last executing test programs: 24.493257811s ago: executing program 2 (id=172): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000200)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800000000fcffffff0b00000008000300", @ANYRES32=r2, @ANYBLOB="20005080090001009aa809f40500000005000200040000000800030006ac0f"], 0x3c}}, 0x0) 24.193575494s ago: executing program 2 (id=173): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x6, &(0x7f0000000200)=0x7) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x5840, 0xba86a709a3045747) write$binfmt_elf64(r1, &(0x7f0000000f00)=ANY=[], 0x78) close(r1) statx(r1, &(0x7f00000002c0)='./file1\x00', 0x1800, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={r0, r2}, 0xc) ioctl$TIOCGSID(r1, 0x5429, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x59, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = socket$alg(0x26, 0x5, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r1) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000500)={0x44, r5, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x2c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x36, 0x9, 0x16, 0x13f7052cdc62f7eb, 0x30, 0x36, 0x6c, 0x36, 0x36, 0xb, 0x4]}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0xff}]}]}, @NL80211_ATTR_PRIVACY={0x4}, @acl_policy]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x440080d0) bind$alg(r4, 0x0, 0x0) setsockopt$ax25_int(r1, 0x101, 0x2, &(0x7f00000001c0)=0x8, 0x4) accept4(r4, 0x0, 0x0, 0x0) r6 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) r7 = dup(r6) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r7) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) gettid() r8 = syz_init_net_socket$rose(0xb, 0x5, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='bfs\x00', 0x10008, 0x0) connect$rose(r8, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) 23.908926401s ago: executing program 2 (id=176): syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbbc9abacf360ea081d000108000604"], 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 23.409201542s ago: executing program 2 (id=178): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000080), 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000000)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x7, 0x3a, 'M', 0x3a, 'M', 0x3a, './file2', 0x3a, [0x46]}, 0x2a) syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 21.493293556s ago: executing program 2 (id=190): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOGETOWN(r0, 0x8903, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r2, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r4 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r3, &(0x7f0000000100)='./file0\x00', r4, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r6, r5, 0x0, 0x6) read$watch_queue(r6, &(0x7f0000000540)=""/4096, 0x1000) r7 = userfaultfd(0x80001) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f00000001c0)={0x5}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) 19.633730043s ago: executing program 2 (id=197): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42908}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e24}]}}}]}, 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a"], 0x3c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x4000000) 18.478440324s ago: executing program 32 (id=197): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42908}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e24}]}}}]}, 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a"], 0x3c}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018"], 0x50}}, 0x4000000) 12.937474459s ago: executing program 0 (id=212): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106a05310300000000000109022400010000800009040002010300010009210000000122f80409058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x208093, &(0x7f0000000380)=ANY=[@ANYBLOB="726f6469722c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e6e742c756e695f78fd1d2c16846c6174653d312c636f6465706167653d3836342c636f6465bc560880706167653d3836352c726f6469722c696f636861727365743d6b6f69392d72752c7368ea22188c2018653d6d697865642c757466383d302c726f6469722c756e695f786c6174655f352c002d166e62545dfc7ce5385862169b7c0ecf491efd3dba92e3c6ab63b815d978091222dd2ebbbf610396aba01ee583bcaa5b1c6806e5128e0a28a0a663a68865b32d83a76e8f35dd9c9c5562acd8475ed9cb548a851d4bafbbaf4d891ccac2e0da2019b1e0d68e4f06e0d9d8c9a50a905e2a1c45f81d25325725cdaf", @ANYRES64=r0, @ANYRES64=r0], 0x0, 0x270, &(0x7f00000005c0)="$eJzs3U9rU1kYB+A3bTpJCyVZDJQZBuYOs5lVaDvMPmXowDCBGUay0JXFpihNLbRQ0EXbXfE76FfQpVvBhbj1C4ggVXBjXXUhROLtn6QmsVHTiH2eTV/OfX+cc9LLvXTRk8s/rSwvrq4v7e3tRj6fiWw5yrGfiWKMxGiktgMA+JbsNxrxupEa9loAgLPh/Q8A50+v939m+2jsv7NfGQAwKJ/19//IQJYEAAzYhYuX/pmrVOb/T5J8xMrORnWjmv5Mr88txbWoRy2moxBvIxpH0vqvvyvz00nTi2LkV7ZG0vzWRnW0PT8ThSh2zs8kqag2c4f5sZg4yD+diFrMRiG+75yf7Zj/Ln77tWX+UhTiyZVYjXosRjOb5nMRsTmTJH/+WzmRz73vAwAAAAAAAAAAAAAAAAAAAACAQSglR4rt59+k5/eUSt2up/nW84HGe50P1Ng6cb5ONn7MDnfvAAAAAAAAAAAAAAAAAAAA8LVYv3FzeaFer631Kq4/vvtwN5cGPtrcu8gczNtfaqdnz/jpdnGimPzl+e1Ol3KR6/fz+bRiLCJaR5KDKR/8PMBJv1TxaPfqD7+vT/3RrSeyzWIyIpojt5pbbevpciNlB/WBvypEdO3J931Dthb3Dovymw96Dm+l2tr4sH9xU3fKC/c3n708barHQ6MxOohHEQAAAAAAAAAAAAAAAAAAnHvH//Q77JUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPAcf/9/v0Uu2kbyXZu3h71HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FwAA//8xeJOO") syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 11.349302264s ago: executing program 1 (id=215): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000006c0)={'bridge_slave_0\x00', 0x600}) 9.836140663s ago: executing program 1 (id=219): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0xfffffffffffffee3, 0x2, 0xf1}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c) 9.765808195s ago: executing program 0 (id=220): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r3 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r2, &(0x7f0000000100)='./file0\x00', r3, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r5, r4, 0x0, 0x6) read$watch_queue(r5, &(0x7f0000000540)=""/4096, 0x1000) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f00000001c0)={0x5}) 8.565420299s ago: executing program 0 (id=222): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) 8.290089171s ago: executing program 1 (id=223): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000340)=0x0) prlimit64(r1, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r5 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r4, &(0x7f0000000100)='./file0\x00', r5, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r7, r6, 0x0, 0x6) read$watch_queue(r7, &(0x7f0000000540)=""/4096, 0x1000) r8 = userfaultfd(0x80001) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f00000001c0)={0x5}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) 8.135701407s ago: executing program 0 (id=224): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000380)='freezer.parent_freezing\x00', 0x0, 0x0) preadv2(r1, &(0x7f0000000040)=[{&(0x7f0000000100)=""/65, 0x41}], 0x1, 0x2, 0x0, 0x1) 7.688443948s ago: executing program 3 (id=226): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000002800)={0x34, &(0x7f0000002540)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.397297794s ago: executing program 5 (id=229): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x20, r1, 0x5, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x4}]]}, 0x20}, 0x1, 0x0, 0x0, 0x40048}, 0x0) 4.720917453s ago: executing program 3 (id=230): r0 = socket(0x1e, 0x1, 0x0) pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000400)=[{&(0x7f00000001c0)="8b", 0x1}], 0x1, 0xa) splice(r1, 0x0, r0, 0x0, 0xfff9, 0x0) 4.502826454s ago: executing program 3 (id=231): syz_usb_connect$uac1(0x1, 0x78, &(0x7f0000000280)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x66, 0x3, 0x1, 0xf, 0x40, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x3, 0x0, 0x8, {0x7, 0x25, 0x1, 0x81, 0x6, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x7, 0x9, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x6, 0x8a, 0x6, {0x7, 0x25, 0x1, 0x0, 0x3, 0x8}}}}}}}]}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3800000056000100000000000000000007020000", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0) 4.502416845s ago: executing program 1 (id=232): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}}, 0x0) 4.243225575s ago: executing program 4 (id=233): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x44000, 0x0) 4.119571544s ago: executing program 0 (id=234): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) openat(0xffffffffffffff9c, 0x0, 0x107042, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r6, 0x40045402, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r6, 0x40505412, 0x0) read(r6, &(0x7f00000013c0)=""/4089, 0xff9) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r6, 0x54a2) ioctl$sock_SIOCADDDLCI(r5, 0x8980, 0x0) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close(r0) mprotect(&(0x7f000032a000/0x2000)=nil, 0x2000, 0x8) 4.064794749s ago: executing program 5 (id=235): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r3 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r2, &(0x7f0000000100)='./file0\x00', r3, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r5, r4, 0x0, 0x6) read$watch_queue(r5, &(0x7f0000000540)=""/4096, 0x1000) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f00000001c0)={0x5}) 3.949536143s ago: executing program 4 (id=236): ptrace(0x10, 0x1) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0xffffffffffffffff}, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x0, 0x1}, 0x0) 3.675157386s ago: executing program 1 (id=237): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 2.712293148s ago: executing program 0 (id=238): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3e616dc4010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 2.625965973s ago: executing program 5 (id=239): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000340)=0x0) prlimit64(r1, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r5 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r4, &(0x7f0000000100)='./file0\x00', r5, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r7, r6, 0x0, 0x6) read$watch_queue(r7, &(0x7f0000000540)=""/4096, 0x1000) r8 = userfaultfd(0x80001) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f00000001c0)={0x5}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) 2.433697206s ago: executing program 3 (id=240): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x8, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x9}, 0x8) 2.416589913s ago: executing program 4 (id=241): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000140)={0x58, r1, 0x1, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x3c, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x1}, @device_b, @device_a, @initial, {0x0, 0x4c}, @value=@ver_80211n={0x0, 0x0, 0x2, 0x0, 0x0, 0x1}}, 0x1b, @val={0x8c, 0x18, {0x1fe, "3bf9d27a3fa9", @long="f877cc31de9038e5b85b2ccfde685c3b"}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 2.276525311s ago: executing program 1 (id=242): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) gettid() syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="043e0d05"], 0x10) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="0000099584"]) 2.05696717s ago: executing program 5 (id=243): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x54, r1, 0x1, 0x70bd2f, 0x4, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x30, 0x33, @disassoc={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x9}, @device_b, @device_a, @random="291c86d79191", {0x0, 0x23}}, 0x3b, @val={0x8c, 0x10, {0x553, "f3c60aa00dfb", @short="60a9c970d3fe94ce"}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x7, 0xa88]}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1.845877456s ago: executing program 3 (id=244): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000340)=0x0) prlimit64(r1, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r5 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r4, &(0x7f0000000100)='./file0\x00', r5, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r7, r6, 0x0, 0x6) read$watch_queue(r7, &(0x7f0000000540)=""/4096, 0x1000) r8 = userfaultfd(0x80001) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f00000001c0)={0x5}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) 1.713594575s ago: executing program 4 (id=245): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000340)=0x0) prlimit64(r1, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, 0x0, 0x0) r3 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r5 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r4, &(0x7f0000000100)='./file0\x00', r5, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r7, r6, 0x0, 0x6) read$watch_queue(r7, &(0x7f0000000540)=""/4096, 0x1000) r8 = userfaultfd(0x80001) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f00000001c0)={0x5}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) 1.330663237s ago: executing program 4 (id=246): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000340)=0x0) prlimit64(r1, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r5 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r4, &(0x7f0000000100)='./file0\x00', r5, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r7, r6, 0x0, 0x6) read$watch_queue(r7, &(0x7f0000000540)=""/4096, 0x1000) r8 = userfaultfd(0x80001) ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r10 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f00000001c0)={0x5}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) 1.277810207s ago: executing program 5 (id=247): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000440)=ANY=[@ANYBLOB='b *:'], 0xa) 150.944129ms ago: executing program 3 (id=248): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)={{0x12, 0x1, 0x141, 0x30, 0xf5, 0x69, 0x20, 0x5ac, 0x219, 0xf072, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x55, 0x7, 0x1, 0x3, 0x49, 0x2, 0x0, [], [{{0x9, 0x5, 0x82, 0x3, 0x400, 0x0, 0x33, 0x81}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000540)={0x0, 0x8c7c8f6744f0b74e, 0x8, "d4a911bb11e39d2e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000100)={[{0x3c, 0x4e00, "239c3994037b155c19b9163961c2856c8a42d673eccdc8a0020318e570d3e370206341e139c181b4c3ceb6d90b962f6c5fc4f83586b48f0b7fbf1033"}]}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 98.419547ms ago: executing program 5 (id=249): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000200)={0x1d, r1}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000)=0x1, 0x4) 0s ago: executing program 4 (id=250): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0xab}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x88101) unshare(0x22020400) r3 = open$dir(&(0x7f00000000c0)='./cgroup.cpu/cgroup.procs\x00', 0x42, 0xc) move_mount(r2, &(0x7f0000000100)='./file0\x00', r3, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000000)='./file0\x00') mount$bind(0x0, 0x0, 0x0, 0x882602, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x0) sendfile(r5, r4, 0x0, 0x6) read$watch_queue(r5, &(0x7f0000000540)=""/4096, 0x1000) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f00000001c0)={0x5}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.77' (ED25519) to the list of known hosts. [ 101.483176][ T48] cfg80211: failed to load regulatory.db [ 102.319328][ T5826] cgroup: Unknown subsys name 'net' [ 102.466660][ T5826] cgroup: Unknown subsys name 'cpuset' [ 102.476492][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 104.252271][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 108.682503][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 108.701786][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 108.709732][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 108.718060][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 108.725867][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 108.733922][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 108.741984][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 108.749738][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 108.757591][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 108.762426][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 108.765454][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 108.780401][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 108.790329][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 108.790500][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 108.811810][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 108.823756][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 108.830843][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 108.831427][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 108.846035][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 108.846073][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 108.853594][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 108.869266][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 108.869396][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 108.884847][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 108.893277][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 108.898886][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 108.910743][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 108.921368][ T5859] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 108.928674][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 108.931199][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 109.859117][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 109.904475][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 110.071310][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 110.174918][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 110.313624][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 110.483290][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 110.516625][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.524304][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.532846][ T5839] bridge_slave_0: entered allmulticast mode [ 110.540850][ T5839] bridge_slave_0: entered