last executing test programs: 1m14.103175378s ago: executing program 3 (id=8307): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00}, &(0x7f0000000100), &(0x7f0000000140)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000200)=""/117, 0x75}], 0x1) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 59.787082749s ago: executing program 3 (id=8307): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00}, &(0x7f0000000100), &(0x7f0000000140)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000200)=""/117, 0x75}], 0x1) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 46.613954157s ago: executing program 3 (id=8307): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00}, &(0x7f0000000100), &(0x7f0000000140)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000200)=""/117, 0x75}], 0x1) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 31.739057977s ago: executing program 3 (id=8307): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00}, &(0x7f0000000100), &(0x7f0000000140)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000200)=""/117, 0x75}], 0x1) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 17.042015823s ago: executing program 3 (id=8307): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00}, &(0x7f0000000100), &(0x7f0000000140)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000200)=""/117, 0x75}], 0x1) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 6.455060788s ago: executing program 1 (id=9151): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x1200, &(0x7f00000011c0)=[{&(0x7f00000000c0)="5c00000013006bcc9e3be35c6e17aa31066b876c1d0000007ea6e763160af36504001ac0080010000400020002000000ef64bc24eab556a705251e618294ff0051f60a9553adac000e4509c5bbcd72c6c953ec3ded4d8217961381fd", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 5.961117017s ago: executing program 1 (id=9155): setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3a0, 0x118, 0x0, 0x330, 0x298, 0x330, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x6, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'pimreg0\x00'}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 'vlan0\x00', 'veth1_to_bridge\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}, 0x1, 0x0, 0x0, 0x40004}, 0x0) 5.626894s ago: executing program 1 (id=9158): r0 = socket$nl_route(0x10, 0x3, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000ac0)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842ba4470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcb3635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff03291e4443a08df80c9a9315416f7ab3ba6fd732e881a44aa53e5942cd985eeffdfc6dbf63fe78adc62c6f8c9bb9b3a9b9bcbee66f995b5de5e128d72a30e8da34e3f7a8222ca3cf2aa3b7bfc861fec0ac88f3acf3b0394bc1f2fd0535b3b54be5f2f8e9ffc6823c2914c60223e27040f8c324c8d17b8773d460fce3eadc258724038aafffffff7f00000000e82c24a85280f39579abf7f9ac0ce611ad8e7809c6c22aa280cf66f0dbeef9b4018d4901313fbb6437fb0beaedc78bf65de93141a02a3bc89a2ddbfa0615f930ab100790cf69cbc77dbc99742fcd8fab979d9889f359adf0ee3dba1881374e37539dad09ba5273845508384f18863eee3f648d9e72e915db5507dc3e26f37bae241deec4afe7d5a8ffeb5db2e33bf34f16543f271f0f416ea6f85a1154b376c07b3392e35c069d4bf100eac6bc24ea1bfec69431c31598c033a8ec36ca70e7eb0f1753e87cb29dcc3d356f115b16f0c58174dbb7a057f97ca20b6783bbd398b774f0c1b4f51f649470cfb39649acffdad937ed3c031da1d7c28271b5b96036ff7be1fa4827c8b08ec74ced"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106}, 0x18) recvmmsg(r0, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40002002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r1, @ANYBLOB="08001b"], 0x34}}, 0x0) 5.31717472s ago: executing program 1 (id=9160): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000003c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000001000000340008803000008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c08000a001100000008000100", @ANYRES32=r3], 0x50}}, 0x0) 5.019518742s ago: executing program 1 (id=9164): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xd, 0x5, 0x4, 0x1, 0x0, r1}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r2}, 0x38) 4.688526377s ago: executing program 1 (id=9167): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2) read(r0, &(0x7f0000000100)=""/85, 0x55) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0x3}, 0x2) 3.018999659s ago: executing program 0 (id=9193): rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8) r0 = gettid() rt_sigtimedwait(&(0x7f0000000040)={[0xffffffff]}, 0x0, 0x0, 0x8) timer_create(0x2, &(0x7f0000000180)={0x0, 0x1e, 0x4, @tid=r0}, &(0x7f00000000c0)) timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) 2.798919283s ago: executing program 0 (id=9196): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000100)={@link_local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000080)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 2.628146187s ago: executing program 0 (id=9198): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r3}, 0xc) 2.424985579s ago: executing program 0 (id=9201): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x0) fanotify_mark(r1, 0x105, 0x4800003a, r0, 0x0) read$FUSE(r1, &(0x7f00000002c0)={0x2020}, 0x2020) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 2.410555786s ago: executing program 3 (id=8307): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00}, &(0x7f0000000100), &(0x7f0000000140)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000200)=""/117, 0x75}], 0x1) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 1.336061623s ago: executing program 0 (id=9202): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='cpuset.mem_hardwall\x00', 0x2, 0x0) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 1.198620112s ago: executing program 4 (id=9205): bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7d, &(0x7f0000000080)={r2}, &(0x7f0000000180)=0x8) 1.117589912s ago: executing program 4 (id=9207): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB='*'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fc0b2e3ce491cbe, 0x12, r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x11c, 0x1, 0x0, 0x20000000) 989.707509ms ago: executing program 4 (id=9208): r0 = fsopen(&(0x7f0000000000)='hugetlbfs\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x3, &(0x7f0000000b80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}}, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x5e, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x6f6b, r1, 0x0, 0x0, 0x0, 0x10, 0xffffffd2}, 0x90) 921.449551ms ago: executing program 2 (id=9209): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = epoll_create(0x10000e9) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) epoll_ctl$EPOLL_CTL_ADD(r1, 0x20, r2, &(0x7f0000000400)) 783.719509ms ago: executing program 2 (id=9210): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030022d6850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000002c0)='percpu_alloc_percpu_fail\x00', r1}, 0x10) prctl$PR_SET_IO_FLUSHER(0x39, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 743.397833ms ago: executing program 4 (id=9211): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r1, r2, r3, 0x0, 0x9c0, 0xffffffff}) 574.314728ms ago: executing program 4 (id=9212): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) migrate_pages(r2, 