriptor?? [ 871.132521][T13806] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.186681][T13806] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.218712][T13806] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.241835][T13806] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 871.354814][T13667] ldusb 4-1:0.0: Interrupt in endpoint not found [ 871.384835][T13667] usb 4-1: USB disconnect, device number 49 [ 872.201066][T11922] Bluetooth: hci5: command tx timeout [ 873.158572][ T5225] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 873.178793][ T5225] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 873.199005][ T5225] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 873.233563][ T5225] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 873.243044][ T5225] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 873.253202][ T5225] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 873.359743][T13740] veth0_vlan: entered promiscuous mode [ 873.464780][T13740] veth1_vlan: entered promiscuous mode [ 873.743849][T13740] veth0_macvtap: entered promiscuous mode [ 873.803784][T13740] veth1_macvtap: entered promiscuous mode [ 873.840489][T13858] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2673'. [ 873.987954][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 874.016676][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.029799][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 874.042065][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.052129][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 874.067455][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.081853][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 874.094940][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.108274][T13740] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 874.240753][ T5225] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 874.252877][ T5225] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 874.261958][ T5225] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 874.271979][ T5225] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 874.280216][ T5225] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 874.287674][ T5225] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 874.331170][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 874.354041][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.388510][T13667] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 874.413722][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 874.442763][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.465116][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 874.490384][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.500775][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 874.557361][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.567818][T13740] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 874.580652][T13740] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 874.596980][T13740] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 874.604651][T13667] usb 4-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 874.604684][T13667] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 874.607365][T13667] usb 4-1: config 0 descriptor?? [ 874.663652][T13740] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.677522][T13740] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.687512][T13740] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.696456][T13740] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 874.728161][T13848] chnl_net:caif_netlink_parms(): no params data found [ 875.028041][T13667] usb 4-1: USB disconnect, device number 50 [ 875.330284][T11922] Bluetooth: hci6: command tx timeout [ 875.795755][T13848] bridge0: port 1(bridge_slave_0) entered blocking state [ 875.822186][T13848] bridge0: port 1(bridge_slave_0) entered disabled state [ 875.838301][T13848] bridge_slave_0: entered allmulticast mode [ 875.864542][T13848] bridge_slave_0: entered promiscuous mode [ 875.904543][T13848] bridge0: port 2(bridge_slave_1) entered blocking state [ 875.911860][T13878] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2678'. [ 875.930921][T13848] bridge0: port 2(bridge_slave_1) entered disabled state [ 875.978063][T13848] bridge_slave_1: entered allmulticast mode [ 875.991098][T13848] bridge_slave_1: entered promiscuous mode [ 876.139352][T13848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 876.209100][T13848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 876.336510][T13848] team0: Port device team_slave_0 added [ 876.348882][T11922] Bluetooth: hci7: command tx timeout [ 876.377118][T13848] team0: Port device team_slave_1 added [ 876.434781][ T6337] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 876.463200][ T6337] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 876.644995][T13848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 876.652314][T13848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.680113][T13848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 876.702740][T13891] netdevsim netdevsim2: Direct firmware load for WÙ«Zê¤Û failed with error -2 [ 876.715863][T13891] netdevsim netdevsim2: Falling back to sysfs fallback for: WÙ«Zê¤Û [ 876.742008][T13890] netlink: 'syz.2.2681': attribute type 1 has an invalid length. [ 876.754684][ T9] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 876.799940][T13890] netlink: 9116 bytes leftover after parsing attributes in process `syz.2.2681'. [ 876.800790][T13848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 876.816958][T13848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.852979][T13890] netlink: 'syz.2.2681': attribute type 1 has an invalid length. [ 876.860869][T13848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 876.871601][T13890] netlink: 209 bytes leftover after parsing attributes in process `syz.2.2681'. [ 876.943249][ T6337] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 876.957101][T13863] chnl_net:caif_netlink_parms(): no params data found [ 876.978087][ T6337] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 876.978550][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 877.005331][ T9] usb 4-1: config 0 has an invalid interface number: 223 but max is 0 [ 877.014984][ T9] usb 4-1: config 0 has no interface number 0 [ 877.024162][ T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=10.fe [ 877.034055][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 877.042698][ T9] usb 4-1: Product: syz [ 877.057616][ T9] usb 4-1: Manufacturer: syz [ 877.062448][ T9] usb 4-1: SerialNumber: syz [ 877.076124][ T9] usb 4-1: config 0 descriptor?? [ 877.291239][T13848] hsr_slave_0: entered promiscuous mode [ 877.342008][T13848] hsr_slave_1: entered promiscuous mode [ 877.345297][ T9] usb 4-1: USB disconnect, device number 51 [ 877.356212][T13848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 877.377475][T13848] Cannot create hsr debugfs directory [ 877.388142][T11922] Bluetooth: hci6: command tx timeout [ 877.752626][T13863] bridge0: port 1(bridge_slave_0) entered blocking state [ 877.762848][T13863] bridge0: port 1(bridge_slave_0) entered disabled state [ 877.770833][T13863] bridge_slave_0: entered allmulticast mode [ 877.778680][T13863] bridge_slave_0: entered promiscuous mode [ 878.235532][T13863] bridge0: port 2(bridge_slave_1) entered blocking state [ 878.284710][T13863] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.334980][T13863] bridge_slave_1: entered allmulticast mode [ 878.427534][T11922] Bluetooth: hci7: command tx timeout [ 878.470882][T13863] bridge_slave_1: entered promiscuous mode [ 878.832870][T13848] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 878.921668][T13863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 879.453806][T13863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 879.473249][T11922] Bluetooth: hci6: command tx timeout [ 880.039293][T13863] team0: Port device team_slave_0 added [ 880.437086][T13848] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 880.583777][T11922] Bluetooth: hci7: command tx timeout [ 881.351065][T13863] team0: Port device team_slave_1 added [ 881.547407][T11922] Bluetooth: hci6: command tx timeout [ 881.813686][T13848] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 881.915282][T13863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 881.945122][T13863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 882.024653][T13863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 882.116296][T13935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2689'. [ 882.281134][T13848] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 882.335659][T13863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 882.344964][T13863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 882.392405][T13863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 882.603375][T13863] hsr_slave_0: entered promiscuous mode [ 882.660771][T13863] hsr_slave_1: entered promiscuous mode [ 882.667513][T11922] Bluetooth: hci7: command tx timeout [ 882.673986][T13863] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 882.682365][T13863] Cannot create hsr debugfs directory [ 882.712192][ T29] audit: type=1326 audit(1722909754.137:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.734113][ T29] audit: type=1326 audit(1722909754.137:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.784419][ T29] audit: type=1326 audit(1722909754.147:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.806979][ T29] audit: type=1326 audit(1722909754.147:724): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.830295][ T29] audit: type=1326 audit(1722909754.147:725): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.857061][ T29] audit: type=1326 audit(1722909754.157:726): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.880621][ T29] audit: type=1326 audit(1722909754.157:727): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.902895][ T29] audit: type=1326 audit(1722909754.157:728): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.925322][ T29] audit: type=1326 audit(1722909754.157:729): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 882.948993][ T29] audit: type=1326 audit(1722909754.157:730): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=_ pid=13939 comm="syz.3.2691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11a69779f9 code=0x7ffc0000 [ 884.861065][T13955] random: crng reseeded on system resumption [ 885.203147][T13958] xt_SECMARK: unable to map security context 'system_u:object_r:devicekit_exec_t:s0' [ 885.609554][T13863] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 885.647769][T13848] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 885.718025][T13848] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 885.733669][T13848] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 885.839191][T13848] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 886.119690][T13863] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.362724][T13863] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.468649][T13667] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 886.710528][T13863] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 886.731538][T13667] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 886.781499][T13667] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 886.833957][T13848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 886.882303][T13667] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 886.894488][T13667] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 886.910383][T13965] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 886.921470][T13667] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 886.946039][T13848] 8021q: adding VLAN 0 to HW filter on device team0 [ 887.009849][T13974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2703'. [ 887.030097][T13667] bridge0: port 1(bridge_slave_0) entered blocking state [ 887.037417][T13667] bridge0: port 1(bridge_slave_0) entered forwarding state [ 887.084263][T13667] bridge0: port 2(bridge_slave_1) entered blocking state [ 887.091547][T13667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 887.378710][T13863] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 887.401820][T13863] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 887.432446][T13863] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 887.446994][ T5313] usb 4-1: USB disconnect, device number 52 [ 887.504318][T13863] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 887.845969][T13863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 887.895637][T13863] 8021q: adding VLAN 0 to HW filter on device team0 [ 887.918709][T13848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 887.938913][ T5301] bridge0: port 1(bridge_slave_0) entered blocking state [ 887.946126][ T5301] bridge0: port 1(bridge_slave_0) entered forwarding state [ 887.992839][ T5308] bridge0: port 2(bridge_slave_1) entered blocking state [ 888.000114][ T5308] bridge0: port 2(bridge_slave_1) entered forwarding state [ 888.204240][T13848] veth0_vlan: entered promiscuous mode [ 888.243403][T13848] veth1_vlan: entered promiscuous mode [ 888.440341][T13848] veth0_macvtap: entered promiscuous mode [ 888.531115][T13848] veth1_macvtap: entered promiscuous mode [ 888.626619][T13994] binder: 13987:13994 ioctl 4018620d 0 returned -22 [ 889.539157][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 889.583412][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 889.583437][ T29] audit: type=1326 audit(1722909989.905:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 889.641959][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 889.722915][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 889.764461][ T29] audit: type=1326 audit(1722909990.055:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 889.818449][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 889.870552][ T29] audit: type=1326 audit(1722909990.055:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 889.887424][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 890.393799][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.670370][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 890.677437][ T29] audit: type=1326 audit(1722909990.055:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 890.711115][ T29] audit: type=1326 audit(1722909990.065:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 890.734351][ T29] audit: type=1326 audit(1722909990.065:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 890.763169][ T29] audit: type=1326 audit(1722909990.065:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 890.787561][ T29] audit: type=1326 audit(1722909990.065:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 890.810188][ T29] audit: type=1326 audit(1722909990.065:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 890.834670][ T29] audit: type=1326 audit(1722909990.065:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13985 comm="syz.2.2707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f859c3779f9 code=0x7fc00000 [ 890.858125][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.869867][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 890.881965][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 890.894614][T13848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 890.995716][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.008667][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.018598][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.030396][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.042335][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.061615][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.087662][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.103904][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.113870][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.125951][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.207492][T13848] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.288428][T13848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.401562][T13848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 891.498463][T13848] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.555778][T13848] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.604057][T13848] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.634323][T13848] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.724548][T13863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 892.657610][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 892.701869][T13863] veth0_vlan: entered promiscuous mode [ 892.725688][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 892.815639][T13863] veth1_vlan: entered promiscuous mode [ 892.971184][ T2560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 893.007182][ T2560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 893.034513][T13863] veth0_macvtap: entered promiscuous mode [ 893.231169][T13863] veth1_macvtap: entered promiscuous mode [ 893.351591][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 893.362733][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.372682][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 893.383500][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.393438][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 893.404633][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.416474][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 893.427562][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.438747][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 893.449725][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.459654][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 893.479924][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.492668][T13863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 893.534742][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 893.557531][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.585558][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 893.606862][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.625195][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 893.657205][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.681133][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 893.693933][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.706426][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 893.735399][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.776422][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 893.817146][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.831718][T13863] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 893.846576][T13863] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 893.876669][T13863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 893.950855][T13863] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.975585][T13863] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.991296][T13863] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 894.010895][T13863] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 894.035225][T14037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 894.407947][T14037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 895.028459][T13363] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 895.036338][T13363] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 895.351014][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 895.352053][T14047] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 895.359037][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.449873][T14037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 897.459980][T14066] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 897.554846][T14059] tipc: Started in network mode [ 897.564887][T14059] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 897.601515][T14059] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 897.646800][T14059] tipc: Enabled bearer , priority 10 [ 898.838503][T14079] syzkaller0: entered promiscuous mode [ 898.844737][T14079] syzkaller0: entered allmulticast mode [ 898.981769][T13830] tipc: Node number set to 1 [ 899.145560][ T11] syzkaller0: tun_net_xmit 48 [ 899.187758][T14084] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 899.244655][T14084] syzkaller0: Linktype set failed because interface is up [ 899.340539][T14079] syzkaller0: create flow: hash 2518678048 index 1 [ 