promiscuous mode [ 110.570567][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.577788][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.585978][ T5843] bridge_slave_0: entered allmulticast mode [ 110.594474][ T5843] bridge_slave_0: entered promiscuous mode [ 110.602265][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.609425][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.617275][ T5842] bridge_slave_0: entered allmulticast mode [ 110.625574][ T5842] bridge_slave_0: entered promiscuous mode [ 110.665019][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.672392][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.679606][ T5839] bridge_slave_1: entered allmulticast mode [ 110.688606][ T5839] bridge_slave_1: entered promiscuous mode [ 110.713991][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.721242][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.728424][ T5843] bridge_slave_1: entered allmulticast mode [ 110.737261][ T5843] bridge_slave_1: entered promiscuous mode [ 110.762558][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.769785][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.777337][ T5842] bridge_slave_1: entered allmulticast mode [ 110.785235][ T5842] bridge_slave_1: entered promiscuous mode [ 110.894622][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.921478][ T5845] Bluetooth: hci2: command tx timeout [ 110.975576][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.001310][ T5847] Bluetooth: hci1: command tx timeout [ 111.006874][ T5144] Bluetooth: hci3: command tx timeout [ 111.006909][ T5850] Bluetooth: hci4: command tx timeout [ 111.012894][ T5845] Bluetooth: hci0: command tx timeout [ 111.018901][ T5855] Bluetooth: hci5: command tx timeout [ 111.058727][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.073781][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.083143][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.090332][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.097694][ T5840] bridge_slave_0: entered allmulticast mode [ 111.105737][ T5840] bridge_slave_0: entered promiscuous mode [ 111.134017][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.150609][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.227953][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.235235][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.243291][ T5840] bridge_slave_1: entered allmulticast mode [ 111.252111][ T5840] bridge_slave_1: entered promiscuous mode [ 111.309738][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.320424][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.327903][ T5841] bridge_slave_0: entered allmulticast mode [ 111.336225][ T5841] bridge_slave_0: entered promiscuous mode [ 111.348891][ T5839] team0: Port device team_slave_0 added [ 111.359612][ T5839] team0: Port device team_slave_1 added [ 111.403528][ T5843] team0: Port device team_slave_0 added [ 111.414884][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.458534][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.470210][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.478261][ T5841] bridge_slave_1: entered allmulticast mode [ 111.486874][ T5841] bridge_slave_1: entered promiscuous mode [ 111.528988][ T5843] team0: Port device team_slave_1 added [ 111.555288][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.590721][ T5842] team0: Port device team_slave_0 added [ 111.599738][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.608140][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.615618][ T5838] bridge_slave_0: entered allmulticast mode [ 111.623951][ T5838] bridge_slave_0: entered promiscuous mode [ 111.633156][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.640349][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.647826][ T5838] bridge_slave_1: entered allmulticast mode [ 111.655931][ T5838] bridge_slave_1: entered promiscuous mode [ 111.737828][ T5842] team0: Port device team_slave_1 added [ 111.765627][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.779236][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.790060][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.797448][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.823885][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.837913][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.844951][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.871098][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.883150][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.890126][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.916568][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.929224][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.936263][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.962358][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.977803][ T5840] team0: Port device team_slave_0 added [ 111.990986][ T5840] team0: Port device team_slave_1 added [ 112.036554][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.151088][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.163620][ T5841] team0: Port device team_slave_0 added [ 112.228855][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.236266][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.262545][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.292584][ T5841] team0: Port device team_slave_1 added [ 112.339619][ T5839] hsr_slave_0: entered promiscuous mode [ 112.347434][ T5839] hsr_slave_1: entered promiscuous mode [ 112.373140][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.380131][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.407017][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.423183][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.430144][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.457342][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.469403][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.476734][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.502887][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.543156][ T5838] team0: Port device team_slave_0 added [ 112.557463][ T5843] hsr_slave_0: entered promiscuous mode [ 112.564222][ T5843] hsr_slave_1: entered promiscuous mode [ 112.571190][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.579032][ T5843] Cannot create hsr debugfs directory [ 112.636999][ T5838] team0: Port device team_slave_1 added [ 112.681834][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.688822][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.717262][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.729877][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.737755][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.765334][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.819323][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.826723][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.853900][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.866027][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.873720][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.899923][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.995263][ T5842] hsr_slave_0: entered promiscuous mode [ 113.003217][ T5842] hsr_slave_1: entered promiscuous mode [ 113.009455][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.013031][ T5855] Bluetooth: hci2: command tx timeout [ 113.017923][ T5842] Cannot create hsr debugfs directory [ 113.078283][ T5840] hsr_slave_0: entered promiscuous mode [ 113.084084][ T5855] Bluetooth: hci5: command tx timeout [ 113.084136][ T5855] Bluetooth: hci4: command tx timeout [ 113.090872][ T5845] Bluetooth: hci0: command tx timeout [ 113.096523][ T5840] hsr_slave_1: entered promiscuous mode [ 113.101097][ T5855] Bluetooth: hci3: command tx timeout [ 113.101262][ T5855] Bluetooth: hci1: command tx timeout [ 113.107682][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.125262][ T5840] Cannot create hsr debugfs directory [ 113.371976][ T5841] hsr_slave_0: entered promiscuous mode [ 113.378582][ T5841] hsr_slave_1: entered promiscuous mode [ 113.385395][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.393030][ T5841] Cannot create hsr debugfs directory [ 113.435452][ T5838] hsr_slave_0: entered promiscuous mode [ 113.442646][ T5838] hsr_slave_1: entered promiscuous mode [ 113.448880][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.456602][ T5838] Cannot create hsr debugfs directory [ 114.081492][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 114.118749][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 114.132290][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 114.158551][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 114.222480][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 114.242422][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 114.275309][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 114.288151][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 114.408843][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 114.434601][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 114.455397][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 114.469628][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 114.580003][ T5840] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 114.607856][ T5840] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 114.649323][ T5840] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 114.667649][ T5840] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 114.799544][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.837666][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 114.850227][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 114.894104][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 114.907470][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 114.936086][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.964875][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.990499][ T2861] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.997991][ T2861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.057057][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.064305][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.082270][ T5855] Bluetooth: hci2: command tx timeout [ 115.132311][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.146838][ T5841] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 115.162337][ T5845] Bluetooth: hci1: command tx timeout [ 115.162359][ T5850] Bluetooth: hci0: command tx timeout [ 115.167805][ T5845] Bluetooth: hci4: command tx timeout [ 115.173671][ T5144] Bluetooth: hci5: command tx timeout [ 115.179292][ T5855] Bluetooth: hci3: command tx timeout [ 115.199673][ T5841] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 115.238613][ T5841] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 115.260876][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.268036][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.314431][ T5841] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 115.379247][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.386531][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.417385][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.482007][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 115.588631][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.688010][ T5843] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 115.709146][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 115.727114][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.734350][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.745254][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.752448][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.776294][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.897879][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.950229][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.045048][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.076156][ T2861] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.083422][ T2861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.162180][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.173360][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.180601][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.196178][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.203395][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.239592][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.246822][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.279473][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.466038][ T5838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 116.535148][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.557958][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.587820][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.595062][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.692437][ T2861] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.699651][ T2861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.718487][ T5839] veth0_vlan: entered promiscuous mode [ 116.824969][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.846479][ T5839] veth1_vlan: entered promiscuous mode [ 116.971189][ T5843] veth0_vlan: entered promiscuous mode [ 117.049805][ T5843] veth1_vlan: entered promiscuous mode [ 117.102084][ T5839] veth0_macvtap: entered promiscuous mode [ 117.133514][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.171825][ T5855] Bluetooth: hci2: command tx timeout [ 117.177451][ T5839] veth1_macvtap: entered promiscuous mode [ 117.228735][ T5842] veth0_vlan: entered promiscuous mode [ 117.242006][ T5855] Bluetooth: hci5: command tx timeout [ 117.247484][ T5855] Bluetooth: hci0: command tx timeout [ 117.256735][ T5845] Bluetooth: hci3: command tx timeout [ 117.256777][ T5850] Bluetooth: hci1: command tx timeout [ 117.268286][ T5144] Bluetooth: hci4: command tx timeout [ 117.299263][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.384528][ T5843] veth0_macvtap: entered promiscuous mode [ 117.418352][ T5842] veth1_vlan: entered promiscuous mode [ 117.449502][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.471556][ T5843] veth1_macvtap: entered promiscuous mode [ 117.538452][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.577416][ T5839] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.588868][ T5839] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.598646][ T5839] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.607824][ T5839] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.693152][ T5838] veth0_vlan: entered promiscuous mode [ 117.715831][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.726624][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.751032][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.773093][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.848873][ T5842] veth0_macvtap: entered promiscuous mode [ 117.884962][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.900269][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.913716][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.942982][ T5842] veth1_macvtap: entered promiscuous mode [ 117.957831][ T5838] veth1_vlan: entered promiscuous mode [ 117.993062][ T5843] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.007852][ T5843] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.026538][ T5843] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.036218][ T5843] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.091973][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.099969][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.242962][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.261730][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.275895][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.287393][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.299360][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.363849][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.365664][ T5838] veth0_macvtap: entered promiscuous mode [ 118.372559][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.403052][ T5840] veth0_vlan: entered promiscuous mode [ 118.427328][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.438134][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.448959][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.459584][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.471666][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.505024][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.516328][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.532177][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.546502][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.562524][ T5838] veth1_macvtap: entered promiscuous mode [ 118.581030][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.607636][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.639840][ T5840] veth1_vlan: entered promiscuous mode [ 118.666160][ T5839] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 118.838847][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.849722][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.853253][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.873273][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.884757][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.895587][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.907094][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.917691][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.935373][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.968256][ T5841] veth0_vlan: entered promiscuous mode [ 118.983673][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.995296][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.006736][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.017202][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.028214][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.038802][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.052212][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.107281][ T5838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.121923][ T5838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.134776][ T5838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.144921][ T5838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.168636][ T5840] veth0_macvtap: entered promiscuous mode [ 119.203662][ T5840] veth1_macvtap: entered promiscuous mode [ 119.222936][ T5841] veth1_vlan: entered promiscuous mode [ 119.238860][ T2861] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.267291][ T2861] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.337020][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.349182][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.359603][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.372903][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.383278][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.394241][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.407016][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.419687][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.432642][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.468881][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.479926][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.497183][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.508037][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.517902][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.528455][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.539010][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.549629][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.566644][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.613169][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.629571][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.632680][ T5840] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.647134][ T2145] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 119.672637][ T5840] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.687379][ T5840] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.696714][ T5840] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.750898][ T5841] veth0_macvtap: entered promiscuous mode [ 119.797647][ T5841] veth1_macvtap: entered promiscuous mode [ 119.825076][ T2145] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 119.861424][ T2145] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.878159][ T2145] usb 1-1: config 0 interface 0 has no altsetting 0 [ 119.886419][ T2145] usb 1-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00 [ 119.914717][ T2145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.923817][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.948898][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.968373][ T2145] usb 1-1: config 0 descriptor?? [ 119.998990][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.015513][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.026343][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.037121][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.049825][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.050608][ T9] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 120.061199][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.080177][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.094038][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.104186][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.114812][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.126948][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.210098][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.240888][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.266062][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.270230][ T5949] ======================================================= [ 120.270230][ T5949] WARNING: The mand mount option has been deprecated and [ 120.270230][ T5949] and is ignored by this kernel. Remove the mand [ 120.270230][ T5949] option from the mount to silence this warning. [ 120.270230][ T5949] ======================================================= [ 120.278861][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.334035][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.342557][ T5949] bad cache= option: none [ 120.342557][ T5949] [ 120.351216][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.351239][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.351267][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.351287][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 120.351314][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.353471][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 120.381979][ T5949] CIFS: VFS: bad cache= option: none [ 120.398835][ T5841] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.427330][ T5841] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.449491][ T2145] waltop 0003:172F:0502.0001: item fetching failed at offset 2/5 [ 120.455105][ T5841] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.466980][ T2145] waltop 0003:172F:0502.0001: probe with driver waltop failed with error -22 [ 120.477339][ T5841] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.488510][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 120.503350][ T9] usb 2-1: no configurations [ 120.508001][ T9] usb 2-1: can't read configurations, error -22 [ 120.533532][ T5935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.546144][ T5935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.696570][ T924] usb 1-1: USB disconnect, device number 2 [ 120.700187][ T5935] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.742264][ T5935] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.969488][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.023381][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.063226][ T5960] netlink: 'syz.2.3': attribute type 14 has an invalid length. [ 121.154022][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.202776][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.384963][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.402315][ T5956] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 121.403416][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.593468][ T5956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.647715][ T5956] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.722096][ T5956] usb 4-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 121.758174][ T5956] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.791873][ T5974] netlink: 84 bytes leftover after parsing attributes in process `syz.4.5'. [ 121.832352][ T5956] usb 4-1: config 0 descriptor?? [ 121.853288][ T5973] loop1: detected capacity change from 0 to 2048 [ 121.951929][ T5969] loop0: detected capacity change from 0 to 4096 [ 121.982393][ T5973] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 122.093392][ T5969] ntfs3(loop0): ino=19, mi_enum_attr [ 122.155324][ T5969] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 122.307729][ T5956] cypress 0003:04B4:DE61.0002: item fetching failed at offset 5/7 [ 122.352936][ T5956] cypress 0003:04B4:DE61.0002: parse failed [ 122.392682][ T5956] cypress 0003:04B4:DE61.0002: probe with driver cypress failed with error -22 [ 122.597012][ T5901] usb 4-1: USB disconnect, device number 2 [ 122.737033][ T5988] netlink: 12 bytes leftover after parsing attributes in process `syz.4.20'. [ 123.440983][ T5956] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 123.531791][ T5955] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 123.653559][ T5956] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 123.703962][ T5955] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 123.723849][ T5956] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 123.754055][ T5955] usb 5-1: config 0 has no interface number 0 [ 123.771047][ T5956] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 123.797109][ T5955] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 123.833748][ T5956] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.855740][ T5955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.941223][ T5823] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 123.954388][ T5956] usb 2-1: config 0 descriptor?? [ 123.982378][ T5955] usb 5-1: config 0 descriptor?? [ 124.077452][ T5955] usb 5-1: selecting invalid altsetting 1 [ 124.087535][ T5956] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 124.120594][ T5823] usb 6-1: Using ep0 maxpacket: 32 [ 124.124658][ T5956] dvb-usb: bulk message failed: -22 (3/0) [ 124.127918][ T5823] usb 6-1: config 0 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 124.146615][ T5823] usb 6-1: config 0 interface 0 has no altsetting 0 [ 124.153303][ T5823] usb 6-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 124.159980][ T5955] dvb_ttusb_budget: ttusb_init_controller: error [ 124.228404][ T5956] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 124.254933][ T5955] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 124.279905][ T5996] dvb-usb: bulk message failed: -22 (3/0) [ 124.341116][ T5956] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 124.420098][ T5956] usb 2-1: media controller created [ 124.494765][ T5956] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 124.583882][ T5956] dvb-usb: bulk message failed: -22 (6/0) [ 124.633917][ T5956] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 124.684071][ T5956] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 124.698118][ T5984] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 124.789589][ T5955] DVB: Unable to find symbol cx22700_attach() [ 124.831152][ T5956] dvb-usb: schedule remote query interval to 150 msecs. [ 124.871859][ T5956] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 124.886219][ T5823] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.899983][ T5823] usb 6-1: config 0 descriptor?? [ 124.977487][ T5956] usb 2-1: USB disconnect, device number 4 [ 125.321698][ T5956] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 125.632588][ T5993] loop0: detected capacity change from 0 to 262144 [ 125.649643][ T5823] zeroplus 0003:0C12:0005.0003: item fetching failed at offset 0/3 [ 125.662493][ T5993] F2FS-fs (loop0): invalid crc value [ 125.681345][ T5823] zeroplus 0003:0C12:0005.0003: parse failed [ 125.687484][ T5823] zeroplus 0003:0C12:0005.0003: probe with driver zeroplus failed with error -22 [ 125.709527][ T5955] DVB: Unable to find symbol tda10046_attach() [ 125.715990][ T6010] loop4: detected capacity change from 0 to 4096 [ 125.757958][ T5955] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 125.797444][ T5955] usb 5-1: USB disconnect, device number 2 [ 125.857703][ T5993] F2FS-fs (loop0): Start checkpoint disabled! [ 126.074886][ T5998] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 126.083486][ T5999] usb 6-1: USB disconnect, device number 2 [ 126.142401][ T6010] ntfs3(loop4): ino=1a, mi_enum_attr [ 126.150638][ T5901] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 126.170256][ T6010] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 126.285608][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.341017][ T5998] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.351312][ T5901] usb 2-1: Using ep0 maxpacket: 32 [ 126.380132][ T5901] usb 2-1: unable to get BOS descriptor or descriptor too short [ 126.406668][ T5998] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 126.433614][ T5901] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 126.488401][ T6027] ntfs3(loop4): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" attr_set_size [ 126.528607][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.564944][ T5901] usb 2-1: can't read configurations, error -71 [ 126.585995][ T5998] usb 4-1: config 0 descriptor?? [ 126.990693][ T6033] netlink: 8 bytes leftover after parsing attributes in process `syz.5.33'. [ 127.016565][ T6033] netlink: 12 bytes leftover after parsing attributes in process `syz.5.33'. [ 127.062438][ T6033] netlink: 'syz.5.33': attribute type 20 has an invalid length. [ 127.063118][ T5998] acrux 0003:1A34:0802.0004: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0 [ 127.071092][ T6035] loop4: detected capacity change from 0 to 256 [ 127.228807][ T5998] acrux 0003:1A34:0802.0004: no inputs found [ 127.251115][ T5998] acrux 0003:1A34:0802.0004: Failed to enable force feedback support, error: -19 [ 127.282168][ T6037] Bluetooth: MGMT ver 1.23 [ 127.377304][ T5998] usb 4-1: USB disconnect, device number 3 [ 127.536877][ T6041] loop5: detected capacity change from 0 to 512 [ 127.610390][ T6041] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 127.668061][ T6041] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 127.682975][ T6044] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 127.689722][ T6044] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 127.714358][ T6044] vhci_hcd vhci_hcd.0: Device attached [ 127.767677][ T6050] random: crng reseeded on system resumption [ 127.825910][ T6041] EXT4-fs (loop5): 1 truncate cleaned up [ 127.887943][ T6041] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.960851][ T5823] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 128.122644][ T5998] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 128.170840][ T5823] usb 2-1: Using ep0 maxpacket: 16 [ 128.209155][ T5823] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 128.249257][ T5823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.269434][ T5823] usb 2-1: Product: syz [ 128.277305][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.297886][ T5823] usb 2-1: Manufacturer: syz [ 128.308018][ T5823] usb 2-1: SerialNumber: syz [ 128.335732][ T5823] usb 2-1: config 0 descriptor?? [ 128.358005][ T5823] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 128.435486][ T5823] usb 2-1: Detected FT232H [ 128.497190][ T6059] netlink: 'syz.5.42': attribute type 9 has an invalid length. [ 128.510934][ T5955] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 128.522176][ T6059] netlink: 8 bytes leftover after parsing attributes in process `syz.5.42'. [ 128.523729][ T5900] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 128.569257][ T5823] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 128.569337][ T6045] vhci_hcd: connection closed [ 128.585671][ T6059] bond_slave_0: entered promiscuous mode [ 128.586789][ T5823] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 128.590745][ T6059] bond_slave_1: entered promiscuous mode [ 128.601056][ T5823] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 128.621230][ T6059] macvlan2: entered promiscuous mode [ 128.642889][ T12] vhci_hcd: stop threads [ 128.647594][ T12] vhci_hcd: release socket [ 128.658053][ T6059] bond0: entered promiscuous mode [ 128.667329][ T12] vhci_hcd: disconnect device [ 128.672253][ T6059] macvlan2: entered allmulticast mode [ 128.672282][ T6059] bond0: entered allmulticast mode [ 128.672305][ T6059] bond_slave_0: entered allmulticast mode [ 128.672331][ T6059] bond_slave_1: entered allmulticast mode [ 128.674448][ T6059] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 128.681111][ T5823] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 128.691158][ T5998] usb 35-1: device descriptor read/64, error -71 [ 128.706428][ T5823] usb 2-1: USB disconnect, device number 7 [ 128.726150][ T5955] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 128.740645][ T5955] usb 3-1: config 0 has no interface number 0 [ 128.742842][ T5900] usb 4-1: Using ep0 maxpacket: 16 [ 128.753371][ T5955] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 128.764188][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.791244][ T5900] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 128.819790][ T5955] usb 3-1: config 0 descriptor?? [ 128.819790][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 128.819829][ T5900] usb 4-1: Product: syz [ 128.851310][ T5823] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 128.866548][ T5900] usb 4-1: Manufacturer: syz [ 128.871071][ T5955] usb 3-1: selecting invalid altsetting 1 [ 128.883393][ T5823] ftdi_sio 2-1:0.0: device disconnected [ 128.889050][ T5900] usb 4-1: SerialNumber: syz [ 128.890718][ T5955] dvb_ttusb_budget: ttusb_init_controller: error [ 128.914403][ T5900] usb 4-1: config 0 descriptor?? [ 128.930650][ T5998] vhci_hcd: vhci_device speed not set [ 128.936318][ T5955] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 129.090389][ T5955] DVB: Unable to find symbol cx22700_attach() [ 129.285292][ T5955] DVB: Unable to find symbol tda10046_attach() [ 129.293551][ T5823] usb 4-1: USB disconnect, device number 4 [ 129.325543][ T5955] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 129.411085][ T5955] usb 3-1: USB disconnect, device number 2 [ 132.653112][ T6094] loop4: detected capacity change from 0 to 512 [ 132.676862][ T6094] EXT4-fs: Ignoring removed orlov option [ 132.707252][ T6094] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 132.840944][ T5900] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 132.907787][ T6094] EXT4-fs (loop4): 1 orphan inode deleted [ 132.939588][ T6094] EXT4-fs (loop4): 1 truncate cleaned up [ 132.986365][ T6094] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.000778][ T5900] usb 1-1: Using ep0 maxpacket: 8 [ 133.027963][ T5900] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 133.063591][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 133.172793][ T6103] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 133.220311][ T5900] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 133.256956][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.359333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.461823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.471320][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 133.503404][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 133.523900][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 133.673914][ T6094] EXT4-fs error (device loop4): ext4_inlinedir_to_tree:1337: inode #12: block 7: comm syz.4.53: path /9/file1/file0: bad entry in directory: rec_len is too small for name_len - offset=20, inode=13, rec_len=16, size=60 fake=0 [ 133.729802][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 133.769017][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 133.927107][ T5900] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 133.940690][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 133.954944][ T5900] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 133.959839][ T6094] EXT4-fs (loop4): Remounting filesystem read-only [ 133.970134][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 133.986944][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 134.001312][ T5900] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 134.008765][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 134.028934][ T5900] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 134.040980][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 134.052258][ T5900] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 134.084477][ T5900] usb 1-1: string descriptor 0 read error: -22 [ 134.110823][ T5900] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 134.160605][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.293986][ T5900] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 134.318677][ T6114] ip6gretap0: entered promiscuous mode [ 134.335418][ T6114] macsec1: entered promiscuous mode [ 134.357686][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.374601][ T6114] macsec1: entered allmulticast mode [ 134.387671][ T6114] ip6gretap0: entered allmulticast mode [ 134.712954][ T5823] usb 1-1: USB disconnect, device number 3 [ 135.040623][ T5902] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 135.072857][ T5998] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 135.223597][ T5902] usb 6-1: Using ep0 maxpacket: 16 [ 135.231175][ T5902] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.262744][ T5902] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.329600][ T5902] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 135.380175][ T5998] usb 5-1: Using ep0 maxpacket: 8 [ 135.396623][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.428237][ T5998] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.441883][ T5998] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.452669][ T5998] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 135.465579][ T5998] usb 5-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00 [ 135.475248][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.488928][ T5902] usb 6-1: config 0 descriptor?? [ 135.492056][ T5998] usb 5-1: config 0 descriptor?? [ 136.003794][ T5998] apple 0003:05AC:027A.0006: hidraw0: USB HID v0.07 Device [HID 05ac:027a] on usb-dummy_hcd.4-1/input0 [ 136.766548][ T5902] corsair 0003:1B1C:1B02.0005: hidraw1: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.5-1/input0 [ 136.811948][ T5902] corsair 0003:1B1C:1B02.0005: Read invalid backlight brightness: 08. [ 136.849109][ T5823] usb 5-1: USB disconnect, device number 3 [ 137.097482][ T5998] usb 6-1: USB disconnect, device number 3 [ 137.263015][ T6123] loop1: detected capacity change from 0 to 32768 [ 137.302968][ T6145] loop3: detected capacity change from 0 to 256 [ 137.362617][ T6123] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 137.371875][ T5955] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz1 [ 137.374905][ T6145] udf: Unknown parameter '00000000000000000000003' [ 137.526661][ T6123] (syz.1.63,6123,1):ocfs2_load_local_alloc:334 ERROR: inconsistent detected, clean journal with unrecovered local alloc, please run fsck.ocfs2! [ 137.526661][ T6123] found = 5, set = 0, taken = 0, off = 0 [ 137.610983][ T6123] (syz.1.63,6123,1):ocfs2_load_local_alloc:356 ERROR: status = -22 [ 137.647265][ T6123] (syz.1.63,6123,1):ocfs2_check_volume:2401 ERROR: status = -22 [ 137.740578][ T6123] (syz.1.63,6123,1):ocfs2_check_volume:2429 ERROR: status = -22 [ 137.770492][ T6123] (syz.1.63,6123,1):ocfs2_mount_volume:1764 ERROR: status = -22 [ 137.834429][ T6123] (syz.1.63,6123,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 138.210876][ T5823] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 138.241720][ T5902] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 138.373311][ T5823] usb 4-1: Using ep0 maxpacket: 8 [ 138.397895][ T5823] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 138.421519][ T5902] usb 6-1: Using ep0 maxpacket: 8 [ 138.441137][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 138.486725][ T5902] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 138.500485][ T5823] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 138.517474][ T5902] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 138.550829][ T6143] loop0: detected capacity change from 0 to 40427 [ 138.551123][ T5902] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 138.590989][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 138.605710][ T6143] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3fffff [ 138.636678][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 138.649206][ T5902] usb 6-1: config 250 has no interface number 0 [ 138.660357][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 138.669896][ T6143] F2FS-fs (loop0): invalid crc value [ 138.678739][ T5902] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 138.711161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 138.729518][ T5823] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 138.736890][ T5955] kernel write not supported for file /uinput (pid: 5955 comm: kworker/0:6) [ 138.751218][ T5902] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 138.773844][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 138.802254][ T5902] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 138.834937][ T5823] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 138.865264][ T5902] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 138.896727][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 138.916089][ T5902] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 138.956855][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 138.979600][ T5902] usb 6-1: config 250 interface 228 has no altsetting 0 [ 138.983104][ T6167] netlink: 79 bytes leftover after parsing attributes in process `syz.4.77'. [ 138.999962][ T5902] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 139.009817][ T5823] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 139.017323][ T5902] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 139.025911][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 139.037573][ T5902] usb 6-1: Product: syz [ 139.041821][ T5902] usb 6-1: SerialNumber: syz [ 139.046582][ T5823] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 139.058517][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 139.069935][ T5823] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 139.127130][ T5902] hub 6-1:250.228: bad descriptor, ignoring hub [ 139.141482][ T5902] hub 6-1:250.228: probe with driver hub failed with error -5 [ 139.437983][ T5823] usb 4-1: string descriptor 0 read error: -22 [ 139.439861][ T6143] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 139.445055][ T5823] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 139.476463][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.458959][ T5823] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 140.466515][ T5902] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 140.502394][ T5902] usb 6-1: USB disconnect, device number 4 [ 140.678161][ T5902] usblp0: removed [ 140.694379][ T6181] loop6: detected capacity change from 0 to 524287999 [ 141.691290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 141.777270][ T5823] usb 4-1: USB disconnect, device number 5 [ 141.817943][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 141.869669][ T6189] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 142.328323][ T6197] use of bytesused == 0 is deprecated and will be removed in the future, [ 142.381273][ T6197] use the actual size instead. [ 142.447805][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 142.458385][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 144.902457][ T6225] loop5: detected capacity change from 0 to 256 [ 146.767180][ T6241] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 147.264083][ T6242] loop1: detected capacity change from 0 to 4096 [ 147.468603][ T6249] loop2: detected capacity change from 0 to 128 [ 147.511477][ T6249] ext4: Unknown parameter 'fowner' [ 147.860779][ T6252] Zero length message leads to an empty skb [ 150.414391][ T6267] netlink: 32 bytes leftover after parsing attributes in process `syz.2.112'. [ 151.535215][ T6279] loop0: detected capacity change from 0 to 256 [ 153.575451][ T6296] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 154.523663][ T5955] IPVS: starting estimator thread 0... [ 154.631497][ T6300] IPVS: using max 28 ests per chain, 67200 per kthread [ 154.920386][ T6313] loop3: detected capacity change from 0 to 128 [ 154.959601][ T6313] ext4: Unknown parameter 'fowner' [ 156.228526][ T6321] warning: `syz.0.128' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 156.284994][ T6306] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 156.333356][ T6306] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 156.390927][ T6306] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 156.520176][ T6306] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.534430][ T6306] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 156.621843][ T6306] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 156.682910][ T6306] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 156.707655][ T6306] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 156.806627][ T6306] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 156.916483][ T6326] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 157.033805][ T6306] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 157.080237][ T6306] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 157.399198][ T6306] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 158.363678][ T5144] Bluetooth: hci4: command 0x0c1a tx timeout [ 158.520552][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout [ 158.623032][ T6306] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 158.658666][ T6306] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 158.761768][ T5144] Bluetooth: hci1: command 0x0c1a tx timeout [ 158.793370][ T6306] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.926319][ T5144] Bluetooth: hci5: command 0x0c1a tx timeout [ 160.932662][ T5144] Bluetooth: hci4: command 0x0c1a tx timeout [ 160.939568][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout [ 160.945733][ T5144] Bluetooth: hci2: command 0x0c1a tx timeout [ 160.952709][ T5144] Bluetooth: hci1: command 0x0c1a tx timeout [ 162.134839][ T6350] loop1: detected capacity change from 0 to 64 [ 162.444695][ T6358] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 163.000828][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout [ 163.006939][ T5850] Bluetooth: hci2: command 0x0c1a tx timeout [ 163.013160][ T5144] Bluetooth: hci3: command 0x0c1a tx timeout [ 163.019222][ T5144] Bluetooth: hci4: command 0x0c1a tx timeout [ 163.021410][ T5855] Bluetooth: hci5: command 0x0c1a tx timeout [ 163.309743][ T6362] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 163.969428][ T6374] loop4: detected capacity change from 0 to 1024 [ 164.039414][ T6374] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 164.207434][ T6382] loop3: detected capacity change from 0 to 256 [ 164.222906][ T5955] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 164.235680][ T6374] EXT4-fs error (device loop4): ext4_map_blocks:709: inode #3: block 1: comm syz.4.146: lblock 1 mapped to illegal pblock 1 (length 1) [ 164.268681][ T6374] Quota error (device loop4): write_blk: dquota write failed [ 164.277896][ T6374] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 164.314062][ T6374] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.146: Failed to acquire dquot type 0 [ 164.362938][ T6374] EXT4-fs error (device loop4): ext4_free_blocks:6586: comm syz.4.146: Freeing blocks not in datazone - block = 0, count = 4096 [ 164.384668][ T6382] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 164.437352][ T6374] EXT4-fs error (device loop4): ext4_read_inode_bitmap:138: comm syz.4.146: Invalid inode bitmap blk 0 in block_group 0 [ 164.451985][ T37] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 164.478329][ T5955] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 164.506486][ T5955] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 164.509854][ T6374] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 164.540513][ T37] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 164.578904][ T37] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0 [ 164.581531][ T6374] EXT4-fs (loop4): 1 orphan inode deleted [ 164.598723][ T5955] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a2, bcdDevice= 0.40 [ 164.638674][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.639949][ T6374] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.674955][ T5955] usb 2-1: Product: syz [ 164.679195][ T5955] usb 2-1: Manufacturer: syz [ 164.720511][ T5955] usb 2-1: SerialNumber: syz [ 165.146331][ T6374] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #3: block 1: comm syz.4.146: lblock 1 mapped to illegal pblock 1 (length 1) [ 165.231650][ T5855] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.238015][ T5855] Bluetooth: hci5: command 0x0c1a tx timeout [ 165.502352][ T6374] Quota error (device loop4): find_tree_dqentry: Can't read quota tree block 1 [ 165.631282][ T6374] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 60928 [ 165.818205][ T6374] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.146: Failed to acquire dquot type 0 [ 166.413936][ T5955] cdc_subset 2-1:1.0: probe with driver cdc_subset failed with error -22 [ 166.494311][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.525281][ T63] EXT4-fs error (device loop4): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 166.607058][ T63] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 166.650320][ T63] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0 [ 166.694599][ T5955] usb 2-1: USB disconnect, device number 8 [ 166.937753][ T6378] loop0: detected capacity change from 0 to 32768 [ 166.971204][ T6378] read_mapping_page failed! [ 166.986595][ T6378] jfs_mount: Failed to read AGGREGATE_I [ 167.016865][ T6378] Mount JFS Failure: -5 [ 167.158113][ T6392] loop2: detected capacity change from 0 to 4096 [ 167.258670][ T6392] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512). [ 167.338780][ T6384] loop5: detected capacity change from 0 to 32768 [ 167.804269][ T6404] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 170.295991][ T6424] loop6: detected capacity change from 0 to 524287999 [ 171.539852][ T6429] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 171.718865][ T6431] netlink: 8 bytes leftover after parsing attributes in process `syz.5.165'. [ 171.853670][ T6431] veth0_to_hsr: default FDB implementation only supports local addresses [ 172.448707][ T6445] loop1: detected capacity change from 0 to 256 [ 173.001846][ T6450] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 173.840064][ T6463] loop2: detected capacity change from 0 to 512 [ 174.042710][ T6463] EXT4-fs (loop2): orphan cleanup on readonly fs [ 174.159638][ T6463] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm syz.2.178: bg 0: block 248: padding at end of block bitmap is not set [ 174.257842][ T6463] Quota error (device loop2): write_blk: dquota write failed [ 174.267575][ T6463] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 174.334915][ T6463] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.178: Failed to acquire dquot type 1 [ 174.359797][ T6468] loop3: detected capacity change from 0 to 1024 [ 174.425398][ T6463] EXT4-fs (loop2): 1 truncate cleaned up [ 174.470103][ T6463] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 174.656958][ T30] audit: type=1800 audit(1745539512.021:2): pid=6468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.181" name="file2" dev="loop3" ino=21 res=0 errno=0 [ 174.741486][ T6463] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 174.805606][ T6463] Quota error (device loop2): write_blk: dquota write failed [ 174.907225][ T6463] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 174.928896][ T6463] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.178: Failed to acquire dquot type 1 [ 175.031517][ T6463] EXT4-fs warning (device loop2): ext4_enable_quotas:7166: Failed to enable quota tracking (type=1, err=-28, ino=4). Please run e2fsck to fix. [ 175.092651][ T6478] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 175.459195][ T5838] EXT4-fs error (device loop2): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 12 [ 175.663241][ T5838] EXT4-fs error (device loop2): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 12 [ 176.623414][ T6488] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 177.209799][ T6499] gtp0: entered promiscuous mode [ 177.230614][ T6499] gtp0: entered allmulticast mode [ 177.767073][ T37] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.915735][ T37] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.174472][ T37] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 178.382254][ T37] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.049929][ T5823] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 180.097383][ T5823] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 180.170507][ T5823] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.188064][ T6518] loop6: detected capacity change from 0 to 524287999 [ 180.472902][ T37] bridge_slave_1: left allmulticast mode [ 180.478981][ T37] bridge_slave_1: left promiscuous mode [ 180.510128][ T5823] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.253551][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.336540][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 181.357779][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 181.367597][ T5823] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 181.381152][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 