0x0, 0x0, 0x0) 527.873965ms ago: executing program 2 (id=9213): r0 = socket$inet6(0xa, 0x805, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) getsockopt$bt_hci(r0, 0x84, 0x70, 0x0, &(0x7f0000000040)) 352.386326ms ago: executing program 2 (id=9214): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000080)=""/152) 311.984201ms ago: executing program 4 (id=9215): socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}}, 0x0) 129.34469ms ago: executing program 2 (id=9216): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, 0x0) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) clock_gettime(0x7, &(0x7f0000000140)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x77359400}, {r1, r2+60000000}}, 0x0) 128.474704ms ago: executing program 0 (id=9217): rseq(&(0x7f00000002c0), 0x20, 0x0, 0x0) semget$private(0x0, 0x6, 0x0) semtimedop(0x0, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f00000003c0)) 0s ago: executing program 2 (id=9218): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): ter parsing attributes in process `syz.1.8199'. [ 632.369923][ T29] audit: type=1400 audit(1723880560.928:643): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=27001 comm="syz.2.8200" daddr=255.255.255.255 dest=20000 netif=wpan0 [ 632.530470][ T5220] plantronics 0003:047F:FFFF.0069: unknown main item tag 0xd [ 632.546480][ T9] usb 4-1: USB disconnect, device number 60 [ 632.565665][ T5220] plantronics 0003:047F:FFFF.0069: No inputs registered, leaving [ 632.588717][ T5220] plantronics 0003:047F:FFFF.0069: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 632.987430][ T5220] usb 1-1: USB disconnect, device number 47 [ 634.578692][T27124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8233'. [ 634.676324][ T25] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 634.899827][ T25] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.964551][ T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 634.994806][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.016079][ T25] usb 1-1: Product: syz [ 635.026495][ T25] usb 1-1: Manufacturer: syz [ 635.027671][T27143] netlink: 18 bytes leftover after parsing attributes in process `syz.4.8241'. [ 635.031126][ T25] usb 1-1: SerialNumber: syz [ 635.087151][T27143] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8241'. [ 635.486819][T27162] netlink: 'syz.3.8248': attribute type 11 has an invalid length. [ 635.788982][T27180] netlink: 'syz.4.8256': attribute type 2 has an invalid length. [ 636.133877][ T25] cdc_ncm 1-1:1.0: failed to get mac address [ 636.146722][ T25] cdc_ncm 1-1:1.0: bind() failure [ 636.174697][ T25] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 636.203033][ T25] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 636.225283][ T25] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 636.267290][ T25] usb 1-1: USB disconnect, device number 48 [ 637.572844][T27251] IPVS: Scheduler module ip_vs_sip not found [ 637.714900][T27263] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8284'. [ 637.731206][T27263] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8284'. [ 637.844730][T27270] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8287'. [ 638.778856][ T29] audit: type=1326 audit(1723880567.338:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 638.846662][ T29] audit: type=1326 audit(1723880567.338:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 638.934033][ T29] audit: type=1326 audit(1723880567.358:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 638.955585][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.036053][ T29] audit: type=1326 audit(1723880567.358:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 639.111811][ T29] audit: type=1326 audit(1723880567.358:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 639.197289][ T29] audit: type=1326 audit(1723880567.388:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 639.218827][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.276084][ T29] audit: type=1326 audit(1723880567.388:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 639.329074][ T29] audit: type=1326 audit(1723880567.418:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 639.383819][ T29] audit: type=1326 audit(1723880567.448:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 639.405414][ C0] vkms_vblank_simulate: vblank timer overrun [ 639.452515][ T29] audit: type=1326 audit(1723880567.448:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27332 comm="syz.0.8303" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 640.003596][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): left allmulticast mode [ 640.044479][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.159620][T27368] syzkaller1: entered promiscuous mode [ 640.182449][T27368] syzkaller1: entered allmulticast mode [ 640.248007][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 640.260036][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 640.268808][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.284032][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 640.293527][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 640.302440][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 640.309537][ T5220] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 640.318054][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 640.516553][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 640.536241][ T5220] usb 1-1: Using ep0 maxpacket: 8 [ 640.562984][ T5220] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 640.598207][ T5220] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.641235][ T5220] usb 1-1: config 0 descriptor?? [ 640.689991][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.017386][T27428] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 641.440043][ T52] bridge_slave_1: left allmulticast mode [ 641.466646][ T52] bridge_slave_1: left promiscuous mode [ 641.472507][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.557751][ T52] bridge_slave_0: left allmulticast mode [ 641.563492][ T52] bridge_slave_0: left promiscuous mode [ 641.588438][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.721501][ T5220] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 641.747673][ T5220] asix 1-1:0.0: probe with driver asix failed with error -71 [ 641.779737][ T5220] usb 1-1: USB disconnect, device number 49 [ 642.309833][ T52] team0: Port device geneve0 removed [ 642.426492][ T5228] Bluetooth: hci3: command tx timeout [ 642.774557][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 642.811405][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 642.839782][ T52] bond0 (unregistering): Released all slaves [ 642.959834][T27535] pimreg: entered allmulticast mode [ 642.993030][T27536] pimreg: left allmulticast mode [ 643.276718][T27373] chnl_net:caif_netlink_parms(): no params data found [ 643.460234][T27616] netlink: 'syz.4.8347': attribute type 27 has an invalid length. [ 643.649505][T27627] Bluetooth: MGMT ver 1.23 [ 643.654002][T27627] Bluetooth: hci3: unsupported parameter 64512 [ 643.700243][T27616] sit0: left promiscuous mode [ 643.706581][T27627] Bluetooth: hci3: invalid length 0, exp 2 for type 7 [ 643.782146][T27616] bridge0: left promiscuous mode [ 643.817581][T27616] bond0: left