899.531363][T14094] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2739'. [ 899.644819][T14094] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2739'. [ 899.671172][T14077] syzkaller0: delete flow: hash 2518678048 index 1 [ 899.847696][T13821] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 899.890765][ T25] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 900.049719][T13821] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 900.067389][T13821] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 900.082130][T13821] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 900.092100][T13821] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 900.115053][T13821] usb 5-1: SerialNumber: syz [ 900.116720][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 900.140624][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 900.164963][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 900.187038][ T25] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 900.228891][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 900.242769][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 900.256280][ T25] usb 2-1: New USB device found, idVendor=112a, idProduct=0005, bcdDevice=14.a8 [ 900.266406][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 900.274716][ T25] usb 2-1: Product: syz [ 900.280113][ T25] usb 2-1: Manufacturer: syz [ 900.284844][ T25] usb 2-1: SerialNumber: syz [ 900.295667][ T25] usb 2-1: config 0 descriptor?? [ 900.305232][ T25] redrat3 2-1:0.0: Couldn't find all endpoints [ 900.349260][T13821] usb 5-1: 0:2 : does not exist [ 900.544116][ T25] usb 2-1: USB disconnect, device number 46 [ 901.941351][T14107] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 901.962291][T13821] usb 5-1: USB disconnect, device number 45 [ 902.065780][T14107] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 902.328672][T14117] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2746'. [ 905.526827][T14112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2743'. [ 905.555041][T14118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2743'. [ 905.647524][T14124] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2748'. [ 906.733991][T14137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2752'. [ 906.746352][T14137] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 907.320767][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 907.320847][ T29] audit: type=1326 audit(1722910007.745:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14145 comm="syz.1.2754" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4d111779f9 code=0x0 [ 907.639298][ T5225] Bluetooth: hci7: unexpected event for opcode 0x080f [ 909.801933][ T29] audit: type=1326 audit(1722910010.215:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14172 comm="syz.0.2764" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f6db779f9 code=0x0 [ 910.137683][T13821] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 910.327684][T13821] usb 3-1: Using ep0 maxpacket: 8 [ 910.339656][T13821] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 910.351816][T13821] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 910.368296][T13821] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 910.389589][T13821] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 910.407467][T13821] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 910.418285][T13821] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 910.695420][T13821] usb 3-1: GET_CAPABILITIES returned 0 [ 910.701131][T13821] usbtmc 3-1:16.0: can't read capabilities [ 910.991184][T13821] usb 3-1: USB disconnect, device number 47 [ 911.707721][ T5225] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0 [ 911.719935][ T5225] Bluetooth: hci7: Injecting HCI hardware error event [ 912.024845][T14226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2781'. [ 913.179716][T13830] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 913.948035][T13830] usb 5-1: Using ep0 maxpacket: 16 [ 913.990494][T13830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 914.089076][T13830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 914.132882][T13830] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c1e, bcdDevice= 0.00 [ 914.180345][T13830] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 914.192530][T14237] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2787'. [ 914.211646][T14237] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 914.233428][T13830] usb 5-1: config 0 descriptor?? [ 914.405414][T14238] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 914.750237][T14242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2789'. [ 914.762731][T14242] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2789'. [ 914.796456][T13830] corsair-psu 0003:1B1C:1C1E.0028: item fetching failed at offset 2/5 [ 914.814636][T13830] corsair-psu 0003:1B1C:1C1E.0028: probe with driver corsair-psu failed with error -22 [ 914.872344][T14243] bridge0: entered promiscuous mode [ 914.889164][T14243] vlan2: entered promiscuous mode [ 914.916027][T14243] bridge0: port 1(vlan2) entered blocking state [ 914.966846][T14243] bridge0: port 1(vlan2) entered disabled state [ 915.015531][T14243] vlan2: entered allmulticast mode [ 915.036194][ T5313] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0 [ 915.047992][T14243] bridge0: entered allmulticast mode [ 915.054846][ T5313] hid-generic 0000:0000:0000.0029: hidraw0: HID v0.00 Device [syz0] on syz0 [ 915.069111][T14243] vlan2: left allmulticast mode [ 915.082235][ T5301] usb 5-1: USB disconnect, device number 46 [ 915.083950][T14243] bridge0: left allmulticast mode [ 915.099704][T14243] bridge0: left promiscuous mode [ 915.219125][T14256] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2793'. [ 916.882664][T14274] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2798'. [ 917.915012][ T29] audit: type=1326 audit(1722910018.335:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14272 comm="syz.0.2798" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f6db779f9 code=0x0 [ 918.036477][T14280] IPVS: Scheduler module ip_vs_sip not found [ 918.673285][ T5225] Bluetooth: hci2: command 0x0405 tx timeout [ 920.207817][T14319] Option 'ì­s˜¥bG`¤þ?sÛy"ÃZBMMCwŸ†‰ïÖÃW ' to dns_resolver key: bad/missing value [ 920.567192][T14331] binder: 14330:14331 ioctl c018620c 20000100 returned -1 [ 920.955589][T14338] program syz.1.2818 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 921.509965][T14345] program syz.3.2821 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 921.593591][T14344] veth1_macvtap: left promiscuous mode [ 921.637331][T14344] macsec0: entered allmulticast mode [ 922.098590][ T29] audit: type=1326 audit(1722910022.525:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14342 comm="syz.0.2819" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f6db779f9 code=0x0 [ 922.208076][T14348] veth1_macvtap: entered promiscuous mode [ 922.225975][T14348] veth1_macvtap: entered allmulticast mode [ 922.287522][ T25] usb 4-1: new full-speed USB device number 53 using dummy_hcd [ 922.303467][T14348] macsec0: left allmulticast mode [ 922.316283][T14348] veth1_macvtap: left allmulticast mode [ 922.490164][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 10 [ 922.509265][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 922.572072][ T25] usb 4-1: New USB device found, idVendor=19d2, idProduct=ffd0, bcdDevice=e0.c1 [ 922.622122][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.630618][ T25] usb 4-1: Product: syz [ 922.635882][ T25] usb 4-1: Manufacturer: syz [ 922.640831][ T25] usb 4-1: SerialNumber: syz [ 922.649799][ T25] usb 4-1: config 0 descriptor?? [ 922.659455][ T25] option 4-1:0.0: GSM modem (1-port) converter detected [ 922.910833][ T25] usb 4-1: USB disconnect, device number 53 [ 922.933282][ T25] option 4-1:0.0: device disconnected [ 924.843366][T14395] SET target dimension over the limit! [ 925.247427][T14406] netlink: 'syz.4.2838': attribute type 15 has an invalid length. [ 927.002476][T14423] netlink: 'syz.0.2841': attribute type 3 has an invalid length. [ 927.010380][T14423] netlink: 'syz.0.2841': attribute type 1 has an invalid length. [ 927.770122][T14425] wg1: entered promiscuous mode [ 928.692506][T14447] netdevsim netdevsim3 : renamed from netdevsim0 (while UP) [ 930.142923][T14456] netlink: 120 bytes leftover after parsing attributes in process `syz.1.2855'. [ 930.218719][T14456] xt_TPROXY: Can be used only with -p tcp or -p udp [ 930.806831][T14467] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2859'. [ 931.415368][T14473] bridge0: port 3(gretap1) entered blocking state [ 931.453514][T14473] bridge0: port 3(gretap1) entered disabled state [ 931.464491][T14473] gretap1: entered allmulticast mode [ 931.476617][T14473] gretap1: entered promiscuous mode [ 931.514679][T14475] sp0: Synchronizing with TNC [ 931.637403][T13829] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 931.889283][T14481] Bluetooth: MGMT ver 1.23 [ 931.893800][T14481] Bluetooth: hci3: unsupported parameter 65535 [ 931.900218][T14481] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 931.978286][T14484] batadv_slave_1: entered promiscuous mode [ 932.040037][T13829] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 932.051173][T13829] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 932.061953][T13829] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 932.163245][T13829] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 932.311564][T13829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 932.456904][T13829] usb 3-1: Product: syz [ 932.462254][T13829] usb 3-1: Manufacturer: syz [ 932.502126][T14479] batadv_slave_1: left promiscuous mode [ 932.547345][T13829] usb 3-1: SerialNumber: syz [ 932.849458][T13829] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 48 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 932.974363][T14497] xt_CT: You must specify a L4 protocol and not use inversions on it [ 933.132499][ T5301] usb 3-1: USB disconnect, device number 48 [ 933.158177][ T5301] usblp0: removed [ 934.259088][T14527] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 934.669739][T14529] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 936.653742][T14557] ubi0: attaching mtd0 [ 