181.395758][ T5823] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 181.631623][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 181.639608][ T37] bridge_slave_0: left allmulticast mode [ 181.646143][ T37] bridge_slave_0: left promiscuous mode [ 181.652122][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 181.661757][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.670579][ T5823] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.437844][ T6535] loop0: detected capacity change from 0 to 256 [ 182.447256][ T5823] usb 4-1: config 0 descriptor?? [ 182.477712][ T6535] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 182.487958][ T5823] usb 4-1: can't set config #0, error -71 [ 182.540791][ T5823] usb 4-1: USB disconnect, device number 6 [ 182.602507][ T6535] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 182.655031][ T6535] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 182.875464][ T6535] exFAT-fs (loop0): error, broken FAT chain. [ 182.951261][ T6535] exFAT-fs (loop0): Filesystem has been set read-only [ 183.036820][ T6546] process 'syz.1.207' launched '/dev/fd/6' with NULL argv: empty string added [ 183.757688][ T6535] exFAT-fs (loop0): error, failed to bmap (inode : ffff88805df607c8 iblock : 95, err : -5) [ 184.055829][ T5855] Bluetooth: hci0: command tx timeout [ 184.130707][ T6556] capability: warning: `syz.3.211' uses 32-bit capabilities (legacy support in use) [ 184.602252][ T6563] netlink: 12 bytes leftover after parsing attributes in process `syz.3.213'. [ 184.711157][ T5823] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 184.910994][ T5823] usb 1-1: Using ep0 maxpacket: 16 [ 184.927729][ T5823] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.953166][ T5823] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.988734][ T5823] usb 1-1: config 0 interface 0 has no altsetting 0 [ 185.010503][ T5823] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 185.019828][ T5823] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.049083][ T5823] usb 1-1: config 0 descriptor?? [ 185.137814][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 185.155682][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 185.168444][ T37] bond0 (unregistering): Released all slaves [ 185.239064][ T6563] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 185.270925][ T6563] batadv_slave_0: entered promiscuous mode [ 185.506725][ T6560] loop0: detected capacity change from 0 to 256 [ 185.535904][ T6560] vfat: Unknown parameter 'uni_xý' [ 185.797845][ T5823] hid (null): invalid report_size 1953394281 [ 185.807352][ T5823] hid (null): unknown global tag 0xe [ 185.836698][ T5823] hid (null): unknown global tag 0xc [ 186.631414][ T5845] Bluetooth: hci0: command tx timeout [ 186.677486][ T5823] hid (null): nested delimiters [ 186.700748][ T5823] hid (null): unknown global tag 0xd [ 186.721409][ T5823] hid (null): unknown global tag 0xe [ 186.726798][ T5823] hid (null): unknown global tag 0xc [ 186.752530][ T5823] hid (null): global environment stack overflow [ 186.802222][ T5823] usb 1-1: USB disconnect, device number 4 [ 186.963533][ T6577] netlink: 'syz.5.216': attribute type 4 has an invalid length. [ 187.111181][ T5998] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 187.293973][ T5998] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.320163][ T5998] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 187.560348][ T5998] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 187.570109][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.596512][ T5998] usb 4-1: config 0 descriptor?? [ 187.746474][ T5998] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 188.269902][ T6578] netlink: 71 bytes leftover after parsing attributes in process `syz.3.217'. [ 188.425050][ T6580] netlink: 8 bytes leftover after parsing attributes in process `syz.1.219'. [ 188.565701][ T5823] usb 4-1: USB disconnect, device number 7 [ 188.686965][ T5845] Bluetooth: hci0: command tx timeout [ 188.798362][ T37] hsr_slave_0: left promiscuous mode [ 188.842397][ T37] hsr_slave_1: left promiscuous mode [ 188.850757][ T5998] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 188.907011][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.968277][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.032420][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.033609][ T5998] usb 6-1: Using ep0 maxpacket: 8 [ 189.039848][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.077104][ T5998] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.107720][ T5998] usb 6-1: config 0 has no interfaces? [ 189.127588][ T5998] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.152282][ T5998] usb 6-1: config 0 has no interfaces? [ 189.190051][ T37] veth1_macvtap: left promiscuous mode [ 189.193677][ T5998] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.208269][ T37] veth0_macvtap: left promiscuous mode [ 189.208475][ T5998] usb 6-1: config 0 has no interfaces? [ 189.238835][ T5998] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 189.244813][ T37] veth1_vlan: left promiscuous mode [ 189.256485][ T5998] usb 6-1: config 0 has no interfaces? [ 189.264186][ T5998] usb 6-1: New USB device found, idVendor=046d, idProduct=08b3, bcdDevice=6d.2a [ 189.322667][ T37] veth0_vlan: left promiscuous mode [ 189.347041][ T5998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.400269][ T5998] usb 6-1: config 0 descriptor?? [ 189.656805][ T5845] Bluetooth: hci2: unexpected event for opcode 0x0402 [ 189.666096][ T5955] usb 6-1: USB disconnect, device number 5 [ 189.732398][ T5998] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 189.892655][ T5998] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 189.929899][ T5998] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.961206][ T5998] usb 4-1: config 0 descriptor?? [ 189.989429][ T5998] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 190.760808][ T5845] Bluetooth: hci0: command tx timeout [ 191.597090][ T5998] usb 4-1: USB disconnect, device number 8 [ 191.853513][ T37] team0 (unregistering): Port device team_slave_1 removed [ 191.897934][ T37] team0 (unregistering): Port device team_slave_0 removed [ 192.786762][ T6633] batman_adv: batadv0: Adding interface: gretap1 [ 192.811420][ T5823] usb 4-1: new low-speed USB device number 9 using dummy_hcd [ 192.856213][ T6633] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 193.100397][ T5823] usb 4-1: unable to get BOS descriptor or descriptor too short [ 193.124066][ T5823] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 193.191133][ T5823] usb 4-1: can't read configurations, error -71 [ 194.318456][ T6651] ptrace attach of "./syz-executor exec"[5840] was attempted by "./syz-executor exec"[6651] [ 194.377059][ T6649] Bluetooth: MGMT ver 1.23 [ 194.823795][ T5902] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 194.877563][ T6522] chnl_net:caif_netlink_parms(): no params data found [ 195.041115][ T5902] usb 1-1: Using ep0 maxpacket: 8 [ 195.110592][ T5902] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 195.139531][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.169364][ T5902] usb 1-1: Product: syz [ 195.192442][ T5902] usb 1-1: Manufacturer: syz [ 195.197568][ T5902] usb 1-1: SerialNumber: syz [ 195.214520][ T5898] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 195.230923][ T5902] usb 1-1: config 0 descriptor?? [ 195.269117][ T5902] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 195.400775][ T5898] usb 2-1: Using ep0 maxpacket: 8 [ 195.476425][ T5898] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 195.542199][ T5898] usb 2-1: config 179 has no interface number 0 [ 195.606640][ T5898] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 195.638937][ T5898] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 195.677383][ T5898] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 195.752241][ T5898] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 195.787050][ T6522] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.807012][ T5898] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 195.826263][ T6522] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.874316][ T6522] bridge_slave_0: entered allmulticast mode [ 195.913223][ T6522] bridge_slave_0: entered promiscuous mode [ 195.920635][ T5898] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 196.214426][ T6522] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.247789][ T5902] gspca_sonixj: reg_r err -71 [ 196.551382][ T5902] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 196.558424][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.560240][ T6522] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.615444][ T5902] usb 1-1: USB disconnect, device number 5 [ 196.634966][ T6522] bridge_slave_1: entered allmulticast mode [ 196.662379][ T6665] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 196.681998][ T6522] bridge_slave_1: entered promiscuous mode [ 197.028398][ T6522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.135104][ T6522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.340626][ T5898] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 197.369798][ T5902] usb 2-1: USB disconnect, device number 9 [ 197.369831][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 197.384304][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 197.393310][ C0] ================================================================== [ 197.401393][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 [ 197.409236][ C0] Read of size 4 at addr ffff88802e35405c by task kworker/u8:9/6534 [ 197.417238][ C0] [ 197.419583][ C0] CPU: 0 UID: 0 PID: 6534 Comm: kworker/u8:9 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 197.419631][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 197.419656][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 197.419698][ C0] Call Trace: [ 197.419709][ C0] [ 197.419722][ C0] dump_stack_lvl+0x116/0x1f0 [ 197.419778][ C0] print_report+0xc3/0x670 [ 197.419836][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.419882][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.419932][ C0] ? __phys_addr+0xc6/0x150 [ 197.419989][ C0] ? do_raw_spin_lock+0x26f/0x2b0 [ 197.420029][ C0] kasan_report+0xe0/0x110 [ 197.420063][ C0] ? do_raw_spin_lock+0x26f/0x2b0 [ 197.420111][ C0] do_raw_spin_lock+0x26f/0x2b0 [ 197.420153][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 197.420197][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.420248][ C0] _raw_spin_lock_irqsave+0x42/0x60 [ 197.420298][ C0] ? __wake_up+0x1c/0x60 [ 197.420350][ C0] __wake_up+0x1c/0x60 [ 197.420403][ C0] usb_anchor_resume_wakeups+0xc2/0xe0 [ 197.420462][ C0] __usb_hcd_giveback_urb+0x3b8/0x6e0 [ 197.420511][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 197.420556][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.420604][ C0] dummy_timer+0x180e/0x3a20 [ 197.420655][ C0] ? find_held_lock+0x2b/0x80 [ 197.420704][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.420751][ C0] ? find_held_lock+0x2b/0x80 [ 197.420798][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.420847][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.420892][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.420943][ C0] ? debug_object_deactivate+0x1ec/0x3a0 [ 197.420999][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 197.421056][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.421102][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 197.421150][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 197.421198][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.421243][ C0] ? mark_held_locks+0x49/0x80 [ 197.421301][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 197.421355][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 197.421403][ C0] __hrtimer_run_queues+0x202/0xad0 [ 197.421453][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 197.421496][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.421548][ C0] hrtimer_run_softirq+0x17d/0x350 [ 197.421593][ C0] handle_softirqs+0x219/0x8e0 [ 197.421647][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 197.421697][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.421745][ C0] __irq_exit_rcu+0x109/0x170 [ 197.421793][ C0] irq_exit_rcu+0x9/0x30 [ 197.421839][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 197.421891][ C0] [ 197.421908][ C0] [ 197.421920][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 197.421961][ C0] RIP: 0010:__local_bh_enable_ip+0xac/0x120 [ 197.422013][ C0] Code: 1d e9 a8 29 12 65 8b 05 e2 a8 29 12 a9 00 ff ff 00 74 4d bf 01 00 00 00 e8 81 01 0c 00 e8 2c 2c 46 00 fb 65 8b 05 c4 a8 29 12 <85> c0 74 52 5b 5d e9 94 69 93 ff 65 8b 05 ce e2 29 12 85 c0 75 9e [ 197.422048][ C0] RSP: 0018:ffffc9001dcaf298 EFLAGS: 00000202 [ 197.422077][ C0] RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 0000000000000006 [ 197.422100][ C0] RDX: 0000000000000000 RSI: ffffffff8dbeb82e RDI: ffffffff8bf451c0 [ 197.422124][ C0] RBP: ffffffff8ac3b03e R08: 0000000000000001 R09: 0000000000000001 [ 197.422146][ C0] R10: ffffffff90866b17 R11: 0000000000000000 R12: 0000000000000000 [ 197.422170][ C0] R13: ffff888030497468 R14: ffff88802856b800 R15: ffffc9001dcaf8a8 [ 197.422197][ C0] ? cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 197.422267][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 197.422317][ C0] cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 197.422378][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.422428][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 197.422505][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 197.422554][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.422598][ C0] ? stack_trace_save+0x8e/0xc0 [ 197.422646][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 197.422694][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.422737][ C0] ? stack_depot_save_flags+0x28/0xa50 [ 197.422794][ C0] ? cfg80211_inform_bss_data+0x224/0x3bd0 [ 197.422855][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.422910][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 197.422978][ C0] ? __kmalloc_noprof+0x223/0x510 [ 197.423043][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 197.423101][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0 [ 197.423153][ C0] ? ieee80211_iface_work+0xbf4/0x1020 [ 197.423207][ C0] ? process_one_work+0x9cf/0x1b70 [ 197.423257][ C0] ? ret_from_fork+0x48/0x80 [ 197.423297][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 197.423368][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 197.423437][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.423484][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 197.423528][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.423575][ C0] ? _ieee802_11_parse_elems_full+0x626/0x44e0 [ 197.423641][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.423684][ C0] ? __lock_acquire+0x5ca/0x1ba0 [ 197.423720][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.423763][ C0] ? ieee802_11_parse_elems_full+0x145/0x3780 [ 197.423819][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 197.423887][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 197.423943][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 197.423996][ C0] ? find_held_lock+0x2b/0x80 [ 197.424043][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424092][ C0] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 197.424151][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 197.424199][ C0] ? __pfx___might_resched+0x10/0x10 [ 197.424256][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424307][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424353][ C0] ? kcov_remote_start+0x3c9/0x6d0 [ 197.424391][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424437][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424486][ C0] ieee80211_iface_work+0xbf4/0x1020 [ 197.424537][ C0] ? rcu_is_watching+0x12/0xc0 [ 197.424585][ C0] cfg80211_wiphy_work+0x3df/0x550 [ 197.424625][ C0] process_one_work+0x9cf/0x1b70 [ 197.424676][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 197.424713][ C0] ? __pfx_process_one_work+0x10/0x10 [ 197.424756][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424807][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424850][ C0] ? assign_work+0x1a0/0x250 [ 197.424890][ C0] worker_thread+0x6c8/0xf10 [ 197.424945][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.424990][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.425034][ C0] ? __kthread_parkme+0x19e/0x250 [ 197.425088][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.425134][ C0] ? __pfx_worker_thread+0x10/0x10 [ 197.425177][ C0] kthread+0x3c5/0x780 [ 197.425213][ C0] ? __pfx_kthread+0x10/0x10 [ 197.425249][ C0] ? __pfx_kthread+0x10/0x10 [ 197.425285][ C0] ? __pfx_kthread+0x10/0x10 [ 197.425321][ C0] ? __pfx_kthread+0x10/0x10 [ 197.425356][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 197.425400][ C0] ? rcu_is_watching+0x12/0xc0 [ 197.425447][ C0] ? __pfx_kthread+0x10/0x10 [ 197.425484][ C0] ret_from_fork+0x48/0x80 [ 197.425523][ C0] ? __pfx_kthread+0x10/0x10 [ 197.425561][ C0] ret_from_fork_asm+0x1a/0x30 [ 197.425631][ C0] [ 197.425643][ C0] [ 198.147119][ C0] Allocated by task 5898: [ 198.151459][ C0] kasan_save_stack+0x33/0x60 [ 198.156182][ C0] kasan_save_track+0x14/0x30 [ 198.160904][ C0] __kasan_kmalloc+0xaa/0xb0 [ 198.165533][ C0] xpad_probe+0x286/0x1f30 [ 198.169976][ C0] usb_probe_interface+0x303/0x9c0 [ 198.175120][ C0] really_probe+0x241/0xa90 [ 198.179685][ C0] __driver_probe_device+0x1de/0x440 [ 198.185031][ C0] driver_probe_device+0x4c/0x1b0 [ 198.190095][ C0] __device_attach_driver+0x1df/0x310 [ 198.195514][ C0] bus_for_each_drv+0x159/0x1e0 [ 198.200387][ C0] __device_attach+0x1e4/0x4b0 [ 198.205191][ C0] bus_probe_device+0x17f/0x1c0 [ 198.210069][ C0] device_add+0x1148/0x1a70 [ 198.214587][ C0] usb_set_configuration+0x1187/0x1e20 [ 198.220062][ C0] usb_generic_driver_probe+0xb1/0x110 [ 198.225640][ C0] usb_probe_device+0xef/0x3e0 [ 198.230417][ C0] really_probe+0x241/0xa90 [ 198.234953][ C0] __driver_probe_device+0x1de/0x440 [ 198.240267][ C0] driver_probe_device+0x4c/0x1b0 [ 198.245327][ C0] __device_attach_driver+0x1df/0x310 [ 198.250731][ C0] bus_for_each_drv+0x159/0x1e0 [ 198.255603][ C0] __device_attach+0x1e4/0x4b0 [ 198.260395][ C0] bus_probe_device+0x17f/0x1c0 [ 198.265275][ C0] device_add+0x1148/0x1a70 [ 198.269794][ C0] usb_new_device+0xd07/0x1a20 [ 198.274578][ C0] hub_event+0x2eb7/0x4fa0 [ 198.279187][ C0] process_one_work+0x9cf/0x1b70 [ 198.284142][ C0] worker_thread+0x6c8/0xf10 [ 198.288752][ C0] kthread+0x3c5/0x780 [ 198.292841][ C0] ret_from_fork+0x48/0x80 [ 198.297275][ C0] ret_from_fork_asm+0x1a/0x30 [ 198.302088][ C0] [ 198.304415][ C0] Freed by task 5902: [ 198.308403][ C0] kasan_save_stack+0x33/0x60 [ 198.313124][ C0] kasan_save_track+0x14/0x30 [ 198.317828][ C0] kasan_save_free_info+0x3b/0x60 [ 198.322874][ C0] __kasan_slab_free+0x51/0x70 [ 198.327691][ C0] kfree+0x2b6/0x4d0 [ 198.331622][ C0] xpad_disconnect+0x1cf/0x580 [ 198.336416][ C0] usb_unbind_interface+0x1dd/0x9a0 [ 198.341643][ C0] device_remove+0x125/0x170 [ 198.346272][ C0] device_release_driver_internal+0x44b/0x620 [ 198.352397][ C0] bus_remove_device+0x22f/0x420 [ 198.357374][ C0] device_del+0x396/0x9f0 [ 198.361745][ C0] usb_disable_device+0x355/0x7d0 [ 198.366791][ C0] usb_disconnect+0x2e1/0x920 [ 198.371492][ C0] hub_event+0x1c57/0x4fa0 [ 198.375923][ C0] process_one_work+0x9cf/0x1b70 [ 198.380882][ C0] worker_thread+0x6c8/0xf10 [ 198.385494][ C0] kthread+0x3c5/0x780 [ 198.389582][ C0] ret_from_fork+0x48/0x80 [ 198.394020][ C0] ret_from_fork_asm+0x1a/0x30 [ 198.398819][ C0] [ 198.401140][ C0] The buggy address belongs to the object at ffff88802e354000 [ 198.401140][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 198.415221][ C0] The buggy address is located 92 bytes inside of [ 198.415221][ C0] freed 1024-byte region [ffff88802e354000, ffff88802e354400) [ 198.429030][ C0] [ 198.431356][ C0] The buggy address belongs to the physical page: [ 198.437763][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e350 [ 198.446532][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 198.455038][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 198.462590][ C0] page_type: f5(slab) [ 198.466671][ C0] raw: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 198.475266][ C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 198.483862][ C0] head: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 198.492547][ C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 198.501234][ C0] head: 00fff00000000003 ffffea0000b8d401 00000000ffffffff 00000000ffffffff [ 198.509915][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 198.518593][ C0] page dumped because: kasan: bad access detected [ 198.525005][ C0] page_owner tracks the page as allocated [ 198.530715][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5841, tgid 5841 (syz-executor), ts 118817981853, free_ts 118739037182 [ 198.550195][ C0] post_alloc_hook+0x181/0x1b0 [ 198.554994][ C0] get_page_from_freelist+0x135c/0x3920 [ 198.560569][ C0] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 198.566499][ C0] alloc_pages_mpol+0x1fb/0x550 [ 198.571360][ C0] new_slab+0x244/0x340 [ 198.575534][ C0] ___slab_alloc+0xd9c/0x1940 [ 198.580232][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 198.585626][ C0] __kmalloc_noprof+0x2f2/0x510 [ 198.590512][ C0] ieee802_11_parse_elems_full+0x1d7/0x3780 [ 198.596443][ C0] ieee80211_inform_bss+0x10b/0x1140 [ 198.601750][ C0] cfg80211_inform_single_bss_data+0x8ea/0x1df0 [ 198.608026][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 198.613690][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 198.619789][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 198.625527][ C0] ieee80211_scan_rx+0x475/0xae0 [ 198.630519][ C0] ieee80211_rx_list+0x1bdb/0x2980 [ 198.635669][ C0] page last free pid 5843 tgid 5843 stack trace: [ 198.642000][ C0] __free_frozen_pages+0x69d/0xff0 [ 198.647139][ C0] qlist_free_all+0x4e/0x120 [ 198.651759][ C0] kasan_quarantine_reduce+0x195/0x1e0 [ 198.657250][ C0] __kasan_slab_alloc+0x69/0x90 [ 198.662132][ C0] __kmalloc_noprof+0x1d4/0x510 [ 198.667017][ C0] tomoyo_realpath_from_path+0xc2/0x6e0 [ 198.672591][ C0] tomoyo_path_number_perm+0x245/0x580 [ 198.678069][ C0] security_file_ioctl+0x9b/0x240 [ 198.683114][ C0] __x64_sys_ioctl+0xb7/0x200 [ 198.687810][ C0] do_syscall_64+0xcd/0x260 [ 198.692461][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.698511][ C0] [ 198.700869][ C0] Memory state around the buggy address: [ 198.706539][ C0] ffff88802e353f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.714618][ C0] ffff88802e353f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.722696][ C0] >ffff88802e354000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 198.730766][ C0] ^ [ 198.737707][ C0] ffff88802e354080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 198.745782][ C0] ffff88802e354100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 198.753854][ C0] ================================================================== [ 198.761926][ C0] Disabling lock debugging due to kernel taint [ 198.768079][ C0] ================================================================== [ 198.776145][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x27f/0x2b0 [ 198.783985][ C0] Read of size 8 at addr ffff88802e354068 by task kworker/u8:9/6534 [ 198.791985][ C0] [ 198.794331][ C0] CPU: 0 UID: 0 PID: 6534 Comm: kworker/u8:9 Tainted: G B 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 198.794391][ C0] Tainted: [B]=BAD_PAGE [ 198.794405][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 198.794431][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 198.794471][ C0] Call Trace: [ 198.794483][ C0] [ 198.794497][ C0] dump_stack_lvl+0x116/0x1f0 [ 198.794556][ C0] print_report+0xc3/0x670 [ 198.794620][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.794669][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.794716][ C0] ? __phys_addr+0xc6/0x150 [ 198.794778][ C0] ? do_raw_spin_lock+0x27f/0x2b0 [ 198.794822][ C0] kasan_report+0xe0/0x110 [ 198.794857][ C0] ? do_raw_spin_lock+0x27f/0x2b0 [ 198.794908][ C0] do_raw_spin_lock+0x27f/0x2b0 [ 198.794958][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 198.795004][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.795058][ C0] _raw_spin_lock_irqsave+0x42/0x60 [ 198.795109][ C0] ? __wake_up+0x1c/0x60 [ 198.795166][ C0] __wake_up+0x1c/0x60 [ 198.795223][ C0] usb_anchor_resume_wakeups+0xc2/0xe0 [ 198.795287][ C0] __usb_hcd_giveback_urb+0x3b8/0x6e0 [ 198.795340][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 198.795390][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.795441][ C0] dummy_timer+0x180e/0x3a20 [ 198.795497][ C0] ? find_held_lock+0x2b/0x80 [ 198.795549][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.795600][ C0] ? find_held_lock+0x2b/0x80 [ 198.795650][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.795703][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.795752][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.795806][ C0] ? debug_object_deactivate+0x1ec/0x3a0 [ 198.795867][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 198.795932][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.795981][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 198.796034][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 198.796099][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.796159][ C0] ? mark_held_locks+0x49/0x80 [ 198.796237][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 198.796308][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 198.796372][ C0] __hrtimer_run_queues+0x202/0xad0 [ 198.796438][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 198.796495][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.796564][ C0] hrtimer_run_softirq+0x17d/0x350 [ 198.796624][ C0] handle_softirqs+0x219/0x8e0 [ 198.796695][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 198.796763][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.796827][ C0] __irq_exit_rcu+0x109/0x170 [ 198.796891][ C0] irq_exit_rcu+0x9/0x30 [ 198.796960][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 198.797030][ C0] [ 198.797045][ C0] [ 198.797062][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 198.797116][ C0] RIP: 0010:__local_bh_enable_ip+0xac/0x120 [ 198.797187][ C0] Code: 1d e9 a8 29 12 65 8b 05 e2 a8 29 12 a9 00 ff ff 00 74 4d bf 01 00 00 00 e8 81 01 0c 00 e8 2c 2c 46 00 fb 65 8b 05 c4 a8 29 12 <85> c0 74 52 5b 5d e9 94 69 93 ff 65 8b 05 ce e2 29 12 85 c0 75 9e [ 198.797234][ C0] RSP: 0018:ffffc9001dcaf298 EFLAGS: 00000202 [ 198.797271][ C0] RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 0000000000000006 [ 198.797302][ C0] RDX: 0000000000000000 RSI: ffffffff8dbeb82e RDI: ffffffff8bf451c0 [ 198.797334][ C0] RBP: ffffffff8ac3b03e R08: 0000000000000001 R09: 0000000000000001 [ 198.797365][ C0] R10: ffffffff90866b17 R11: 0000000000000000 R12: 0000000000000000 [ 198.797396][ C0] R13: ffff888030497468 R14: ffff88802856b800 R15: ffffc9001dcaf8a8 [ 198.797433][ C0] ? cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 198.797525][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 198.797593][ C0] cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 198.797676][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.797743][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 198.797845][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 198.797914][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.797974][ C0] ? stack_trace_save+0x8e/0xc0 [ 198.798040][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 198.798106][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.798165][ C0] ? stack_depot_save_flags+0x28/0xa50 [ 198.798231][ C0] ? cfg80211_inform_bss_data+0x224/0x3bd0 [ 198.798309][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.798368][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 198.798447][ C0] ? __kmalloc_noprof+0x223/0x510 [ 198.798520][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 198.798586][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0 [ 198.798647][ C0] ? ieee80211_iface_work+0xbf4/0x1020 [ 198.798710][ C0] ? process_one_work+0x9cf/0x1b70 [ 198.798768][ C0] ? ret_from_fork+0x48/0x80 [ 198.798818][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 198.798904][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 198.798999][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.799058][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 198.799111][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.799170][ C0] ? _ieee802_11_parse_elems_full+0x626/0x44e0 [ 198.799257][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.799316][ C0] ? __lock_acquire+0x5ca/0x1ba0 [ 198.799365][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.799424][ C0] ? ieee802_11_parse_elems_full+0x145/0x3780 [ 198.799498][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 198.799589][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 198.799654][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 198.799724][ C0] ? find_held_lock+0x2b/0x80 [ 198.799787][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.799853][ C0] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 198.799934][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 198.800000][ C0] ? __pfx___might_resched+0x10/0x10 [ 198.800076][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.800145][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.800207][ C0] ? kcov_remote_start+0x3c9/0x6d0 [ 198.800256][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.800318][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.800383][ C0] ieee80211_iface_work+0xbf4/0x1020 [ 198.800453][ C0] ? rcu_is_watching+0x12/0xc0 [ 198.800523][ C0] cfg80211_wiphy_work+0x3df/0x550 [ 198.800582][ C0] process_one_work+0x9cf/0x1b70 [ 198.800664][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 198.800726][ C0] ? __pfx_process_one_work+0x10/0x10 [ 198.800797][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.800878][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.800963][ C0] ? assign_work+0x1a0/0x250 [ 198.801028][ C0] worker_thread+0x6c8/0xf10 [ 198.801105][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.801162][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.801209][ C0] ? __kthread_parkme+0x19e/0x250 [ 198.801269][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.801319][ C0] ? __pfx_worker_thread+0x10/0x10 [ 198.801365][ C0] kthread+0x3c5/0x780 [ 198.801404][ C0] ? __pfx_kthread+0x10/0x10 [ 198.801442][ C0] ? __pfx_kthread+0x10/0x10 [ 198.801481][ C0] ? __pfx_kthread+0x10/0x10 [ 198.801519][ C0] ? __pfx_kthread+0x10/0x10 [ 198.801557][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 198.801605][ C0] ? rcu_is_watching+0x12/0xc0 [ 198.801656][ C0] ? __pfx_kthread+0x10/0x10 [ 198.801696][ C0] ret_from_fork+0x48/0x80 [ 198.801737][ C0] ? __pfx_kthread+0x10/0x10 [ 198.801776][ C0] ret_from_fork_asm+0x1a/0x30 [ 198.801851][ C0] [ 198.801864][ C0] [ 199.528547][ C0] Allocated by task 5898: [ 199.532884][ C0] kasan_save_stack+0x33/0x60 [ 199.537611][ C0] kasan_save_track+0x14/0x30 [ 199.542329][ C0] __kasan_kmalloc+0xaa/0xb0 [ 199.546959][ C0] xpad_probe+0x286/0x1f30 [ 199.551405][ C0] usb_probe_interface+0x303/0x9c0 [ 199.556550][ C0] really_probe+0x241/0xa90 [ 199.561099][ C0] __driver_probe_device+0x1de/0x440 [ 199.566429][ C0] driver_probe_device+0x4c/0x1b0 [ 199.571496][ C0] __device_attach_driver+0x1df/0x310 [ 199.576916][ C0] bus_for_each_drv+0x159/0x1e0 [ 199.581798][ C0] __device_attach+0x1e4/0x4b0 [ 199.586602][ C0] bus_probe_device+0x17f/0x1c0 [ 199.591482][ C0] device_add+0x1148/0x1a70 [ 199.596006][ C0] usb_set_configuration+0x1187/0x1e20 [ 199.601485][ C0] usb_generic_driver_probe+0xb1/0x110 [ 199.606971][ C0] usb_probe_device+0xef/0x3e0 [ 199.611763][ C0] really_probe+0x241/0xa90 [ 199.616314][ C0] __driver_probe_device+0x1de/0x440 [ 199.621643][ C0] driver_probe_device+0x4c/0x1b0 [ 199.626698][ C0] __device_attach_driver+0x1df/0x310 [ 199.632113][ C0] bus_for_each_drv+0x159/0x1e0 [ 199.636995][ C0] __device_attach+0x1e4/0x4b0 [ 199.641801][ C0] bus_probe_device+0x17f/0x1c0 [ 199.646692][ C0] device_add+0x1148/0x1a70 [ 199.651212][ C0] usb_new_device+0xd07/0x1a20 [ 199.655987][ C0] hub_event+0x2eb7/0x4fa0 [ 199.660414][ C0] process_one_work+0x9cf/0x1b70 [ 199.665372][ C0] worker_thread+0x6c8/0xf10 [ 199.669976][ C0] kthread+0x3c5/0x780 [ 199.674058][ C0] ret_from_fork+0x48/0x80 [ 199.678545][ C0] ret_from_fork_asm+0x1a/0x30 [ 199.683346][ C0] [ 199.685689][ C0] Freed by task 5902: [ 199.689666][ C0] kasan_save_stack+0x33/0x60 [ 199.694373][ C0] kasan_save_track+0x14/0x30 [ 199.699084][ C0] kasan_save_free_info+0x3b/0x60 [ 199.704127][ C0] __kasan_slab_free+0x51/0x70 [ 199.708923][ C0] kfree+0x2b6/0x4d0 [ 199.712839][ C0] xpad_disconnect+0x1cf/0x580 [ 199.717627][ C0] usb_unbind_interface+0x1dd/0x9a0 [ 199.722847][ C0] device_remove+0x125/0x170 [ 199.727469][ C0] device_release_driver_internal+0x44b/0x620 [ 199.733574][ C0] bus_remove_device+0x22f/0x420 [ 199.738541][ C0] device_del+0x396/0x9f0 [ 199.742905][ C0] usb_disable_device+0x355/0x7d0 [ 199.747942][ C0] usb_disconnect+0x2e1/0x920 [ 199.752630][ C0] hub_event+0x1c57/0x4fa0 [ 199.757062][ C0] process_one_work+0x9cf/0x1b70 [ 199.762018][ C0] worker_thread+0x6c8/0xf10 [ 199.766624][ C0] kthread+0x3c5/0x780 [ 199.770702][ C0] ret_from_fork+0x48/0x80 [ 199.775129][ C0] ret_from_fork_asm+0x1a/0x30 [ 199.779931][ C0] [ 199.782257][ C0] The buggy address belongs to the object at ffff88802e354000 [ 199.782257][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 199.796320][ C0] The buggy address is located 104 bytes inside of [ 199.796320][ C0] freed 1024-byte region [ffff88802e354000, ffff88802e354400) [ 199.810219][ C0] [ 199.812543][ C0] The buggy address belongs to the physical page: [ 199.818953][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e350 [ 199.827725][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 199.836232][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 199.843786][ C0] page_type: f5(slab) [ 199.847782][ C0] raw: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 199.856380][ C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 199.864977][ C0] head: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 199.873657][ C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 199.882426][ C0] head: 00fff00000000003 ffffea0000b8d401 00000000ffffffff 00000000ffffffff [ 199.891110][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 199.899781][ C0] page dumped because: kasan: bad access detected [ 199.906286][ C0] page_owner tracks the page as allocated [ 199.911995][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5841, tgid 5841 (syz-executor), ts 118817981853, free_ts 118739037182 [ 199.931476][ C0] post_alloc_hook+0x181/0x1b0 [ 199.936274][ C0] get_page_from_freelist+0x135c/0x3920 [ 199.941853][ C0] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 199.947786][ C0] alloc_pages_mpol+0x1fb/0x550 [ 199.952651][ C0] new_slab+0x244/0x340 [ 199.956827][ C0] ___slab_alloc+0xd9c/0x1940 [ 199.961532][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 199.966931][ C0] __kmalloc_noprof+0x2f2/0x510 [ 199.971815][ C0] ieee802_11_parse_elems_full+0x1d7/0x3780 [ 199.977734][ C0] ieee80211_inform_bss+0x10b/0x1140 [ 199.983042][ C0] cfg80211_inform_single_bss_data+0x8ea/0x1df0 [ 199.989316][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 199.994979][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 200.001082][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 200.006736][ C0] ieee80211_scan_rx+0x475/0xae0 [ 200.011693][ C0] ieee80211_rx_list+0x1bdb/0x2980 [ 200.016828][ C0] page last free pid 5843 tgid 5843 stack trace: [ 200.023155][ C0] __free_frozen_pages+0x69d/0xff0 [ 200.028291][ C0] qlist_free_all+0x4e/0x120 [ 200.032914][ C0] kasan_quarantine_reduce+0x195/0x1e0 [ 200.038410][ C0] __kasan_slab_alloc+0x69/0x90 [ 200.043294][ C0] __kmalloc_noprof+0x1d4/0x510 [ 200.048175][ C0] tomoyo_realpath_from_path+0xc2/0x6e0 [ 200.053751][ C0] tomoyo_path_number_perm+0x245/0x580 [ 200.059243][ C0] security_file_ioctl+0x9b/0x240 [ 200.064287][ C0] __x64_sys_ioctl+0xb7/0x200 [ 200.068984][ C0] do_syscall_64+0xcd/0x260 [ 200.073518][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.079428][ C0] [ 200.081751][ C0] Memory state around the buggy address: [ 200.087381][ C0] ffff88802e353f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 200.095453][ C0] ffff88802e353f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 200.103520][ C0] >ffff88802e354000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.111842][ C0] ^ [ 200.119297][ C0] ffff88802e354080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.127366][ C0] ffff88802e354100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 200.135433][ C0] ================================================================== [ 200.143499][ C0] ================================================================== [ 200.151561][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x265/0x2b0 [ 200.159392][ C0] Read of size 4 at addr ffff88802e354060 by task kworker/u8:9/6534 [ 200.167377][ C0] [ 200.169716][ C0] CPU: 0 UID: 0 PID: 6534 Comm: kworker/u8:9 Tainted: G B 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 200.169764][ C0] Tainted: [B]=BAD_PAGE [ 200.169776][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 200.169799][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 200.169834][ C0] Call Trace: [ 200.169846][ C0] [ 200.169859][ C0] dump_stack_lvl+0x116/0x1f0 [ 200.169915][ C0] print_report+0xc3/0x670 [ 200.169967][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170007][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170046][ C0] ? __phys_addr+0xc6/0x150 [ 200.170095][ C0] ? do_raw_spin_lock+0x265/0x2b0 [ 200.170131][ C0] kasan_report+0xe0/0x110 [ 200.170161][ C0] ? do_raw_spin_lock+0x265/0x2b0 [ 200.170203][ C0] do_raw_spin_lock+0x265/0x2b0 [ 200.170240][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 200.170278][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170321][ C0] _raw_spin_lock_irqsave+0x42/0x60 [ 200.170363][ C0] ? __wake_up+0x1c/0x60 [ 200.170410][ C0] __wake_up+0x1c/0x60 [ 200.170459][ C0] usb_anchor_resume_wakeups+0xc2/0xe0 [ 200.170511][ C0] __usb_hcd_giveback_urb+0x3b8/0x6e0 [ 200.170555][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 200.170595][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170637][ C0] dummy_timer+0x180e/0x3a20 [ 200.170683][ C0] ? find_held_lock+0x2b/0x80 [ 200.170725][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170767][ C0] ? find_held_lock+0x2b/0x80 [ 200.170808][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170851][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170896][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.170934][ C0] ? debug_object_deactivate+0x1ec/0x3a0 [ 200.170984][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 200.171033][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.171074][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 200.171117][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 200.171159][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.171198][ C0] ? mark_held_locks+0x49/0x80 [ 200.171249][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 200.171295][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 200.171337][ C0] __hrtimer_run_queues+0x202/0xad0 [ 200.171381][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 200.171419][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.171464][ C0] hrtimer_run_softirq+0x17d/0x350 [ 200.171504][ C0] handle_softirqs+0x219/0x8e0 [ 200.171551][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 200.171595][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.171636][ C0] __irq_exit_rcu+0x109/0x170 [ 200.171678][ C0] irq_exit_rcu+0x9/0x30 [ 200.171719][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 200.171765][ C0] [ 200.171776][ C0] [ 200.171787][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 200.171824][ C0] RIP: 0010:__local_bh_enable_ip+0xac/0x120 [ 200.171870][ C0] Code: 1d e9 a8 29 12 65 8b 05 e2 a8 29 12 a9 00 ff ff 00 74 4d bf 01 00 00 00 e8 81 01 0c 00 e8 2c 2c 46 00 fb 65 8b 05 c4 a8 29 12 <85> c0 74 52 5b 5d e9 94 69 93 ff 65 8b 05 ce e2 29 12 85 c0 75 9e [ 200.171906][ C0] RSP: 0018:ffffc9001dcaf298 EFLAGS: 00000202 [ 200.171931][ C0] RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 0000000000000006 [ 200.171952][ C0] RDX: 0000000000000000 RSI: ffffffff8dbeb82e RDI: ffffffff8bf451c0 [ 200.171973][ C0] RBP: ffffffff8ac3b03e R08: 0000000000000001 R09: 0000000000000001 [ 200.171994][ C0] R10: ffffffff90866b17 R11: 0000000000000000 R12: 0000000000000000 [ 200.172014][ C0] R13: ffff888030497468 R14: ffff88802856b800 R15: ffffc9001dcaf8a8 [ 200.172038][ C0] ? cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 200.172100][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 200.172145][ C0] cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 200.172199][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.172243][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 200.172310][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 200.172353][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.172392][ C0] ? stack_trace_save+0x8e/0xc0 [ 200.172436][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 200.172479][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.172518][ C0] ? stack_depot_save_flags+0x28/0xa50 [ 200.172561][ C0] ? cfg80211_inform_bss_data+0x224/0x3bd0 [ 200.172612][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.172651][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 200.172703][ C0] ? __kmalloc_noprof+0x223/0x510 [ 200.172750][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 200.172793][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0 [ 200.172833][ C0] ? ieee80211_iface_work+0xbf4/0x1020 [ 200.172874][ C0] ? process_one_work+0x9cf/0x1b70 [ 200.172917][ C0] ? ret_from_fork+0x48/0x80 [ 200.172951][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 200.173007][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 200.173063][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173102][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 200.173138][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173177][ C0] ? _ieee802_11_parse_elems_full+0x626/0x44e0 [ 200.173234][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173272][ C0] ? __lock_acquire+0x5ca/0x1ba0 [ 200.173304][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173343][ C0] ? ieee802_11_parse_elems_full+0x145/0x3780 [ 200.173391][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 200.173450][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 200.173493][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 200.173539][ C0] ? find_held_lock+0x2b/0x80 [ 200.173580][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173623][ C0] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 200.173674][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 200.173717][ C0] ? __pfx___might_resched+0x10/0x10 [ 200.173767][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173827][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173868][ C0] ? kcov_remote_start+0x3c9/0x6d0 [ 200.173904][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173945][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.173988][ C0] ieee80211_iface_work+0xbf4/0x1020 [ 200.174033][ C0] ? rcu_is_watching+0x12/0xc0 [ 200.174076][ C0] cfg80211_wiphy_work+0x3df/0x550 [ 200.174112][ C0] process_one_work+0x9cf/0x1b70 [ 200.174156][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 200.174189][ C0] ? __pfx_process_one_work+0x10/0x10 [ 200.174227][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.174272][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.174311][ C0] ? assign_work+0x1a0/0x250 [ 200.174346][ C0] worker_thread+0x6c8/0xf10 [ 200.174388][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.174428][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.174468][ C0] ? __kthread_parkme+0x19e/0x250 [ 200.174517][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.174558][ C0] ? __pfx_worker_thread+0x10/0x10 [ 200.174596][ C0] kthread+0x3c5/0x780 [ 200.174629][ C0] ? __pfx_kthread+0x10/0x10 [ 200.174660][ C0] ? __pfx_kthread+0x10/0x10 [ 200.174692][ C0] ? __pfx_kthread+0x10/0x10 [ 200.174724][ C0] ? __pfx_kthread+0x10/0x10 [ 200.174755][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.174794][ C0] ? rcu_is_watching+0x12/0xc0 [ 200.174836][ C0] ? __pfx_kthread+0x10/0x10 [ 200.174869][ C0] ret_from_fork+0x48/0x80 [ 200.174908][ C0] ? __pfx_kthread+0x10/0x10 [ 200.174940][ C0] ret_from_fork_asm+0x1a/0x30 [ 200.175002][ C0] [ 200.175013][ C0] [ 200.901894][ C0] Allocated by task 5898: [ 200.906231][ C0] kasan_save_stack+0x33/0x60 [ 200.910954][ C0] kasan_save_track+0x14/0x30 [ 200.915671][ C0] __kasan_kmalloc+0xaa/0xb0 [ 200.920298][ C0] xpad_probe+0x286/0x1f30 [ 200.924741][ C0] usb_probe_interface+0x303/0x9c0 [ 200.929883][ C0] really_probe+0x241/0xa90 [ 200.934520][ C0] __driver_probe_device+0x1de/0x440 [ 200.939848][ C0] driver_probe_device+0x4c/0x1b0 [ 200.944907][ C0] __device_attach_driver+0x1df/0x310 [ 200.950311][ C0] bus_for_each_drv+0x159/0x1e0 [ 200.955186][ C0] __device_attach+0x1e4/0x4b0 [ 200.959994][ C0] bus_probe_device+0x17f/0x1c0 [ 200.964884][ C0] device_add+0x1148/0x1a70 [ 200.969410][ C0] usb_set_configuration+0x1187/0x1e20 [ 200.974902][ C0] usb_generic_driver_probe+0xb1/0x110 [ 200.980404][ C0] usb_probe_device+0xef/0x3e0 [ 200.985185][ C0] really_probe+0x241/0xa90 [ 200.989718][ C0] __driver_probe_device+0x1de/0x440 [ 200.995061][ C0] driver_probe_device+0x4c/0x1b0 [ 201.000128][ C0] __device_attach_driver+0x1df/0x310 [ 201.005540][ C0] bus_for_each_drv+0x159/0x1e0 [ 201.010417][ C0] __device_attach+0x1e4/0x4b0 [ 201.015212][ C0] bus_probe_device+0x17f/0x1c0 [ 201.020087][ C0] device_add+0x1148/0x1a70 [ 201.024690][ C0] usb_new_device+0xd07/0x1a20 [ 201.029465][ C0] hub_event+0x2eb7/0x4fa0 [ 201.033892][ C0] process_one_work+0x9cf/0x1b70 [ 201.038848][ C0] worker_thread+0x6c8/0xf10 [ 201.043452][ C0] kthread+0x3c5/0x780 [ 201.047538][ C0] ret_from_fork+0x48/0x80 [ 201.051992][ C0] ret_from_fork_asm+0x1a/0x30 [ 201.056804][ C0] [ 201.059137][ C0] Freed by task 5902: [ 201.063131][ C0] kasan_save_stack+0x33/0x60 [ 201.067848][ C0] kasan_save_track+0x14/0x30 [ 201.072554][ C0] kasan_save_free_info+0x3b/0x60 [ 201.077602][ C0] __kasan_slab_free+0x51/0x70 [ 201.082397][ C0] kfree+0x2b6/0x4d0 [ 201.086315][ C0] xpad_disconnect+0x1cf/0x580 [ 201.091100][ C0] usb_unbind_interface+0x1dd/0x9a0 [ 201.096323][ C0] device_remove+0x125/0x170 [ 201.100975][ C0] device_release_driver_internal+0x44b/0x620 [ 201.107074][ C0] bus_remove_device+0x22f/0x420 [ 201.112034][ C0] device_del+0x396/0x9f0 [ 201.116390][ C0] usb_disable_device+0x355/0x7d0 [ 201.121429][ C0] usb_disconnect+0x2e1/0x920 [ 201.126133][ C0] hub_event+0x1c57/0x4fa0 [ 201.130567][ C0] process_one_work+0x9cf/0x1b70 [ 201.135523][ C0] worker_thread+0x6c8/0xf10 [ 201.140127][ C0] kthread+0x3c5/0x780 [ 201.144212][ C0] ret_from_fork+0x48/0x80 [ 201.148647][ C0] ret_from_fork_asm+0x1a/0x30 [ 201.153444][ C0] [ 201.155766][ C0] The buggy address belongs to the object at ffff88802e354000 [ 201.155766][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 201.169825][ C0] The buggy address is located 96 bytes inside of [ 201.169825][ C0] freed 1024-byte region [ffff88802e354000, ffff88802e354400) [ 201.183638][ C0] [ 201.185965][ C0] The buggy address belongs to the physical page: [ 201.192382][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e350 [ 201.201765][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 201.210269][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 201.217830][ C0] page_type: f5(slab) [ 201.221828][ C0] raw: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 201.230434][ C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 201.239067][ C0] head: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 201.247754][ C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 201.256443][ C0] head: 00fff00000000003 ffffea0000b8d401 00000000ffffffff 00000000ffffffff [ 201.265124][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 201.273816][ C0] page dumped because: kasan: bad access detected [ 201.280253][ C0] page_owner tracks the page as allocated [ 201.285964][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5841, tgid 5841 (syz-executor), ts 118817981853, free_ts 118739037182 [ 201.305450][ C0] post_alloc_hook+0x181/0x1b0 [ 201.310249][ C0] get_page_from_freelist+0x135c/0x3920 [ 201.315827][ C0] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 201.321755][ C0] alloc_pages_mpol+0x1fb/0x550 [ 201.326618][ C0] new_slab+0x244/0x340 [ 201.330793][ C0] ___slab_alloc+0xd9c/0x1940 [ 201.335502][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 201.340898][ C0] __kmalloc_noprof+0x2f2/0x510 [ 201.345774][ C0] ieee802_11_parse_elems_full+0x1d7/0x3780 [ 201.351688][ C0] ieee80211_inform_bss+0x10b/0x1140 [ 201.356994][ C0] cfg80211_inform_single_bss_data+0x8ea/0x1df0 [ 201.363272][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 201.369111][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 201.375214][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 201.380866][ C0] ieee80211_scan_rx+0x475/0xae0 [ 201.385819][ C0] ieee80211_rx_list+0x1bdb/0x2980 [ 201.390951][ C0] page last free pid 5843 tgid 5843 stack trace: [ 201.397276][ C0] __free_frozen_pages+0x69d/0xff0 [ 201.402412][ C0] qlist_free_all+0x4e/0x120 [ 201.407025][ C0] kasan_quarantine_reduce+0x195/0x1e0 [ 201.412512][ C0] __kasan_slab_alloc+0x69/0x90 [ 201.417398][ C0] __kmalloc_noprof+0x1d4/0x510 [ 201.422283][ C0] tomoyo_realpath_from_path+0xc2/0x6e0 [ 201.427855][ C0] tomoyo_path_number_perm+0x245/0x580 [ 201.433334][ C0] security_file_ioctl+0x9b/0x240 [ 201.438377][ C0] __x64_sys_ioctl+0xb7/0x200 [ 201.443072][ C0] do_syscall_64+0xcd/0x260 [ 201.447603][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.453509][ C0] [ 201.455830][ C0] Memory state around the buggy address: [ 201.461468][ C0] ffff88802e353f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 201.469536][ C0] ffff88802e353f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 201.477602][ C0] >ffff88802e354000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 201.485667][ C0] ^ [ 201.492866][ C0] ffff88802e354080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 201.500938][ C0] ffff88802e354100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 201.509006][ C0] ================================================================== [ 201.517068][ C0] ================================================================== [ 201.525129][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x11d/0x2b0 [ 201.532965][ C0] Write of size 4 at addr ffff88802e354058 by task kworker/u8:9/6534 [ 201.541037][ C0] [ 201.543371][ C0] CPU: 0 UID: 0 PID: 6534 Comm: kworker/u8:9 Tainted: G B 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 201.543421][ C0] Tainted: [B]=BAD_PAGE [ 201.543434][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 201.543457][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 201.543494][ C0] Call Trace: [ 201.543507][ C0] [ 201.543520][ C0] dump_stack_lvl+0x116/0x1f0 [ 201.543570][ C0] print_report+0xc3/0x670 [ 201.543623][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.543663][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.543703][ C0] ? __phys_addr+0xc6/0x150 [ 201.543752][ C0] ? do_raw_spin_lock+0x11d/0x2b0 [ 201.543790][ C0] kasan_report+0xe0/0x110 [ 201.543820][ C0] ? do_raw_spin_lock+0x11d/0x2b0 [ 201.543863][ C0] kasan_check_range+0xef/0x1a0 [ 201.543902][ C0] do_raw_spin_lock+0x11d/0x2b0 [ 201.543939][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 201.543978][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544022][ C0] _raw_spin_lock_irqsave+0x42/0x60 [ 201.544064][ C0] ? __wake_up+0x1c/0x60 [ 201.544110][ C0] __wake_up+0x1c/0x60 [ 201.544162][ C0] usb_anchor_resume_wakeups+0xc2/0xe0 [ 201.544214][ C0] __usb_hcd_giveback_urb+0x3b8/0x6e0 [ 201.544258][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 201.544298][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544341][ C0] dummy_timer+0x180e/0x3a20 [ 201.544388][ C0] ? find_held_lock+0x2b/0x80 [ 201.544430][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544472][ C0] ? find_held_lock+0x2b/0x80 [ 201.544514][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544556][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544597][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544636][ C0] ? debug_object_deactivate+0x1ec/0x3a0 [ 201.544686][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 201.544735][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544776][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 201.544819][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 201.544861][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.544901][ C0] ? mark_held_locks+0x49/0x80 [ 201.544952][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 201.544998][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 201.545041][ C0] __hrtimer_run_queues+0x202/0xad0 [ 201.545085][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 201.545123][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.545173][ C0] hrtimer_run_softirq+0x17d/0x350 [ 201.545213][ C0] handle_softirqs+0x219/0x8e0 [ 201.545260][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 201.545304][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.545347][ C0] __irq_exit_rcu+0x109/0x170 [ 201.545389][ C0] irq_exit_rcu+0x9/0x30 [ 201.545431][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 201.545476][ C0] [ 201.545487][ C0] [ 201.545499][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 201.545536][ C0] RIP: 0010:__local_bh_enable_ip+0xac/0x120 [ 201.545582][ C0] Code: 1d e9 a8 29 12 65 8b 05 e2 a8 29 12 a9 00 ff ff 00 74 4d bf 01 00 00 00 e8 81 01 0c 00 e8 2c 2c 46 00 fb 65 8b 05 c4 a8 29 12 <85> c0 74 52 5b 5d e9 94 69 93 ff 65 8b 05 ce e2 29 12 85 c0 75 9e [ 201.545615][ C0] RSP: 0018:ffffc9001dcaf298 EFLAGS: 00000202 [ 201.545641][ C0] RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 0000000000000006 [ 201.545663][ C0] RDX: 0000000000000000 