promiscuous mode [ 643.822489][T27616] bond_slave_0: left promiscuous mode [ 643.842983][T27616] bond_slave_1: left promiscuous mode [ 644.326832][T27616] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 644.356197][ T5268] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 644.382242][T27616] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 644.423220][T27616] xfrm0: left allmulticast mode [ 644.444361][T27616] xfrm0: left promiscuous mode [ 644.506305][ T5228] Bluetooth: hci3: command tx timeout [ 644.560005][T27616] hsr0: left promiscuous mode [ 644.576711][ T5268] usb 1-1: Using ep0 maxpacket: 16 [ 644.582546][T27616] hsr0: left allmulticast mode [ 644.596333][T27616] hsr_slave_0: left allmulticast mode [ 644.614477][ T5268] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 644.626146][T27616] hsr_slave_1: left allmulticast mode [ 644.647338][ T5268] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 644.666237][ T5268] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 644.686009][ T5268] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 644.705880][ T5268] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 644.754289][ T5268] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 644.784882][ T5268] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 644.811501][ T5268] usb 1-1: Manufacturer: syz [ 644.830384][ T5268] usb 1-1: config 0 descriptor?? [ 644.837083][T27616] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.875986][T27616] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.885308][T27616] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.916237][T27616] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.264039][T27373] bridge0: port 1(bridge_slave_0) entered blocking state [ 645.296061][T27373] bridge0: port 1(bridge_slave_0) entered disabled state [ 645.321226][T27373] bridge_slave_0: entered allmulticast mode [ 645.348994][T27373] bridge_slave_0: entered promiscuous mode [ 645.366040][ T5268] rc_core: IR keymap rc-hauppauge not found [ 645.371963][ T5268] Registered IR keymap rc-empty [ 645.380380][T27373] bridge0: port 2(bridge_slave_1) entered blocking state [ 645.396535][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.413340][T27373] bridge0: port 2(bridge_slave_1) entered disabled state [ 645.421475][T27373] bridge_slave_1: entered allmulticast mode [ 645.430523][T27373] bridge_slave_1: entered promiscuous mode [ 645.437192][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.476605][ T5268] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 645.494538][T27373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 645.508139][ T5268] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input76 [ 645.511627][T27373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 645.552041][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.601278][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.639374][ T52] tipc: Left network mode [ 645.676488][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.682075][T27373] team0: Port device team_slave_0 added [ 645.698783][T27650] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 645.707500][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.723416][T27373] team0: Port device team_slave_1 added [ 645.736112][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.776634][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.826245][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.867073][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.899387][T27373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 645.909002][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 645.915225][T27373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 645.916355][T27650] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 645.942083][ C0] vkms_vblank_simulate: vblank timer overrun [ 645.991195][T27650] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 646.000009][T27373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 646.001397][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 646.046049][T27650] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 646.066498][T27650] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.074620][ T5268] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 646.083640][T27373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 646.089706][T27650] usb 2-1: Product: syz [ 646.094748][T27650] usb 2-1: Manufacturer: syz [ 646.096219][T27373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.125185][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.129044][ T5268] mceusb 1-1:0.0: Registered with mce emulator interface version 1 [ 646.158616][T27650] usb 2-1: SerialNumber: syz [ 646.163309][ T5268] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 646.179907][T27650] cdc_ncm 2-1:1.0: skipping garbage [ 646.189444][T27373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 646.195881][ T5268] usb 1-1: USB disconnect, device number 50 [ 646.454943][ T52] hsr_slave_0: left promiscuous mode [ 646.466371][ T52] hsr_slave_1: left promiscuous mode [ 646.485685][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 646.505457][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 646.519913][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 646.536321][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 646.576790][ T5228] Bluetooth: hci3: command tx timeout [ 646.608959][ T52] veth1_macvtap: left promiscuous mode [ 646.624808][ T52] veth0_macvtap: left promiscuous mode [ 646.645270][ T52] veth1_vlan: left promiscuous mode [ 646.689584][ T52] veth0_vlan: left promiscuous mode [ 647.221920][T27650] cdc_ncm 2-1:1.0: bind() failure [ 647.252732][T27650] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 647.272837][T27650] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 647.293564][T27650] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 647.321501][T27650] usb 2-1: USB disconnect, device number 61 [ 647.984292][ T52] team0 (unregistering): Port device team_slave_1 removed [ 648.057925][ T52] team0 (unregistering): Port device team_slave_0 removed [ 648.656634][ T5228] Bluetooth: hci3: command tx timeout [ 648.997836][ T52] lo (unregistering): left allmulticast mode [ 649.031417][T27373] hsr_slave_0: entered promiscuous mode [ 649.057317][T27373] hsr_slave_1: entered promiscuous mode [ 649.063937][T27373] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 649.082140][T27373] Cannot create hsr debugfs directory [ 649.628541][T27952] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 650.435170][T28000] input: syz1 as /devices/virtual/input/input77 [ 650.511109][T27373] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 650.545770][T27373] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 650.603474][T27373] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 650.649559][T27373] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 650.798734][T28025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8398'. [ 651.033902][T27373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 651.109620][T27373] 8021q: adding VLAN 0 to HW filter on device team0 [ 651.170209][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.177415][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 