936.664257][T14557] ubi0: scanning is finished [ 936.835582][T14566] fuse: Bad value for 'fd' [ 937.624379][T14557] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 937.632156][T14557] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 937.645296][T14557] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 937.653195][T14557] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 937.661911][T14557] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 937.682902][T14557] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 937.694317][T14557] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3794463030 [ 937.704669][T14557] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 937.718070][T14571] ubi0: background thread "ubi_bgt0d" started, PID 14571 [ 938.239411][ T5301] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 939.134066][T14574] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2898'. [ 939.168535][T14590] block device autoloading is deprecated and will be removed. [ 939.237889][T14590] syz.4.2903: attempt to access beyond end of device [ 939.237889][T14590] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 939.255122][ T5301] usb 3-1: Using ep0 maxpacket: 16 [ 939.263362][ T5301] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 939.277395][ T5301] usb 3-1: config 0 interface 0 altsetting 8 has 6 endpoint descriptors, different from the interface descriptor's value: 12 [ 939.297357][ T5301] usb 3-1: config 0 interface 0 has no altsetting 0 [ 939.306761][ T5301] usb 3-1: New USB device found, idVendor=1199, idProduct=0027, bcdDevice=1e.57 [ 939.317836][ T5301] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 939.328933][ T5301] usb 3-1: Product: syz [ 939.333146][ T5301] usb 3-1: Manufacturer: syz [ 939.337960][ T5301] usb 3-1: SerialNumber: syz [ 939.358365][ T5301] usb 3-1: config 0 descriptor?? [ 939.370920][ T5301] sierra 3-1:0.0: Sierra USB modem converter detected [ 939.916807][T14612] netlink: 'syz.3.2909': attribute type 21 has an invalid length. [ 939.952749][T14612] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2909'. [ 940.014182][T14612] netlink: 'syz.3.2909': attribute type 5 has an invalid length. [ 940.022697][T14612] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2909'. [ 940.386571][ T5301] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 940.423802][ T5301] usb 3-1: Sierra USB modem converter now attached to ttyUSB1 [ 940.459027][ T5301] usb 3-1: USB disconnect, device number 49 [ 940.474074][ T5301] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 940.495077][ T5301] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1 [ 940.550256][ T5301] sierra 3-1:0.0: device disconnected [ 941.026645][T14645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2920'. [ 941.039724][T14645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2920'. [ 941.849884][T14645] bridge1: entered promiscuous mode [ 941.906543][T14645] vlan3: entered promiscuous mode [ 941.926825][T14645] bridge1: port 1(vlan3) entered blocking state [ 941.944869][T14645] bridge1: port 1(vlan3) entered disabled state [ 941.962382][T14645] vlan3: entered allmulticast mode [ 941.968932][T13667] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 941.976614][T14645] bridge1: entered allmulticast mode [ 941.990577][T14645] vlan3: left allmulticast mode [ 941.996118][T14645] bridge1: left allmulticast mode [ 942.004133][T14645] bridge1: left promiscuous mode [ 942.157958][T13667] usb 4-1: Using ep0 maxpacket: 8 [ 942.210820][T13667] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 942.342933][T14659] fuse: Unknown parameter 'ôd' [ 942.527448][T13667] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 942.567654][T13667] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 942.579476][T13667] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 942.698499][T13667] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 942.709612][T13667] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 946.400620][T14663] SET target dimension over the limit! [ 946.453037][T13667] usb 4-1: can't set config #16, error -71 [ 946.478368][T13667] usb 4-1: USB disconnect, device number 54 [ 947.057551][ T9] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 947.138486][T14681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2930'. [ 947.546246][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 947.798240][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 947.842880][T11922] Bluetooth: hci7: hardware error 0x00 [ 947.877478][ T9] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 947.946907][ T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 947.997454][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 948.062578][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 948.072900][T14683] netlink: 'syz.0.2932': attribute type 10 has an invalid length. [ 948.123205][ T9] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 948.161303][T14683] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2932'. [ 949.649383][T13534] Bluetooth: hci4: command 0x0405 tx timeout [ 949.673540][ T5301] usb 2-1: USB disconnect, device number 47 [ 949.872256][T11922] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 950.126314][ T5301] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0 [ 950.143412][ T5301] hid-generic 0000:0000:0000.002A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 950.357940][ T46] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 951.594129][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 951.645813][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 951.890030][ T46] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 951.909268][ T46] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 951.918771][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.961035][ T46] usb 3-1: config 0 descriptor?? [ 953.037979][T14748] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 953.057862][ T46] plantronics 0003:047F:FFFF.002B: ignoring exceeding usage max [ 953.093365][ T46] plantronics 0003:047F:FFFF.002B: No inputs registered, leaving [ 953.105167][ T46] plantronics 0003:047F:FFFF.002B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 953.123152][T14748] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 953.313383][ T29] audit: type=1326 audit(1722910053.735:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 953.347012][ T29] audit: type=1326 audit(1722910053.735:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 953.372823][ T29] audit: type=1326 audit(1722910053.765:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 953.399602][ T29] audit: type=1326 audit(1722910053.765:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 953.422327][ T29] audit: type=1326 audit(1722910053.765:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 953.444400][ T29] audit: type=1326 audit(1722910053.765:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 953.476822][ T29] audit: type=1326 audit(1722910053.895:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 953.572173][ T29] audit: type=1326 audit(1722910053.895:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3313d6e9a7 code=0x7ffc0000 [ 953.614768][ T29] audit: type=1326 audit(1722910053.895:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3313d13349 code=0x7ffc0000 [ 953.654126][ T29] audit: type=1326 audit(1722910053.895:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14758 comm="syz.4.2957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3313d6e9a7 code=0x7ffc0000 [ 954.900058][ T35] tipc: Subscription rejected, illegal request [ 954.927515][T14778] input: syz0 as /devices/virtual/input/input37 [ 955.181047][T14778] IPv6: NLM_F_CREATE should be specified when creating new route [ 956.107005][ T5301] usb 3-1: USB disconnect, device number 50 [ 956.170261][T14788] wg1: entered promiscuous mode [ 958.303234][ T41] I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 [ 958.456466][T14821] syz.3.2973: attempt to access beyond end of device [ 958.456466][T14821] nbd3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 958.505370][T14821] hfsplus: unable to find HFS+ superblock [ 964.967523][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 964.967544][ T29] audit: type=1326 audit(1722910065.385:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.005362][T11922] Bluetooth: hci3: command 0x0406 tx timeout [ 965.049640][ T29] audit: type=1326 audit(1722910065.385:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.088865][ T29] audit: type=1326 audit(1722910065.405:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.112319][ T29] audit: type=1326 audit(1722910065.405:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.135286][ T29] audit: type=1326 audit(1722910065.455:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.158907][ T29] audit: type=1326 audit(1722910065.455:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.181681][ T29] audit: type=1326 audit(1722910065.455:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.282270][ T29] audit: type=1326 audit(1722910065.485:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.306601][ T29] audit: type=1326 audit(1722910065.675:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 965.537659][ T29] audit: type=1326 audit(1722910065.775:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14883 comm="syz.4.2993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f3313d779f9 code=0x7ffc0000 [ 971.347425][ T46] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 971.481807][T14985] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3027'. [ 971.493248][T14985] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3027'. [ 971.667730][ T46] usb 5-1: Using ep0 maxpacket: 8 [ 971.688971][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 971.780397][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 971.866806][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 971.884589][ T46] usb 5-1: New USB device found, idVendor=1b3d, idProduct=9305, bcdDevice=55.68 [ 972.382813][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 972.417755][ T46] usb 5-1: Product: syz [ 972.423501][ T46] usb 5-1: Manufacturer: syz [ 972.428877][ T46] usb 5-1: SerialNumber: syz [ 972.436885][ T46] usb 5-1: config 