RSI: ffffffff8dbeb82e RDI: ffffffff8bf451c0 [ 201.545684][ C0] RBP: ffffffff8ac3b03e R08: 0000000000000001 R09: 0000000000000001 [ 201.545706][ C0] R10: ffffffff90866b17 R11: 0000000000000000 R12: 0000000000000000 [ 201.545727][ C0] R13: ffff888030497468 R14: ffff88802856b800 R15: ffffc9001dcaf8a8 [ 201.545751][ C0] ? cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 201.545813][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 201.545857][ C0] cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 201.545911][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.545956][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 201.546023][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 201.546066][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.546105][ C0] ? stack_trace_save+0x8e/0xc0 [ 201.546154][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 201.546197][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.546236][ C0] ? stack_depot_save_flags+0x28/0xa50 [ 201.546280][ C0] ? cfg80211_inform_bss_data+0x224/0x3bd0 [ 201.546330][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.546369][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 201.546420][ C0] ? __kmalloc_noprof+0x223/0x510 [ 201.546468][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 201.546511][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0 [ 201.546552][ C0] ? ieee80211_iface_work+0xbf4/0x1020 [ 201.546593][ C0] ? process_one_work+0x9cf/0x1b70 [ 201.546631][ C0] ? ret_from_fork+0x48/0x80 [ 201.546665][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 201.546722][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 201.546778][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.546817][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 201.546853][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.546892][ C0] ? _ieee802_11_parse_elems_full+0x626/0x44e0 [ 201.546949][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.546989][ C0] ? __lock_acquire+0x5ca/0x1ba0 [ 201.547021][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.547060][ C0] ? ieee802_11_parse_elems_full+0x145/0x3780 [ 201.547109][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 201.547172][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 201.547216][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 201.547262][ C0] ? find_held_lock+0x2b/0x80 [ 201.547304][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.547347][ C0] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 201.547398][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 201.547442][ C0] ? __pfx___might_resched+0x10/0x10 [ 201.547493][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.547538][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.547579][ C0] ? kcov_remote_start+0x3c9/0x6d0 [ 201.547612][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.547653][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.547697][ C0] ieee80211_iface_work+0xbf4/0x1020 [ 201.547741][ C0] ? rcu_is_watching+0x12/0xc0 [ 201.547783][ C0] cfg80211_wiphy_work+0x3df/0x550 [ 201.547819][ C0] process_one_work+0x9cf/0x1b70 [ 201.547863][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 201.547897][ C0] ? __pfx_process_one_work+0x10/0x10 [ 201.547936][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.547980][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.548019][ C0] ? assign_work+0x1a0/0x250 [ 201.548054][ C0] worker_thread+0x6c8/0xf10 [ 201.548096][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.548137][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.548181][ C0] ? __kthread_parkme+0x19e/0x250 [ 201.548230][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.548270][ C0] ? __pfx_worker_thread+0x10/0x10 [ 201.548308][ C0] kthread+0x3c5/0x780 [ 201.548342][ C0] ? __pfx_kthread+0x10/0x10 [ 201.548373][ C0] ? __pfx_kthread+0x10/0x10 [ 201.548405][ C0] ? __pfx_kthread+0x10/0x10 [ 201.548437][ C0] ? __pfx_kthread+0x10/0x10 [ 201.548468][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.548507][ C0] ? rcu_is_watching+0x12/0xc0 [ 201.548548][ C0] ? __pfx_kthread+0x10/0x10 [ 201.548581][ C0] ret_from_fork+0x48/0x80 [ 201.548615][ C0] ? __pfx_kthread+0x10/0x10 [ 201.548647][ C0] ret_from_fork_asm+0x1a/0x30 [ 201.548708][ C0] [ 201.548718][ C0] [ 202.280277][ C0] Allocated by task 5898: [ 202.284607][ C0] kasan_save_stack+0x33/0x60 [ 202.289315][ C0] kasan_save_track+0x14/0x30 [ 202.294023][ C0] __kasan_kmalloc+0xaa/0xb0 [ 202.298637][ C0] xpad_probe+0x286/0x1f30 [ 202.303071][ C0] usb_probe_interface+0x303/0x9c0 [ 202.308199][ C0] really_probe+0x241/0xa90 [ 202.312729][ C0] __driver_probe_device+0x1de/0x440 [ 202.318040][ C0] driver_probe_device+0x4c/0x1b0 [ 202.323091][ C0] __device_attach_driver+0x1df/0x310 [ 202.328496][ C0] bus_for_each_drv+0x159/0x1e0 [ 202.333362][ C0] __device_attach+0x1e4/0x4b0 [ 202.338157][ C0] bus_probe_device+0x17f/0x1c0 [ 202.343038][ C0] device_add+0x1148/0x1a70 [ 202.347549][ C0] usb_set_configuration+0x1187/0x1e20 [ 202.353020][ C0] usb_generic_driver_probe+0xb1/0x110 [ 202.358511][ C0] usb_probe_device+0xef/0x3e0 [ 202.363285][ C0] really_probe+0x241/0xa90 [ 202.367812][ C0] __driver_probe_device+0x1de/0x440 [ 202.373123][ C0] driver_probe_device+0x4c/0x1b0 [ 202.378186][ C0] __device_attach_driver+0x1df/0x310 [ 202.383590][ C0] bus_for_each_drv+0x159/0x1e0 [ 202.388458][ C0] __device_attach+0x1e4/0x4b0 [ 202.393249][ C0] bus_probe_device+0x17f/0x1c0 [ 202.398121][ C0] device_add+0x1148/0x1a70 [ 202.402640][ C0] usb_new_device+0xd07/0x1a20 [ 202.407411][ C0] hub_event+0x2eb7/0x4fa0 [ 202.411833][ C0] process_one_work+0x9cf/0x1b70 [ 202.416784][ C0] worker_thread+0x6c8/0xf10 [ 202.421388][ C0] kthread+0x3c5/0x780 [ 202.425463][ C0] ret_from_fork+0x48/0x80 [ 202.429891][ C0] ret_from_fork_asm+0x1a/0x30 [ 202.434768][ C0] [ 202.437086][ C0] Freed by task 5902: [ 202.441061][ C0] kasan_save_stack+0x33/0x60 [ 202.445764][ C0] kasan_save_track+0x14/0x30 [ 202.450466][ C0] kasan_save_free_info+0x3b/0x60 [ 202.455513][ C0] __kasan_slab_free+0x51/0x70 [ 202.460313][ C0] kfree+0x2b6/0x4d0 [ 202.464225][ C0] xpad_disconnect+0x1cf/0x580 [ 202.469183][ C0] usb_unbind_interface+0x1dd/0x9a0 [ 202.474400][ C0] device_remove+0x125/0x170 [ 202.479032][ C0] device_release_driver_internal+0x44b/0x620 [ 202.485151][ C0] bus_remove_device+0x22f/0x420 [ 202.490135][ C0] device_del+0x396/0x9f0 [ 202.494597][ C0] usb_disable_device+0x355/0x7d0 [ 202.499637][ C0] usb_disconnect+0x2e1/0x920 [ 202.504411][ C0] hub_event+0x1c57/0x4fa0 [ 202.508866][ C0] process_one_work+0x9cf/0x1b70 [ 202.513837][ C0] worker_thread+0x6c8/0xf10 [ 202.518540][ C0] kthread+0x3c5/0x780 [ 202.522624][ C0] ret_from_fork+0x48/0x80 [ 202.527055][ C0] ret_from_fork_asm+0x1a/0x30 [ 202.531862][ C0] [ 202.534188][ C0] The buggy address belongs to the object at ffff88802e354000 [ 202.534188][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 202.548257][ C0] The buggy address is located 88 bytes inside of [ 202.548257][ C0] freed 1024-byte region [ffff88802e354000, ffff88802e354400) [ 202.562066][ C0] [ 202.564387][ C0] The buggy address belongs to the physical page: [ 202.570794][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e350 [ 202.579562][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 202.588074][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 202.595662][ C0] page_type: f5(slab) [ 202.599686][ C0] raw: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 202.608310][ C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 202.616930][ C0] head: 00fff00000000040 ffff88801b441dc0 ffffea0000b19a00 dead000000000002 [ 202.625638][ C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 202.634344][ C0] head: 00fff00000000003 ffffea0000b8d401 00000000ffffffff 00000000ffffffff [ 202.643043][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 202.651730][ C0] page dumped because: kasan: bad access detected [ 202.658153][ C0] page_owner tracks the page as allocated [ 202.663876][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5841, tgid 5841 (syz-executor), ts 118817981853, free_ts 118739037182 [ 202.683383][ C0] post_alloc_hook+0x181/0x1b0 [ 202.688217][ C0] get_page_from_freelist+0x135c/0x3920 [ 202.693907][ C0] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 202.700021][ C0] alloc_pages_mpol+0x1fb/0x550 [ 202.704891][ C0] new_slab+0x244/0x340 [ 202.709082][ C0] ___slab_alloc+0xd9c/0x1940 [ 202.713790][ C0] __slab_alloc.constprop.0+0x56/0xb0 [ 202.719218][ C0] __kmalloc_noprof+0x2f2/0x510 [ 202.724200][ C0] ieee802_11_parse_elems_full+0x1d7/0x3780 [ 202.730130][ C0] ieee80211_inform_bss+0x10b/0x1140 [ 202.735442][ C0] cfg80211_inform_single_bss_data+0x8ea/0x1df0 [ 202.741728][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 202.747388][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 202.753488][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 202.759153][ C0] ieee80211_scan_rx+0x475/0xae0 [ 202.764119][ C0] ieee80211_rx_list+0x1bdb/0x2980 [ 202.769263][ C0] page last free pid 5843 tgid 5843 stack trace: [ 202.775596][ C0] __free_frozen_pages+0x69d/0xff0 [ 202.780760][ C0] qlist_free_all+0x4e/0x120 [ 202.785387][ C0] kasan_quarantine_reduce+0x195/0x1e0 [ 202.790907][ C0] __kasan_slab_alloc+0x69/0x90 [ 202.795884][ C0] __kmalloc_noprof+0x1d4/0x510 [ 202.800774][ C0] tomoyo_realpath_from_path+0xc2/0x6e0 [ 202.806363][ C0] tomoyo_path_number_perm+0x245/0x580 [ 202.811875][ C0] security_file_ioctl+0x9b/0x240 [ 202.816924][ C0] __x64_sys_ioctl+0xb7/0x200 [ 202.821622][ C0] do_syscall_64+0xcd/0x260 [ 202.826167][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.832073][ C0] [ 202.834392][ C0] Memory state around the buggy address: [ 202.840197][ C0] ffff88802e353f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 202.848267][ C0] ffff88802e353f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 202.856684][ C0] >ffff88802e354000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.864753][ C0] ^ [ 202.871690][ C0] ffff88802e354080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.879764][ C0] ffff88802e354100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.887830][ C0] ================================================================== [ 202.895894][ C0] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 202.903624][ C0] CPU: 0 UID: 0 PID: 6534 Comm: kworker/u8:9 Tainted: G B 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) [ 202.917368][ C0] Tainted: [B]=BAD_PAGE [ 202.921521][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 202.931591][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 202.937861][ C0] Call Trace: [ 202.941150][ C0] [ 202.944001][ C0] dump_stack_lvl+0x3d/0x1f0 [ 202.948625][ C0] panic+0x71c/0x800 [ 202.952537][ C0] ? __pfx_panic+0x10/0x10 [ 202.956968][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.962629][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 202.968285][ C0] ? rcu_is_watching+0x12/0xc0 [ 202.973076][ C0] ? lock_release+0x201/0x2f0 [ 202.977767][ C0] ? do_raw_spin_lock+0x11d/0x2b0 [ 202.982814][ C0] end_report+0x159/0x170 [ 202.987179][ C0] kasan_report+0xee/0x110 [ 202.991610][ C0] ? do_raw_spin_lock+0x11d/0x2b0 [ 202.996666][ C0] kasan_check_range+0xef/0x1a0 [ 203.001539][ C0] do_raw_spin_lock+0x11d/0x2b0 [ 203.006413][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 203.011805][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.017463][ C0] _raw_spin_lock_irqsave+0x42/0x60 [ 203.022688][ C0] ? __wake_up+0x1c/0x60 [ 203.026960][ C0] __wake_up+0x1c/0x60 [ 203.031061][ C0] usb_anchor_resume_wakeups+0xc2/0xe0 [ 203.036560][ C0] __usb_hcd_giveback_urb+0x3b8/0x6e0 [ 203.041973][ C0] usb_hcd_giveback_urb+0x39b/0x450 [ 203.048164][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.053842][ C0] dummy_timer+0x180e/0x3a20 [ 203.058469][ C0] ? find_held_lock+0x2b/0x80 [ 203.063185][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.068855][ C0] ? find_held_lock+0x2b/0x80 [ 203.073557][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.079222][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.085051][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.090704][ C0] ? debug_object_deactivate+0x1ec/0x3a0 [ 203.096373][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 203.102391][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.108047][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 203.113015][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 203.117982][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.123643][ C0] ? mark_held_locks+0x49/0x80 [ 203.128451][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 203.134299][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 203.139261][ C0] __hrtimer_run_queues+0x202/0xad0 [ 203.144488][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 203.150286][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.155954][ C0] hrtimer_run_softirq+0x17d/0x350 [ 203.161097][ C0] handle_softirqs+0x219/0x8e0 [ 203.165910][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 203.171242][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.177340][ C0] __irq_exit_rcu+0x109/0x170 [ 203.182044][ C0] irq_exit_rcu+0x9/0x30 [ 203.186314][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 203.192413][ C0] [ 203.195350][ C0] [ 203.198376][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 203.204439][ C0] RIP: 0010:__local_bh_enable_ip+0xac/0x120 [ 203.210457][ C0] Code: 1d e9 a8 29 12 65 8b 05 e2 a8 29 12 a9 00 ff ff 00 74 4d bf 01 00 00 00 e8 81 01 0c 00 e8 2c 2c 46 00 fb 65 8b 05 c4 a8 29 12 <85> c0 74 52 5b 5d e9 94 69 93 ff 65 8b 05 ce e2 29 12 85 c0 75 9e [ 203.230086][ C0] RSP: 0018:ffffc9001dcaf298 EFLAGS: 00000202 [ 203.236175][ C0] RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 0000000000000006 [ 203.244158][ C0] RDX: 0000000000000000 RSI: ffffffff8dbeb82e RDI: ffffffff8bf451c0 [ 203.252136][ C0] RBP: ffffffff8ac3b03e R08: 0000000000000001 R09: 0000000000000001 [ 203.260120][ C0] R10: ffffffff90866b17 R11: 0000000000000000 R12: 0000000000000000 [ 203.268103][ C0] R13: ffff888030497468 R14: ffff88802856b800 R15: ffffc9001dcaf8a8 [ 203.276089][ C0] ? cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 203.282556][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 203.287870][ C0] cfg80211_inform_single_bss_data+0x9ae/0x1df0 [ 203.294149][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.299823][ C0] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 203.306640][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 203.312741][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.318396][ C0] ? stack_trace_save+0x8e/0xc0 [ 203.323364][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 203.328765][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.334520][ C0] ? stack_depot_save_flags+0x28/0xa50 [ 203.340007][ C0] ? cfg80211_inform_bss_data+0x224/0x3bd0 [ 203.345941][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.351594][ C0] cfg80211_inform_bss_data+0x224/0x3bd0 [ 203.357437][ C0] ? __kmalloc_noprof+0x223/0x510 [ 203.362492][ C0] ? ieee802_11_parse_elems_full+0x1d7/0x3780 [ 203.368583][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xc69/0x2fd0 [ 203.374844][ C0] ? ieee80211_iface_work+0xbf4/0x1020 [ 203.380331][ C0] ? process_one_work+0x9cf/0x1b70 [ 203.385465][ C0] ? ret_from_fork+0x48/0x80 [ 203.390067][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 203.395046][ C0] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 203.401243][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.406899][ C0] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 203.412811][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.418466][ C0] ? _ieee802_11_parse_elems_full+0x626/0x44e0 [ 203.424662][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.430317][ C0] ? __lock_acquire+0x5ca/0x1ba0 [ 203.435270][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.440926][ C0] ? ieee802_11_parse_elems_full+0x145/0x3780 [ 203.447027][ C0] cfg80211_inform_bss_frame_data+0x26e/0x7a0 [ 203.453138][ C0] ieee80211_bss_info_update+0x310/0xab0 [ 203.458808][ C0] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 203.465001][ C0] ? find_held_lock+0x2b/0x80 [ 203.469714][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.475380][ C0] ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0 [ 203.481572][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 203.488108][ C0] ? __pfx___might_resched+0x10/0x10 [ 203.493439][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.499103][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.504772][ C0] ? kcov_remote_start+0x3c9/0x6d0 [ 203.509917][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.515616][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.521453][ C0] ieee80211_iface_work+0xbf4/0x1020 [ 203.526766][ C0] ? rcu_is_watching+0x12/0xc0 [ 203.531553][ C0] cfg80211_wiphy_work+0x3df/0x550 [ 203.536726][ C0] process_one_work+0x9cf/0x1b70 [ 203.541694][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 203.547347][ C0] ? __pfx_process_one_work+0x10/0x10 [ 203.552743][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.558402][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.564143][ C0] ? assign_work+0x1a0/0x250 [ 203.568841][ C0] worker_thread+0x6c8/0xf10 [ 203.573456][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.579111][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.584770][ C0] ? __kthread_parkme+0x19e/0x250 [ 203.589822][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.595475][ C0] ? __pfx_worker_thread+0x10/0x10 [ 203.600605][ C0] kthread+0x3c5/0x780 [ 203.604688][ C0] ? __pfx_kthread+0x10/0x10 [ 203.609294][ C0] ? __pfx_kthread+0x10/0x10 [ 203.613902][ C0] ? __pfx_kthread+0x10/0x10 [ 203.618519][ C0] ? __pfx_kthread+0x10/0x10 [ 203.623122][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 203.628786][ C0] ? rcu_is_watching+0x12/0xc0 [ 203.633588][ C0] ? __pfx_kthread+0x10/0x10 [ 203.638202][ C0] ret_from_fork+0x48/0x80 [ 203.642642][ C0] ? __pfx_kthread+0x10/0x10 [ 203.647338][ C0] ret_from_fork_asm+0x1a/0x30 [ 203.652148][ C0] [ 203.655392][ C0] Kernel Offset: disabled [ 203.659719][ C0] Rebooting in 86400 seconds..