651.201928][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.209108][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 651.687385][T27373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 651.830066][T27373] veth0_vlan: entered promiscuous mode [ 651.855115][T27373] veth1_vlan: entered promiscuous mode [ 651.903632][T28060] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 651.918370][T27373] veth0_macvtap: entered promiscuous mode [ 651.972367][T27373] veth1_macvtap: entered promiscuous mode [ 652.029257][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.065857][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.103323][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.141661][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.166312][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.193706][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.210885][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.243657][T28066] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 652.253402][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.284338][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.289286][T28066] vhci_hcd: invalid port number 10 [ 652.295500][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.333733][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 652.334730][T28066] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 652.344220][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.385610][T27373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 652.459105][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.516071][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.536249][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.557597][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.586149][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.613344][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.643725][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.664894][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.686551][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.706108][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.726016][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.751548][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.761658][T27373] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 652.772947][T27373] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 652.784900][T27373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 652.861631][T27373] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.902064][T27373] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.933352][T27373] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.966238][T27373] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.992710][T28094] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 653.017879][T28094] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 653.339256][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 653.359660][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 653.481448][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 653.501158][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 653.840907][T28146] netlink: 'syz.2.8436': attribute type 4 has an invalid length. [ 654.026429][ T58] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 654.248995][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 654.296176][ T58] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 654.356026][ T58] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 654.376443][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.427242][ T58] usb 1-1: config 0 descriptor?? [ 654.557951][T28178] input: syz1 as /devices/virtual/input/input78 [ 654.882238][ T58] plantronics 0003:047F:FFFF.006A: No inputs registered, leaving [ 654.909157][ T58] plantronics 0003:047F:FFFF.006A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 655.252699][ T5268] usb 1-1: USB disconnect, device number 51 [ 655.298180][ T58] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 655.486081][ T58] usb 2-1: Using ep0 maxpacket: 8 [ 655.506919][ T58] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 655.525982][ T58] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 655.547305][ T58] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 655.573835][ T58] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 655.589493][ T58] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 655.607372][T28224] netlink: 64 bytes leftover after parsing attributes in process `syz.2.8458'. [ 655.609753][ T58] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 655.649238][ T58] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 655.659273][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.676232][ T58] usb 2-1: Product: syz [ 655.686293][ T58] usb 2-1: Manufacturer: syz [ 655.696567][ T58] usb 2-1: SerialNumber: syz [ 655.922018][ T58] cdc_ncm 2-1:1.0: bind() failure [ 655.953178][ T58] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 655.987491][ T58] cdc_ncm 2-1:1.1: bind() failure [ 656.017028][ T58] usb 2-1: USB disconnect, device number 62 [ 656.153095][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.606380][ T58] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 656.758198][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 656.770590][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 656.779384][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 656.799270][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 656.808469][ T58] usb 3-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98 [ 656.825282][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.834703][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 656.843926][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 656.853788][ T58] usb 3-1: config 0 descriptor?? [ 656.867846][ T58] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 656.877049][ T58] ftdi_sio ttyUSB0: unknown device type: 0xc698 [ 656.996727][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.141412][ T5332] usb 3-1: USB disconnect, device number 68 [ 657.157080][ T5332] ftdi_sio 3-1:0.0: device disconnected [ 657.198814][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.360073][T28313] mmap: syz.0.8475 (28313): VmData 37425152 exceed data ulimit 3626. Update limits or use boot option ignore_rlimit_data. [ 657.424957][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.769686][ T35] bridge_slave_1: left allmulticast mode [ 657.775378][ T35] bridge_slave_1: left promiscuous mode [ 657.816866][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.919380][ T35] bridge_slave_0: left allmulticast mode [ 657.934091][ T35] bridge_slave_0: left promiscuous mode [ 657.950740][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.715685][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 658.735809][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 658.749400][ T35] bond0 (unregistering): Released all slaves [ 658.764586][T28260] chnl_net:caif_netlink_parms(): no params data found [ 658.896117][ T5234] Bluetooth: hci3: command tx timeout [ 660.479140][T28497] netlink: 'syz.4.8498': attribute type 5 has an invalid length. [ 660.704130][T28260] bridge0: port 1(bridge_slave_0) entered blocking state [ 