0 descriptor?? [ 972.460475][ T46] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 972.470211][ T46] ftdi_sio ttyUSB0: unknown device type: 0x5568 [ 974.523925][ T46] usb 5-1: USB disconnect, device number 47 [ 974.759715][ T46] ftdi_sio 5-1:0.0: device disconnected [ 976.325224][T15033] tap0: tun_chr_ioctl cmd 1074025677 [ 976.343593][T15033] tap0: linktype set to 512 [ 976.564936][T15042] sctp: [Deprecated]: syz.2.3046 (pid 15042) Use of struct sctp_assoc_value in delayed_ack socket option. [ 976.564936][T15042] Use struct sctp_sack_info instead [ 976.624091][T15031] wg2: entered promiscuous mode [ 976.634496][T15031] wg2: entered allmulticast mode [ 979.057544][ T46] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 979.267354][ T46] usb 4-1: Using ep0 maxpacket: 16 [ 979.283958][ T46] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 979.301050][ T46] usb 4-1: config 0 has no interface number 0 [ 979.335520][ T46] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 979.373360][ T46] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 979.383383][ T46] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 979.393440][ T46] usb 4-1: Product: syz [ 979.412490][ T46] usb 4-1: Manufacturer: syz [ 979.457550][ T46] usb 4-1: SerialNumber: syz [ 979.508489][ T46] usb 4-1: config 0 descriptor?? [ 979.515820][ T46] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected [ 979.534181][ T46] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81 [ 979.551306][T13668] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 979.556589][ T46] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1 [ 979.589897][ T46] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 979.616166][ T46] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2 [ 979.630610][ T46] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 979.645929][ T46] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4 [ 979.664829][ T46] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 979.686582][ T46] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6 [ 979.736982][ T46] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 979.764019][ T46] usb 4-1: USB disconnect, device number 55 [ 979.781778][ T46] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 979.798845][ T46] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 979.813046][ T46] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 979.843873][T13668] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 979.859159][T13668] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 979.870135][T13668] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 979.880666][T13668] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 979.895893][ T46] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 979.909985][T13668] usb 2-1: config 0 descriptor?? [ 979.943432][ T46] keyspan 4-1:0.107: device disconnected [ 980.038207][T13821] kernel write not supported for file /snd/seq (pid: 13821 comm: kworker/0:10) [ 980.426703][T13668] cm6533_jd 0003:0D8C:0022.002C: unknown main item tag 0x0 [ 980.467300][T13668] cm6533_jd 0003:0D8C:0022.002C: unknown main item tag 0x0 [ 980.501262][T13668] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.002C/input/input38 [ 980.516537][T15095] netlink: 'syz.4.3064': attribute type 6 has an invalid length. [ 980.550392][T13668] cm6533_jd 0003:0D8C:0022.002C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 980.659513][T15072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 980.687714][T15072] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 980.720992][ T46] usb 2-1: USB disconnect, device number 48 [ 980.969030][T13829] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 980.984967][ T29] kauditd_printk_skb: 67 callbacks suppressed [ 980.984987][ T29] audit: type=1800 audit(1722910081.405:961): pid=15109 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.3071" name="/" dev="fuse" ino=1 res=0 errno=0 [ 981.011920][T13668] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 981.157454][T13829] usb 3-1: Using ep0 maxpacket: 16 [ 981.169927][T13829] usb 3-1: config 0 has an invalid descriptor of length 115, skipping remainder of the config [ 981.181723][T13829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 981.193006][T13829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 101, changing to 10 [ 981.204704][T13829] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24675, setting to 1024 [ 981.207721][T13668] usb 5-1: Using ep0 maxpacket: 8 [ 981.216385][T13829] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 981.233001][T13668] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 981.260750][T13829] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 981.264280][T13668] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 981.277362][T13829] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 981.298625][T13829] usb 3-1: Manufacturer: syz [ 981.312339][T13668] usb 5-1: config 0 has no interface number 0 [ 981.318427][T13829] usb 3-1: config 0 descriptor?? [ 981.325676][T13829] mceusb 3-1:0.0: mceusb_dev_probe: device setup failed! [ 981.336311][T13829] mceusb 3-1:0.0: probe with driver mceusb failed with error -12 [ 981.343086][T13668] usb 5-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0x3E, changing to 0xE [ 981.356533][T13829] usbhid 3-1:0.0: can't add hid device: -22 [ 981.371969][T13829] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 981.388069][T13668] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 981.400716][T13668] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0xE has invalid wMaxPacketSize 0 [ 981.414113][T13668] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 981.428674][T13668] usb 5-1: config 0 interface 52 has no altsetting 0 [ 981.436836][T13668] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 981.447847][T13668] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 981.464313][T13668] usb 5-1: config 0 descriptor?? [ 981.590438][T13829] usb 3-1: USB disconnect, device number 51 [ 981.985776][ T9] usb 5-1: USB disconnect, device number 48 [ 982.069121][T13668] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 982.269958][T13668] usb 2-1: Using ep0 maxpacket: 16 [ 982.290805][T13668] usb 2-1: config 0 interface 0 has no altsetting 0 [ 982.303058][T13668] usb 2-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 982.308846][T15119] xt_nfacct: accounting object `sy' does not exists [ 982.323980][T13668] usb 2-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 982.360582][T13668] usb 2-1: Product: syz [ 982.374860][T13668] usb 2-1: Manufacturer: syz [ 982.388888][T13668] usb 2-1: SerialNumber: syz [ 982.401389][T13668] usb 2-1: config 0 descriptor?? [ 982.629900][T13668] usb 2-1: selecting invalid altsetting 1 [ 982.682015][T13668] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 982.699047][T13668] usb 2-1: USB disconnect, device number 49 [ 982.910697][ T46] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 983.129431][ T46] usb 3-1: config 0 interface 0 altsetting 3 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 983.152955][ T46] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 983.203614][ T46] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x8F has invalid wMaxPacketSize 0 [ 983.217516][ T46] usb 3-1: config 0 interface 0 has no altsetting 0 [ 983.232438][ T46] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice=1c.08 [ 983.247516][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 983.257131][ T46] usb 3-1: Product: syz [ 983.261448][ T46] usb 3-1: Manufacturer: syz [ 983.267137][ T46] usb 3-1: SerialNumber: syz [ 983.284027][ T46] usb 3-1: config 0 descriptor?? [ 983.436536][T15134] netlink: 'syz.1.3081': attribute type 1 has an invalid length. [ 983.445799][T15134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3081'. [ 983.512726][ T46] usbtest 3-1:0.0: couldn't get endpoints, -71 [ 983.530046][ T46] usbtest 3-1:0.0: probe with driver usbtest failed with error -71 [ 983.559928][ T46] usb 3-1: USB disconnect, device number 52 [ 983.767578][T13829] IPVS: starting estimator thread 0... [ 983.867940][T15138] IPVS: using max 25 ests per chain, 60000 per kthread [ 985.097830][ T5225] Bluetooth: hci5: command 0x0406 tx timeout [ 987.314101][ T29] audit: type=1400 audit(1722910087.735:962): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15192 comm="syz.4.3100" name="85" dev="tmpfs" ino=454 [ 987.416793][T12916] audit: audit_backlog=65 > audit_backlog_limit=64 [ 987.424195][T15193] audit: audit_backlog=65 > audit_backlog_limit=64 [ 987.453842][T15195] audit: audit_backlog=65 > audit_backlog_limit=64 [ 987.460500][T15195] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 987.468568][T15195] audit: backlog limit exceeded [ 987.551021][ T29] audit: type=1400 audit(1722910087.735:963): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15192 comm="syz.4.3100" name="85" dev="tmpfs" ino=454 [ 987.600367][T15193] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 987.614542][T12916] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64 [ 987.752817][T15197] audit: audit_backlog=65 > audit_backlog_limit=64 [ 989.207901][T15216] tmpfs: Bad value for 'nr_blocks' [ 990.174657][T15219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3109'. [ 992.382402][T15236] audit_log_start: 1934 callbacks suppressed [ 992.382421][T15236] audit: audit_backlog=65 > audit_backlog_limit=64 [ 992.386325][ C0] audit: audit_backlog=65 > audit_backlog_limit=64 [ 992.401726][ C0] audit: audit_lost=71 audit_rate_limit=0 audit_backlog_limit=64 [ 992.409487][ C0] audit: backlog limit exceeded [ 992.425645][ T29] audit: type=1400 audit(1722910092.775:2696): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15239 comm="syz-executor" name="83" dev="tmpfs" ino=454 [ 992.427110][T15241] audit: audit_backlog=65 > audit_backlog_limit=64 [ 992.458663][T15242] audit: audit_backlog=65 > audit_backlog_limit=64 [ 992.458716][T13740] audit: audit_backlog=65 > audit_backlog_limit=64 [ 992.465214][T15242] audit: audit_lost=72 audit_rate_limit=0 audit_backlog_limit=64 [ 992.465233][T15242] audit: backlog limit exceeded [ 992.601394][T15244] netlink: 'syz.2.3116': attribute type 24 has an invalid length. [ 992.881908][T15248] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3118'. [ 