660.727800][T28260] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.742636][T28260] bridge_slave_0: entered allmulticast mode [ 660.758572][T28260] bridge_slave_0: entered promiscuous mode [ 660.820916][T28260] bridge0: port 2(bridge_slave_1) entered blocking state [ 660.866197][T28260] bridge0: port 2(bridge_slave_1) entered disabled state [ 660.873682][T28260] bridge_slave_1: entered allmulticast mode [ 660.884330][T28260] bridge_slave_1: entered promiscuous mode [ 660.950650][ T35] hsr_slave_0: left promiscuous mode [ 660.976433][ T5234] Bluetooth: hci3: command tx timeout [ 660.992280][ T35] hsr_slave_1: left promiscuous mode [ 661.076170][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 661.086604][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 661.129101][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 661.146545][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 661.212139][ T35] veth1_macvtap: left promiscuous mode [ 661.219174][ T35] veth0_macvtap: left promiscuous mode [ 661.224856][ T35] veth1_vlan: left promiscuous mode [ 661.236379][ T35] veth0_vlan: left promiscuous mode [ 661.636063][T27650] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 661.826881][T27650] usb 3-1: Using ep0 maxpacket: 32 [ 661.834015][T27650] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 661.848014][T27650] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 661.870780][T27650] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.887477][T27650] usb 3-1: Product: syz [ 661.893231][T27650] usb 3-1: Manufacturer: syz [ 661.899767][T27650] usb 3-1: SerialNumber: syz [ 661.937306][T27650] usb 3-1: config 0 descriptor?? [ 661.952236][T27650] hub 3-1:0.0: bad descriptor, ignoring hub [ 661.968339][T27650] hub 3-1:0.0: probe with driver hub failed with error -5 [ 661.981957][T27650] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input81 [ 662.001511][T27650] usbtouchscreen 3-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -8 [ 662.062422][T27650] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -8 [ 662.564681][ T35] team0 (unregistering): Port device team_slave_1 removed [ 662.576833][T27650] usb 3-1: USB disconnect, device number 69 [ 662.692901][ T35] team0 (unregistering): Port device team_slave_0 removed [ 663.056340][ T5234] Bluetooth: hci3: command tx timeout [ 663.852723][T28260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 664.029478][T28260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 664.136229][T28660] netlink: 'syz.4.8527': attribute type 3 has an invalid length. [ 664.157946][T28660] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8527'. [ 664.377619][T28260] team0: Port device team_slave_0 added [ 664.398750][T28260] team0: Port device team_slave_1 added [ 664.548366][T28260] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.575793][T28260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.622556][T28260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.666166][T28260] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.676933][T28260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.702819][ C0] vkms_vblank_simulate: vblank timer overrun [ 664.741940][T28260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.756115][ T5268] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 664.886940][T27672] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 664.908882][T28260] hsr_slave_0: entered promiscuous mode [ 664.935468][T28260] hsr_slave_1: entered promiscuous mode [ 664.937979][ T5268] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 664.951832][T28260] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 664.953931][ T5268] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 664.979388][T28260] Cannot create hsr debugfs directory [ 664.986413][ T5268] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.005607][ T5268] usb 3-1: config 0 descriptor?? [ 665.023849][ T5268] pwc: Askey VC010 type 2 USB webcam detected. [ 665.086795][T27672] usb 5-1: Using ep0 maxpacket: 8 [ 665.106900][T27672] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 665.128569][T27672] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 665.139544][ T5234] Bluetooth: hci3: command tx timeout [ 665.170840][T27672] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 665.191231][T27672] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 665.205401][T27672] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 665.214559][T27672] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.373642][T28831] syzkaller1: entered promiscuous mode [ 665.390079][T28831] syzkaller1: entered allmulticast mode [ 665.439516][ T5268] pwc: recv_control_msg error -32 req 02 val 2b00 [ 665.451718][T27672] usb 5-1: GET_CAPABILITIES returned 0 [ 665.459200][ T5268] pwc: recv_control_msg error -32 req 02 val 2700 [ 665.466845][T27672] usbtmc 5-1:16.0: can't read capabilities [ 665.675036][ T5268] pwc: recv_control_msg error -71 req 04 val 1000 [ 665.682772][ T5268] pwc: recv_control_msg error -71 req 04 val 1300 [ 665.697578][ T5268] pwc: recv_control_msg error -71 req 04 val 1400 [ 665.698260][T27672] usb 5-1: USB disconnect, device number 70 [ 665.722616][ T5268] pwc: recv_control_msg error -71 req 02 val 2000 [ 665.744691][ T5268] pwc: recv_control_msg error -71 req 02 val 2100 [ 665.771024][ T5268] pwc: recv_control_msg error -71 req 04 val 1500 [ 665.798448][ T5268] pwc: recv_control_msg error -71 req 02 val 2500 [ 665.828906][ T5268] pwc: recv_control_msg error -71 req 02 val 2400 [ 665.853551][ T5268] pwc: recv_control_msg error -71 req 02 val 2600 [ 665.866515][ T5268] pwc: recv_control_msg error -71 req 02 val 2900 [ 665.876830][ T5268] pwc: recv_control_msg error -71 req 02 val 2800 [ 665.904824][ T5268] pwc: recv_control_msg error -71 req 04 val 1100 [ 665.912697][ T5268] pwc: recv_control_msg error -71 req 04 val 1200 [ 665.934409][ T5268] pwc: Registered as video71. [ 665.956806][T28260] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 665.965588][ T5268] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input82 [ 665.989962][T28260] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 666.010829][ T5268] usb 3-1: USB disconnect, device number 70 [ 666.028576][T28260] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 666.070729][T28260] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 666.330038][T28260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 666.420575][T28260] 8021q: adding VLAN 0 to HW filter on device team0 [ 666.445305][ T1112] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.452526][ T1112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.508284][ T1071] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.515494][ T1071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 666.612138][T28260] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 666.993067][T28938] netlink: 'syz.0.8558': attribute type 21 has an invalid length. [ 667.022086][T28938] netlink: 'syz.0.8558': attribute type 16 has an invalid length. [ 667.040521][T28938] netlink: 152 bytes leftover after parsing attributes in process `syz.0.8558'. [ 667.098613][ T5268] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 667.131603][T28260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 667.248992][T28260] veth0_vlan: entered promiscuous mode [ 667.287504][T28260] veth1_vlan: entered promiscuous mode [ 667.318237][ T5268] usb 2-1: Using ep0 maxpacket: 8 [ 667.325472][ T5268] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 667.342115][ T5268] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.377517][ T5268] usb 2-1: config 0 descriptor?? [ 667.403270][T28260] veth0_macvtap: entered promiscuous mode [ 667.430419][T28260] veth1_macvtap: entered promiscuous mode [ 667.496996][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.526341][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.556712][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.586372][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.626304][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.648321][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.666281][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.695840][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.719821][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.746500][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.777298][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 667.798353][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.828160][T28260] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 667.861347][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.906236][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.926390][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.946265][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.979535][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.995957][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.026320][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.056105][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.076459][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.116152][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.156012][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.176170][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.189887][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 668.189907][ T29] audit: type=1400 audit(1723880852.739:657): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=28965 comm="syz.0.8567" dest=20002 netif=wpan0 [ 668.206130][T28260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 668.245670][T28260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 668.280161][T28968] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8568'. [ 668.280244][T28260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 668.354396][T28260] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.369263][T28260] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.378903][T28260] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.388220][T28260] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 668.447682][ T5268] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 668.459065][ T5268] asix 2-1:0.0: probe with driver asix failed with error -71 [ 668.478351][ T5268] usb 2-1: USB disconnect, device number 63 [ 668.705864][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 668.739896][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 668.826511][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 668.855606][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.121461][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.002630][ T5228] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 672.028247][ T5228] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 672.039411][ T5228] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 672.058691][ T5228] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 672.071442][ T5228] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 672.086587][ T5228] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 672.229031][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.427046][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.465758][T29134] netlink: 'syz.0.8620': attribute type 20 has an invalid length. [ 672.559883][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 672.710786][T29151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8624'. [ 673.193470][ T35] bridge_slave_1: left allmulticast mode [ 673.206312][ T35] bridge_slave_1: left promiscuous mode [ 673.212073][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 673.312200][ T35] bridge_slave_0: left allmulticast mode [ 673.327373][ T35] bridge_slave_0: left promiscuous mode [ 673.345682][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 673.357960][T29276] netlink: 'syz.2.8635': attribute type 20 has an invalid length. [ 674.017397][ T5332] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 674.176143][ T5228] Bluetooth: hci3: command tx timeout [ 674.187125][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 674.225836][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 674.251961][ T35] bond0 (unregistering): Released all slaves [ 674.261071][ T5332] usb 1-1: unable to get BOS descriptor or descriptor too short [ 674.276667][ T5332] usb 1-1: no configurations [ 674.291524][ T5332] usb 1-1: can't read configurations, error -22 [ 674.354461][T29106] chnl_net:caif_netlink_parms(): no params data found [ 674.976900][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 675.190981][T29106] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.223579][T29106] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.234197][T29106] bridge_slave_0: entered allmulticast mode [ 675.250519][T29106] bridge_slave_0: entered promiscuous mode [ 675.272573][ T35] hsr_slave_0: left promiscuous mode [ 675.281995][ T35] hsr_slave_1: left promiscuous mode [ 675.302467][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 675.315673][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 675.413610][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 675.452010][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 675.541989][ T35] veth1_macvtap: left promiscuous mode [ 675.596211][ T35] veth0_macvtap: left promiscuous mode [ 675.602851][ T35] veth1_vlan: left promiscuous mode [ 675.608608][ T35] veth0_vlan: left promiscuous mode [ 676.198506][T29400] Invalid option length (1048372) for dns_resolver key [ 676.256120][ T5228] Bluetooth: hci3: command tx timeout [ 677.144953][ T35] team0 (unregistering): Port device team_slave_1 removed [ 677.238533][ T35] team0 (unregistering): Port device team_slave_0 removed [ 678.277913][T29106] bridge0: port 2(bridge_slave_1) entered blocking state [ 678.285087][T29106] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.308339][T29106] bridge_slave_1: entered allmulticast mode [ 678.326509][T29106] bridge_slave_1: entered promiscuous mode [ 678.337431][ T5228] Bluetooth: hci3: command tx timeout [ 678.396569][T27650] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 678.512994][T29106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.545216][T29106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.590945][T27650] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 678.625297][T29465] netlink: 64 bytes leftover after parsing attributes in process `syz.0.8672'. [ 678.635404][T27650] usb 2-1: config 1 has no interface number 0 [ 