992.939151][T15248] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3118'. [ 994.497679][T15254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3120'. [ 994.814587][T15270] hsr0: entered promiscuous mode [ 994.835962][T15270] macsec1: entered promiscuous mode [ 994.843294][T15270] macsec1: entered allmulticast mode [ 994.867147][T15270] hsr0: entered allmulticast mode [ 994.938586][T15270] hsr_slave_0: entered allmulticast mode [ 994.944395][T15270] hsr_slave_1: entered allmulticast mode [ 994.991311][T15270] hsr0: left allmulticast mode [ 995.011300][T15270] hsr_slave_0: left allmulticast mode [ 995.017426][T15270] hsr_slave_1: left allmulticast mode [ 995.523262][T15291] sp0: Synchronizing with TNC [ 995.561530][T15291] 9pnet_virtio: no channels available for device syz [ 995.576764][T15290] [U] è [ 995.858139][T13821] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 996.089946][T13821] usb 5-1: config 4 has too many interfaces: 196, using maximum allowed: 32 [ 996.120012][T13821] usb 5-1: config 4 has 1 interface, different from the descriptor's value: 196 [ 996.204930][T13821] usb 5-1: New USB device found, idVendor=0cf3, idProduct=7010, bcdDevice=92.9f [ 996.214797][T13821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 996.223338][T13821] usb 5-1: Product: syz [ 996.229326][T13821] usb 5-1: Manufacturer: syz [ 996.234966][T13821] usb 5-1: SerialNumber: syz [ 997.012945][T13821] usb 5-1: ath9k_htc: Device endpoint numbers are not the expected ones [ 997.114927][T13821] usb 5-1: USB disconnect, device number 49 [ 997.392685][ T29] kauditd_printk_skb: 3544 callbacks suppressed [ 997.392704][ T29] audit: type=1400 audit(1722910097.815:5998): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=13863 comm="syz-executor" name="90" dev="tmpfs" ino=497 [ 997.480758][ T29] audit: type=1400 audit(1722910097.815:5999): lsm=SMACK fn=smack_inode_getattr action=granted subject="_" object="_" requested=r pid=13863 comm="syz-executor" path="/90/cgroup.net" dev="tmpfs" ino=500 [ 997.530700][T12916] audit: audit_backlog=65 > audit_backlog_limit=64 [ 997.550675][ C0] audit: audit_backlog=65 > audit_backlog_limit=64 [ 997.557426][ C0] audit: audit_lost=155 audit_rate_limit=0 audit_backlog_limit=64 [ 997.565344][ C0] audit: backlog limit exceeded [ 997.570414][ C0] audit: audit_backlog=65 > audit_backlog_limit=64 [ 997.576966][ C0] audit: audit_lost=156 audit_rate_limit=0 audit_backlog_limit=64 [ 997.584869][ C0] audit: backlog limit exceeded [ 997.590361][ C0] audit: audit_backlog=65 > audit_backlog_limit=64 [ 998.546755][T15329] input: syz1 as /devices/virtual/input/input39 [ 1001.652951][T13534] Bluetooth: hci6: command 0x0406 tx timeout [ 1002.401689][ T29] kauditd_printk_skb: 2378 callbacks suppressed [ 1002.401713][ T29] audit: type=1400 audit(1722910102.825:8071): lsm=SMACK fn=smack_socket_sock_rcv_skb action=granted subject="_" object="_" requested=w pid=0 comm="swapper/0" saddr=10.128.0.169 src=30008 daddr=10.128.0.25 dest=33628 netif=eth0 [ 1002.527521][ T29] audit: type=1400 audit(1722910102.915:8072): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15369 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1002.547770][T15370] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1002.554301][T15370] audit: audit_lost=260 audit_rate_limit=0 audit_backlog_limit=64 [ 1002.562500][ T29] audit: type=1400 audit(1722910102.915:8073): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15369 comm="syz-executor" name="newroot" dev="tmpfs" ino=2 [ 1002.584310][ T29] audit: type=1400 audit(1722910102.915:8074): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15369 comm="syz-executor" name="94" dev="tmpfs" ino=517 [ 1002.603599][T15370] audit: backlog limit exceeded [ 1002.606083][T15371] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1002.617044][T15371] audit: audit_lost=261 audit_rate_limit=0 audit_backlog_limit=64 [ 1002.617065][T15370] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1002.749512][T15370] netlink: 'syz.1.3156': attribute type 3 has an invalid length. [ 1002.965498][T15370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3156'. [ 1003.937388][T13832] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1004.147535][T13832] usb 3-1: Using ep0 maxpacket: 32 [ 1004.175169][T13832] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1004.203788][T13832] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1004.229544][T13832] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1004.239873][T13832] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1004.256755][T13832] hub 3-1:4.0: USB hub found [ 1004.468689][T13832] hub 3-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 1004.482419][T15391] input: syz1 as /devices/virtual/input/input40 [ 1004.807732][T13832] usb 3-1: USB disconnect, device number 53 [ 1005.250324][T15401] "syz.3.3170" (15401) uses obsolete ecb(arc4) skcipher [ 1007.433536][ T29] kauditd_printk_skb: 3718 callbacks suppressed [ 1007.433558][ T29] audit: type=1400 audit(1722910107.795:11424): lsm=SMACK fn=smack_task_setscheduler action=granted subject="_" object="_" requested=w pid=15435 comm="syz.2.3178" opid=15435 ocomm="syz.2.3178" [ 1007.479805][T15438] netlink: 'syz.2.3178': attribute type 10 has an invalid length. [ 1007.490139][T15438] batman_adv: batadv0: Adding interface: team0 [ 1007.496424][T15438] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1007.521838][T15438] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 1007.536133][T15439] netlink: 'syz.2.3178': attribute type 10 has an invalid length. [ 1007.544396][T15439] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3178'. [ 1007.554386][T15439] team0: entered promiscuous mode [ 1007.560871][T15439] team_slave_0: entered promiscuous mode [ 1007.566986][T15439] team_slave_1: entered promiscuous mode [ 1007.574745][T15439] 8021q: adding VLAN 0 to HW filter on device team0 [ 1007.582014][T15439] batman_adv: batadv0: Interface activated: team0 [ 1007.600771][T13667] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 1007.733140][T13848] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1007.734499][ T29] audit: type=1400 audit(1722910107.795:11425): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15435 comm="syz.2.3178" name="newroot" dev="tmpfs" ino=2 [ 1007.740996][T13848] audit: audit_lost=385 audit_rate_limit=0 audit_backlog_limit=64 [ 1007.768536][T13848] audit: backlog limit exceeded [ 1007.774503][T13848] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1007.777432][T13829] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1007.781878][T13848] audit: audit_lost=386 audit_rate_limit=0 audit_backlog_limit=64 [ 1007.796682][T15441] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1007.796702][T15441] audit: audit_lost=387 audit_rate_limit=0 audit_backlog_limit=64 [ 1007.796719][T15441] audit: backlog limit exceeded [ 1007.819966][T15439] batman_adv: batadv0: Interface deactivated: team0 [ 1007.925999][T15439] batman_adv: batadv0: Removing interface: team0 [ 1007.940028][T13667] usb 2-1: Using ep0 maxpacket: 32 [ 1007.981364][T15439] bridge0: port 3(team0) entered blocking state [ 1007.988296][T15439] bridge0: port 3(team0) entered disabled state [ 1007.995116][T15439] team0: entered allmulticast mode [ 1008.001623][T15439] team_slave_0: entered allmulticast mode [ 1008.007601][T15439] team_slave_1: entered allmulticast mode [ 1008.299291][T13667] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 1008.316799][T13667] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1008.339244][T13667] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1008.351679][T13667] usb 2-1: config 1 has no interface number 0 [ 1008.362995][T13667] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1008.373007][T13667] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1008.386054][T13667] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1008.395218][T13667] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1008.420983][T13829] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1008.421121][T13667] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 1008.432631][T13829] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1008.452565][T11922] Bluetooth: hci6: ACL packet for unknown connection handle 200 [ 1008.453805][T13829] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 1008.474828][T13829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1008.622387][T13829] usb 4-1: config 0 descriptor?? [ 1008.631640][T13667] snd_usb_pod 2-1:1.1: invalid control EP [ 1008.637748][T13667] snd_usb_pod 2-1:1.1: cannot start listening: -22 [ 1008.644527][T13667] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 1008.898889][T13667] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -22 [ 1009.858145][T13829] hid-led 0003:0FC5:B080.002D: unknown main item tag 0x0 [ 1009.901527][T15452] wg1: entered promiscuous mode [ 1010.058491][T13829] hid-led 0003:0FC5:B080.002D: probe with driver hid-led failed with error -71 [ 1010.209380][T13829] usb 4-1: USB disconnect, device number 56 [ 1011.598283][T13667] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1011.687824][T13668] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1011.838630][T13667] usb 5-1: Using ep0 maxpacket: 32 [ 1011.879970][T13667] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 1011.888416][T13667] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1011.901103][T13667] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 1011.914542][T13668] usb 4-1: Using ep0 maxpacket: 8 [ 1011.919700][T13667] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1011.938086][T13667] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1011.947711][T13668] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1011.959782][T13668] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1011.974494][T13668] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.987489][T13668] usb 4-1: config 0 descriptor?? [ 1012.032709][T13667] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1012.042678][T13667] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1012.054824][T13667] usb 5-1: Product: syz [ 1012.059394][T13667] usb 5-1: Manufacturer: syz [ 1012.062848][T13831] usb 2-1: USB disconnect, device number 50 [ 1012.064027][T13667] usb 5-1: SerialNumber: syz [ 1012.084350][T13667] usb 5-1: config 0 descriptor?? [ 1012.097035][T13667] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1012.110223][T13667] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1012.224306][T13668] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 1012.405539][T15461] xt_cgroup: invalid path, errno=-2 [ 1012.443450][ T29] kauditd_printk_skb: 1475 callbacks suppressed [ 1012.443470][ T29] audit: type=1400 audit(1722910112.865:12831): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15478 comm="kworker/u8:8" name="/" dev="sda1" ino=2 [ 1012.510689][T15480] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1012.520963][T15463] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1012.537671][T15478] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1012.546568][T15481] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1012.560528][T15463] audit: audit_lost=411 audit_rate_limit=0 audit_backlog_limit=64 [ 1012.569116][T15478] audit: audit_lost=412 audit_rate_limit=0 audit_backlog_limit=64 [ 1012.579298][T15481] audit: audit_lost=413 audit_rate_limit=0 audit_backlog_limit=64 [ 1012.587191][T15481] audit: backlog limit exceeded [ 1012.597347][ T29] audit: type=1400 audit(1722910112.895:12832): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=x pid=15478 comm="kworker/u8:8" name="sbin" dev="sda1" ino=1208 [ 1012.669529][T13667] usb 5-1: USB disconnect, device number 50 [ 1012.687605][T13829] usb 3-1: new full-speed USB device number 54 using dummy_hcd [ 1012.770168][T15485] netlink: 'syz.0.3191': attribute type 3 has an invalid length. [ 1012.932686][T13829] usb 3-1: descriptor type invalid, skip [ 1013.016938][T13829] usb 3-1: descriptor type invalid, skip [ 1013.275376][T13829] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1013.349068][T13829] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 1013.380100][T13829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1013.416056][T13829] usb 3-1: Product: syz [ 1013.440791][T13829] usb 3-1: SerialNumber: syz [ 1013.482221][T13667] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 1013.506747][T13829] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 1016.616143][T13668] usb 3-1: USB disconnect, device number 54 [ 1017.757339][ T29] kauditd_printk_skb: 2028 callbacks suppressed [ 1017.757354][ T29] audit: type=1400 audit(1722910117.435:13844): lsm=SMACK fn=smack_inode_permission action=granted subject="_" object="_" requested=wx pid=5217 comm="syz-executor" name="709" dev="tmpfs" ino=3834 [ 1017.787703][ T30] INFO: task syz.0.2643:13731 blocked for more than 143 seconds. [ 1017.800054][T15510] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1017.806649][ T5217] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1017.813792][T15509] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1017.813978][ C0] audit: audit_backlog=65 > audit_backlog_limit=64 [ 1017.827047][ C0] audit: audit_lost=753 audit_rate_limit=0 audit_backlog_limit=64 [ 1017.829089][ T30] Not tainted 6.11.0-rc2-syzkaller-00004-gb446a2dae984 #0 [ 1017.834895][ C0] audit: backlog limit exceeded [ 1017.851538][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1017.860593][ T30] task:syz.0.2643 state:D stack:24672 pid:13731 tgid:13731 ppid:13374 flags:0x00000004 [ 1017.875897][T15509] audit: audit_lost=754 audit_rate_limit=0 audit_backlog_limit=64 [ 1017.875995][ T30] Call Trace: [ 1017.883961][ T30] [ 1017.883983][ T30] __schedule+0x17ae/0x4a10 [ 1017.884042][ T30] ? __pfx___schedule+0x10/0x10 [ 1017.884077][ T30] ? __pfx_lock_release+0x10/0x10 [ 1017.884112][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1017.884149][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1017.884181][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1017.884216][ T30] ? schedule+0x90/0x320 [ 1017.884245][ T30] schedule+0x14b/0x320 [ 1017.933020][T15509] audit: backlog limit exceeded [ 1017.938230][T15510] audit: audit_lost=755 audit_rate_limit=0 audit_backlog_limit=64 [ 1018.028095][ T30] ? down_read+0x6a5/0xa40 [ 1018.035589][ T30] schedule_preempt_disabled+0x13/0x30 [ 1018.053533][T13831] usb 4-1: USB disconnect, device number 57 [ 1018.078497][T13831] iowarrior 4-1:0.0: I/O-Warror #1 now disconnected [ 1018.253164][ T30] down_read+0x705/0xa40 [ 1018.257570][ T30] ? __pfx_down_read+0x10/0x10 [ 1018.262400][ T30] ? __filemap_get_folio+0x984/0xc10 [ 1018.268013][ T30] filemap_fault+0xb5b/0x1760 [ 1018.272843][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1018.280875][ T30] ? __pfx_filemap_fault+0x10/0x10 [ 1018.286091][ T30] ? pte_alloc_one+0x443/0x5d0 [ 1018.290951][ T30] ? __pfx_pte_alloc_one+0x10/0x10 [ 1018.296106][ T30] ? __pfx_validate_chain+0x10/0x10 [ 1018.301378][ T30] ? mark_lock+0x9a/0x350 [ 1018.305752][ T30] __do_fault+0x135/0x460 [ 1018.310323][ T30] handle_pte_fault+0x1164/0x6eb0 [ 1018.315574][ T30] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 1018.321544][ T30] ? mark_lock+0x9a/0x350 [ 1018.379473][T15518] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1018.405597][ C1] vkms_vblank_simulate: vblank timer overrun [ 1018.412860][T15518] CIFS mount error: No usable UNC path provided in device string! [ 1018.412860][T15518] [ 1018.423307][T15518] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1019.217022][ T30] ? __pfx_handle_pte_fault+0x10/0x10 [ 1019.222746][ T30] ? reacquire_held_locks+0x3eb/0x690 [ 1019.231335][ T30] ? lock_vma_under_rcu+0x2f9/0x6e0 [ 1019.246170][ T30] ? __thp_vma_allowable_orders+0x326/0xa20 [ 1019.279535][ T30] ? __pfx_reacquire_held_locks+0x10/0x10 [ 1019.286611][ T30] handle_mm_fault+0xf70/0x1880 [ 1019.305084][ T30] ? __pfx_handle_mm_fault+0x10/0x10 [ 1019.315333][ T30] ? lock_vma_under_rcu+0x592/0x6e0 [ 1019.323763][ T30] ? exc_page_fault+0x113/0x8c0 [ 1019.335265][ T30] exc_page_fault+0x459/0x8c0 [ 1019.340303][ T30] asm_exc_page_fault+0x26/0x30 [ 1019.345393][ T30] RIP: 0033:0x7fc00073f498 [ 1019.350632][ T30] RSP: 002b:00007ffc3831c528 EFLAGS: 00010202 [ 1019.373333][ T30] RAX: 0000000020000040 RBX: 0000000000000004 RCX: 003062662f766564 [ 1019.394109][ T30] RDX: 0000000000000009 RSI: 3062662f7665642f RDI: 0000000020000040 [ 1019.405830][ T30] RBP: 00007ffc3831c600 R08: 00007fc000600000 R09: 0000000000000001 [ 1019.414916][ T30] R10: 0000000000000001 R11: 0000000000000009 R12: 0000000000000032 [ 1019.423144][ T30] R13: 00007ffc3831c620 R14: 00007ffc3831c640 R15: fffffffffffffffe [ 1019.431870][ T30] [ 1019.435226][ T30] INFO: task syz.1.2646:13744 blocked for more than 145 seconds. [ 1019.444784][ T30] Not tainted 6.11.0-rc2-syzkaller-00004-gb446a2dae984 #0 [ 1019.453965][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1019.475139][ T30] task:syz.1.2646 state:D stack:27360 pid:13744 tgid:13742 ppid:13528 flags:0x00000004 [ 1019.486054][ T30] Call Trace: [ 1019.489950][ T30] [ 1019.493410][ T30] __schedule+0x17ae/0x4a10 [ 1019.498117][ T30] ? __pfx___schedule+0x10/0x10 [ 1019.503016][ T30] ? __pfx_lock_release+0x10/0x10 [ 1019.509128][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1019.515171][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1019.521661][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1019.526823][ T30] ? schedule+0x90/0x320 [ 1019.531640][ T30] schedule+0x14b/0x320 [ 1019.536330][ T30] schedule_preempt_disabled+0x13/0x30 [ 1019.542512][ T30] rwsem_down_write_slowpath+0xeeb/0x13b0 [ 1019.548954][ T30] ? rwsem_down_write_slowpath+0xa06/0x13b0 [ 1019.555404][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 1019.563373][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 1019.569012][ T30] down_write+0x1d7/0x220 [ 1019.574473][ T30] ? __pfx_down_write+0x10/0x10 [ 1019.579457][ T30] blkdev_fallocate+0x1fc/0x530 [ 1019.584396][ T30] vfs_fallocate+0x553/0x6c0 [ 1019.589069][ T30] __x64_sys_fallocate+0xbd/0x110 [ 1019.594139][ T30] do_syscall_64+0xf3/0x230 [ 1019.598836][ T30] ? clear_bhb_loop+0x35/0x90 [ 1019.603559][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1019.610563][ T30] RIP: 0033:0x7f13381779f9 [ 1019.615463][ T30] RSP: 002b:00007f1338edd048 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 1019.624474][ T30] RAX: ffffffffffffffda RBX: 00007f1338305f80 RCX: 00007f13381779f9 [ 1019.633379][ T30] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 1019.641969][ T30] RBP: 00007f13381e58ee R08: 0000000000000000 R09: 0000000000000000 [ 1019.650576][ T30] R10: 0000000000050000 R11: 0000000000000246 R12: 0000000000000000 [ 1019.659148][ T30] R13: 000000000000000b R14: 00007f1338305f80 R15: 00007ffd462f3548 [ 1019.668938][ T30] [ 1019.765034][ T30] [ 1019.765034][ T30] Showing all locks held in the system: [ 1019.772966][ T30] 3 locks held by kworker/u8:1/12: [ 1019.778768][ T30] 1 lock held by khungtaskd/30: [ 1019.783659][ T30] #0: ffffffff8e7382a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1019.794085][ T30] 2 locks held by getty/4977: [ 1019.798873][ T30] #0: ffff88802b1050a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1019.808752][ T30] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 [ 1019.819922][ T30] 2 locks held by syz-executor/5217: [ 1019.825245][ T30] #0: ffff8880259260e0 (&type->s_umount_key#53){+.+.}-{3:3}, at: deactivate_super+0xb5/0xf0 [ 1019.836231][ T30] #1: ffffffff8e73d678 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 1019.848360][ T30] 1 lock held by syz.4.2610/13623: [ 1019.854048][ T30] 2 locks held by syz.0.2643/13731: [ 1019.859964][ T30] #0: ffff88804fc2dec8 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0 [ 1019.872269][ T30] #1: ffff88801d9570c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: filemap_fault+0xb5b/0x1760 [ 1019.884122][ T30] 1 lock held by syz.1.2646/13744: [ 1019.889827][ T30] #0: ffff88801d9570c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1fc/0x530 [ 1019.901155][ T30] 3 locks held by syz.0.3199/15508: [ 1019.906389][ T30] #0: ffffffff8fa62650 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 1019.916895][ T30] #1: ffffffff8fa6f1c8 (rtnl_mutex){+.+.}-{3:3}, at: setup_net+0x83d/0xca0 [ 1019.925761][ T30] #2: ffffffff8e73d678 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 1019.937362][ T30] 1 lock held by dhcpcd/15519: [ 1019.942592][ T30] #0: ffff88801d966208 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 1019.953345][ T30] 1 lock held by dhcpcd/15520: [ 1019.958675][ T30] #0: ffff88801d967a08 (&sb->s_type->i_mutex_key#9){+.+.}-{3:3}, at: sock_close+0x90/0x240 [ 1019.969458][ T30] [ 1019.971823][ T30] ============================================= [ 1019.971823][ T30] [ 1019.987330][ T30] NMI backtrace for cpu 0 [ 1019.991701][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc2-syzkaller-00004-gb446a2dae984 #0 [ 1020.002222][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1020.012280][ T30] Call Trace: [ 1020.015571][ T30] [ 1020.018527][ T30] dump_stack_lvl+0x241/0x360 [ 1020.023268][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1020.028499][ T30] ? __pfx__printk+0x10/0x10 [ 1020.033129][ T30] ? vprintk_emit+0x631/0x770 [ 1020.037834][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 1020.042871][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 1020.047846][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1020.053374][ T30] ? _printk+0xd5/0x120 [ 1020.057547][ T30] ? __pfx__printk+0x10/0x10 [ 1020.062180][ T30] ? __wake_up_klogd+0xcc/0x110 [ 1020.067040][ T30] ? __pfx__printk+0x10/0x10 [ 1020.071646][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 1020.076688][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1020.082684][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 1020.088721][ T30] watchdog+0xfee/0x1030 [ 1020.093003][ T30] ? watchdog+0x1ea/0x1030 [ 1020.097532][ T30] ? __pfx_watchdog+0x10/0x10 [ 1020.102255][ T30] kthread+0x2f0/0x390 [ 1020.106357][ T30] ? __pfx_watchdog+0x10/0x10 [ 1020.111072][ T30] ? __pfx_kthread+0x10/0x10 [ 1020.115697][ T30] ret_from_fork+0x4b/0x80 [ 1020.120166][ T30] ? __pfx_kthread+0x10/0x10 [ 1020.124787][ T30] ret_from_fork_asm+0x1a/0x30 [ 1020.129596][ T30] [ 1020.134145][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1020.140397][ C1] NMI backtrace for cpu 1 [ 1020.140412][ C1] CPU: 1 UID: 0 PID: 15366 Comm: kworker/u8:10 Not tainted 6.11.0-rc2-syzkaller-00004-gb446a2dae984 #0 [ 1020.140434][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1020.140446][ C1] Workqueue: events_unbound cfg80211_wiphy_work [ 1020.140475][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x35/0x90 [ 1020.140511][ C1] Code: 14 25 00 d7 03 00 65 8b 05 60 5c 70 7e a9 00 01 ff 00 74 10 a9 00 01 00 00 74 5b 83 ba 1c 16 00 00 00 74 52 8b 82 f8 15 00 00 <83> f8 03 75 47 48 8b 8a 00 16 00 00 44 8b 8a fc 15 00 00 49 c1 e1 [ 1020.140527][ C1] RSP: 0018:ffffc9000f966920 EFLAGS: 00000246 [ 1020.140543][ C1] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffc9000f960000 [ 1020.140555][ C1] RDX: ffff888023563c00 RSI: 0000000000000001 RDI: 0000000000000000 [ 1020.140568][ C1] RBP: 1ffff92001f2cd42 R08: ffffffff814127ed R09: ffffffff81412746 [ 1020.140582][ C1] R10: 0000000000000003 R11: ffff888023563c00 R12: ffffc9000f967838 [ 1020.140595][ C1] R13: ffffc9000f968000 R14: 1ffff92001f2cd41 R15: dffffc0000000000 [ 1020.140609][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 1020.140625][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1020.140638][ C1] CR2: 000055d999973600 CR3: 0000000024548000 CR4: 00000000003506f0 [ 1020.140654][ C1] Call Trace: [ 1020.140661][ C1] [ 1020.140670][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1020.140693][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1020.140720][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1020.140740][ C1] ? nmi_handle+0x2a/0x5a0 [ 1020.140768][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1020.140791][ C1] ? nmi_handle+0x14f/0x5a0 [ 1020.140808][ C1] ? nmi_handle+0x2a/0x5a0 [ 1020.140827][ C1] ? __sanitizer_cov_trace_const_cmp4+0x35/0x90 [ 1020.140853][ C1] ? default_do_nmi+0x63/0x160 [ 1020.140875][ C1] ? exc_nmi+0x123/0x1f0 [ 1020.140895][ C1] ? end_repeat_nmi+0xf/0x53 [ 1020.140918][ C1] ? unwind_next_frame+0xff6/0x2a00 [ 1020.140943][ C1] ? unwind_next_frame+0x109d/0x2a00 [ 1020.140972][ C1] ? __sanitizer_cov_trace_const_cmp4+0x35/0x90 [ 1020.140998][ C1] ? __sanitizer_cov_trace_const_cmp4+0x35/0x90 [ 1020.141025][ C1] ? __sanitizer_cov_trace_const_cmp4+0x35/0x90 [ 1020.141051][ C1] [ 1020.141058][ C1] [ 1020.141064][ C1] unwind_next_frame+0x109d/0x2a00 [ 1020.141097][ C1] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 1020.141124][ C1] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 1020.141147][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1020.141172][ C1] arch_stack_walk+0x151/0x1b0 [ 1020.141193][ C1] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 1020.141221][ C1] stack_trace_save+0x118/0x1d0 [ 1020.141245][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1020.141269][ C1] ? mark_lock+0x9a/0x350 [ 1020.141301][ C1] kasan_save_track+0x3f/0x80 [ 1020.141320][ C1] ? kasan_save_track+0x3f/0x80 [ 1020.141338][ C1] ? kasan_save_free_info+0x40/0x50 [ 1020.141363][ C1] ? poison_slab_object+0xe0/0x150 [ 1020.141382][ C1] ? __kasan_slab_free+0x37/0x60 [ 1020.141401][ C1] ? kfree+0x149/0x360 [ 1020.141423][ C1] ? ieee80211_inform_bss+0xbb2/0x1080 [ 1020.141445][ C1] ? cfg80211_inform_single_bss_data+0xe93/0x2030 [ 1020.141474][ C1] ? cfg80211_inform_bss_data+0x3dd/0x5a70 [ 1020.141506][ C1] ? cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 1020.141534][ C1] ? ieee80211_bss_info_update+0x8a7/0xbc0 [ 1020.141587][ C1] ? ieee80211_inform_bss+0xbb2/0x1080 [ 1020.141609][ C1] kasan_save_free_info+0x40/0x50 [ 1020.141635][ C1] poison_slab_object+0xe0/0x150 [ 1020.141657][ C1] __kasan_slab_free+0x37/0x60 [ 1020.141676][ C1] ? ieee80211_inform_bss+0xbb2/0x1080 [ 1020.141698][ C1] kfree+0x149/0x360 [ 1020.141723][ C1] ieee80211_inform_bss+0xbb2/0x1080 [ 1020.141753][ C1] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 1020.141781][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1020.141809][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1020.141837][ C1] ? cfg80211_inform_single_bss_data+0xd3d/0x2030 [ 1020.141867][ C1] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 1020.141892][ C1] cfg80211_inform_single_bss_data+0xe93/0x2030 [ 1020.141921][ C1] ? __read_once_word_nocheck+0x9/0x20 [ 1020.141954][ C1] ? __read_once_word_nocheck+0x9/0x20 [ 1020.141981][ C1] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 1020.142023][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1020.142049][ C1] ? __kernel_text_address+0xd/0x40 [ 1020.142068][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1020.142094][ C1] ? cfg80211_inform_bss_data+0x3c5/0x5a70 [ 1020.142126][ C1] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 1020.142171][ C1] ? __pfx_validate_chain+0x10/0x10 [ 1020.142207][ C1] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 1020.142242][ C1] ? mark_lock+0x9a/0x350 [ 1020.142271][ C1] ? __lock_acquire+0x137a/0x2040 [ 1020.142314][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1020.142339][ C1] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 1020.142366][ C1] cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 1020.142402][ C1] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 1020.142426][ C1] ieee80211_bss_info_update+0x8a7/0xbc0 [ 1020.142455][ C1] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 1020.142479][ C1] ? __pfx_lock_release+0x10/0x10 [ 1020.142519][ C1] ieee80211_ibss_rx_queued_mgmt+0x1962/0x2d70 [ 1020.142554][ C1] ? ieee80211_ibss_rx_queued_mgmt+0xf7e/0x2d70 [ 1020.142578][ C1] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 1020.142609][ C1] ? mark_lock+0x9a/0x350 [ 1020.142637][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1020.142664][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1020.142690][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1020.142721][ C1] ieee80211_iface_work+0x8a5/0xf20 [ 1020.142752][ C1] cfg80211_wiphy_work+0x2db/0x490 [ 1020.142777][ C1] ? process_scheduled_works+0x945/0x1830 [ 1020.142800][ C1] process_scheduled_works+0xa2c/0x1830 [ 1020.142842][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1020.142872][ C1] ? assign_work+0x364/0x3d0 [ 1020.142899][ C1] worker_thread+0x86d/0xd40 [ 1020.142929][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1020.142955][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1020.142986][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1020.143010][ C1] kthread+0x2f0/0x390 [ 1020.143037][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1020.143061][ C1] ? __pfx_kthread+0x10/0x10 [ 1020.143088][ C1] ret_from_fork+0x4b/0x80 [ 1020.143113][ C1] ? __pfx_kthread+0x10/0x10 [ 1020.143140][ C1] ret_from_fork_asm+0x1a/0x30 [ 1020.143175][ C1] [ 1020.197476][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1020.197500][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc2-syzkaller-00004-gb446a2dae984 #0 [ 1020.197530][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1020.197546][ T30] Call Trace: [ 1020.197558][ T30] [ 1020.197569][ T30] dump_stack_lvl+0x241/0x360 [ 1020.197614][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1020.197652][ T30] ? __pfx__printk+0x10/0x10 [ 1020.197684][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1020.197726][ T30] ? vscnprintf+0x5d/0x90 [ 1020.197754][ T30] panic+0x349/0x860 [ 1020.197790][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1020.197820][ T30] ? __pfx_panic+0x10/0x10 [ 1020.197850][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 1020.197879][ T30] ? __irq_work_queue_local+0x137/0x410 [ 1020.197913][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1020.197940][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1020.197966][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 1020.197998][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 1020.198030][ T30] watchdog+0x102d/0x1030 [ 1020.198066][ T30] ? watchdog+0x1ea/0x1030 [ 1020.198105][ T30] ? __pfx_watchdog+0x10/0x10 [ 1020.198138][ T30] kthread+0x2f0/0x390 [ 1020.198173][ T30] ? __pfx_watchdog+0x10/0x10 [ 1020.198206][ T30] ? __pfx_kthread+0x10/0x10 [ 1020.198242][ T30] ret_from_fork+0x4b/0x80 [ 1020.198274][ T30] ? __pfx_kthread+0x10/0x10 [ 1020.198311][ T30] ret_from_fork_asm+0x1a/0x30 [ 1020.198367][ T30] [ 1020.205941][ T30] Kernel Offset: disabled [ 1020.932806][ T30] Rebooting in 86400 seconds..