678.669648][T27650] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.695345][T27650] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 678.734225][T27650] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 678.762317][T27650] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 678.799546][T27650] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.804998][T29106] team0: Port device team_slave_0 added [ 678.824869][T27650] usb 2-1: Product: syz [ 678.834683][T27650] usb 2-1: Manufacturer: syz [ 678.841579][T29106] team0: Port device team_slave_1 added [ 678.847589][T27650] usb 2-1: SerialNumber: syz [ 678.996714][T29106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 679.022318][T29106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.056522][T29106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 679.088778][T29106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 679.095744][T29106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 679.121673][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.147878][T29106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 679.264117][T29106] hsr_slave_0: entered promiscuous mode [ 679.272875][T29106] hsr_slave_1: entered promiscuous mode [ 679.279899][T29106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 679.308582][T29106] Cannot create hsr debugfs directory [ 679.596449][ T58] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 679.725280][T27650] cdc_ncm 2-1:1.1: bind() failure [ 679.787860][ T58] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 679.808212][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.838546][ T58] usb 3-1: config 0 descriptor?? [ 679.841440][T29634] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8682'. [ 679.855686][ T58] cp210x 3-1:0.0: cp210x converter detected [ 680.012563][T27650] usb 2-1: USB disconnect, device number 64 [ 680.263552][ T58] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 680.292259][T29106] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 680.317374][ T58] usb 3-1: cp210x converter now attached to ttyUSB0 [ 680.354675][T29106] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 680.394349][T29106] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 680.416904][ T5234] Bluetooth: hci3: command tx timeout [ 680.456604][T29106] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 680.570847][ T5268] usb 3-1: USB disconnect, device number 71 [ 680.590159][ T5268] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 680.627198][ T5268] cp210x 3-1:0.0: device disconnected [ 680.701691][T29697] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 680.704318][T29106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 680.803420][T29106] 8021q: adding VLAN 0 to HW filter on device team0 [ 681.039490][ T1071] bridge0: port 1(bridge_slave_0) entered blocking state [ 681.046706][ T1071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 681.111594][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 681.118775][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 681.576015][T27672] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 681.743431][T29106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 681.806054][T27672] usb 3-1: Using ep0 maxpacket: 8 [ 681.813336][T27672] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 681.821562][T27672] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 681.868610][T27672] usb 3-1: config 0 has no interface number 0 [ 681.874746][T27672] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 681.895041][T29106] veth0_vlan: entered promiscuous mode [ 681.929287][T27672] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 681.948107][T27660] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 681.948502][T29106] veth1_vlan: entered promiscuous mode [ 681.966774][T27672] usb 3-1: config 0 interface 52 has no altsetting 0 [ 681.999263][T27672] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 682.016360][T27672] usb 3-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 682.024631][T27672] usb 3-1: Product: syz [ 682.068688][T27672] usb 3-1: SerialNumber: syz [ 682.094049][T27672] usb 3-1: config 0 descriptor?? [ 682.109827][T29106] veth0_macvtap: entered promiscuous mode [ 682.148377][T27660] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 682.149640][T29106] veth1_macvtap: entered promiscuous mode [ 682.178206][T27660] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 682.223871][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.235512][T27660] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 682.255420][T27660] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.255933][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.275529][T27660] usb 2-1: Product: syz [ 682.281782][T27660] usb 2-1: Manufacturer: syz [ 682.301986][T27660] usb 2-1: SerialNumber: syz [ 682.326258][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.357701][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.376291][T27672] input: syz (Stick) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input84 [ 682.413487][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.437742][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.465923][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.496183][ T5234] Bluetooth: hci3: command 0x0405 tx timeout [ 682.505108][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.517610][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.528415][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.539022][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 682.549740][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.564963][T29106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 682.577123][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 682.590034][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.625591][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 682.641809][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.651846][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 682.663568][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.673716][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 682.684589][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.695170][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 682.706235][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.727517][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 682.746410][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.766080][T29106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 682.779232][T29106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 682.800269][T27650] usb 3-1: USB disconnect, device number 72 [ 682.806425][ T4654] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -19 [ 682.828111][T29106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 682.888014][T29685] dvmrp0: entered allmulticast mode [ 682.921022][T29106] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.944743][T29106] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.955876][T29106] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 682.964786][T29106] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 683.134963][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.169963][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.337217][T29285] dvmrp0 (unregistering): left allmulticast mode [ 683.400834][T27660] cdc_ncm 2-1:1.0: bind() failure [ 683.426799][T27660] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 683.438672][T27660] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 683.466333][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 683.475012][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 683.492739][T27660] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 683.509231][T27660] usb 2-1: USB disconnect, device number 65 [ 683.818609][T29812] syz.0.8702 (29812) used greatest stack depth: 17456 bytes left [ 683.946878][T27672] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 684.166446][T27672] usb 5-1: Using ep0 maxpacket: 8 [ 684.184752][T27672] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 684.200820][T27672] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.217159][T27672] usb 5-1: Product: syz [ 684.225985][T27672] usb 5-1: Manufacturer: syz [ 684.236341][T27672] usb 5-1: SerialNumber: syz [ 684.251649][T27672] usb 5-1: config 0 descriptor?? [ 684.419557][T29809] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 684.436157][T29809] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 684.517290][T27672] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 684.543830][ T29] audit: type=1326 audit(1723880869.089:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29843 comm="syz.0.8713" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x0 [ 685.342018][T27672] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 685.364680][T27672] usb 5-1: USB disconnect, device number 71 [ 685.705220][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.023450][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.295221][ T29] audit: type=1326 audit(1723880870.839:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29891 comm="syz.1.8720" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ff7579e79 code=0x0 [ 686.418552][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.555282][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.728790][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 686.747370][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 686.768073][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 686.786963][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 686.797460][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 686.817316][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 686.824875][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 687.027103][T29936] netlink: 104 bytes leftover after parsing attributes in process `syz.4.8724'. [ 687.441882][T29903] chnl_net:caif_netlink_parms(): no params data found [ 687.471026][ T35] bridge_slave_1: left allmulticast mode [ 687.478145][ T35] bridge_slave_1: left promiscuous mode [ 687.483898][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.507818][ T35] bridge_slave_0: left allmulticast mode [ 687.513505][ T35] bridge_slave_0: left promiscuous mode [ 687.520229][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.586379][ T58] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 687.768228][ T58] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 687.791938][ T58] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 687.818999][ T58] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 687.839394][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.856481][ T58] usb 2-1: Product: syz [ 687.865157][ T58] usb 2-1: Manufacturer: syz [ 687.875213][ T58] usb 2-1: SerialNumber: syz [ 687.936351][T27660] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 688.130320][T27660] usb 1-1: Using ep0 maxpacket: 8 [ 688.141950][T27660] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 688.151550][T27660] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 688.160017][T27660] usb 1-1: Product: syz [ 688.164395][T27660] usb 1-1: Manufacturer: syz [ 688.169209][T27660] usb 1-1: SerialNumber: syz [ 688.181497][T27660] usb 1-1: config 0 descriptor?? [ 688.191686][T27660] gspca_main: sq905-2.14.0 probing 2770:9120 [ 688.367990][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 688.405129][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 688.427863][ T35] bond0 (unregistering): Released all slaves [ 688.878438][T29903] bridge0: port 1(bridge_slave_0) entered blocking state [ 688.887482][T29903] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.894681][T29903] bridge_slave_0: entered allmulticast mode [ 688.896395][ T5228] Bluetooth: hci3: command tx timeout [ 688.923202][ T58] cdc_ncm 2-1:1.0: bind() failure [ 688.932745][T29903] bridge_slave_0: entered promiscuous mode [ 688.949296][ T58] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 688.976413][ T58] usb 2-1: USB disconnect, device number 66 [ 689.022328][T30116] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -11 0 [ 689.097801][T29903] bridge0: port 2(bridge_slave_1) entered blocking state [ 689.141903][T29903] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.159449][T29903] bridge_slave_1: entered allmulticast mode [ 689.173570][T29903] bridge_slave_1: entered promiscuous mode [ 689.239999][T27660] gspca_sq905: sq905_read_data: usb_control_msg failed (-71) [ 689.258102][T27660] sq905 1-1:0.0: probe with driver sq905 failed with error -71 [ 689.279840][T27660] usb 1-1: USB disconnect, device number 54 [ 689.326923][ T35] hsr_slave_0: left promiscuous mode [ 689.347123][ T35] hsr_slave_1: left promiscuous mode [ 689.363024][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 689.375946][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 689.394278][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 689.411377][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 689.464802][ T35] veth1_macvtap: left promiscuous mode [ 689.480762][ T35] veth0_macvtap: left promiscuous mode [ 689.497842][ T35] veth1_vlan: left promiscuous mode [ 689.506496][ T35] veth0_vlan: left promiscuous mode [ 690.634841][ T35] team0 (unregistering): Port device team_slave_1 removed [ 690.720748][ T35] team0 (unregistering): Port device team_slave_0 removed [ 690.976488][ T5228] Bluetooth: hci3: command tx timeout [ 691.675228][T29903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 691.711075][T29903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 691.906924][T29903] team0: Port device team_slave_0 added [ 691.932334][T29903] team0: Port device team_slave_1 added [ 692.048319][T29903] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 692.055371][T29903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 692.103650][T29903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 692.122567][T29903] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 692.136399][T29903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 692.199951][T29903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 692.422442][T29903] hsr_slave_0: entered promiscuous mode [ 692.438621][T29903] hsr_slave_1: entered promiscuous mode [ 692.456022][T29903] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 692.463648][T29903] Cannot create hsr debugfs directory [ 692.916274][T30341] netlink: 'syz.1.8759': attribute type 29 has an invalid length. [ 692.958550][T30341] netlink: 'syz.1.8759': attribute type 29 has an invalid length. [ 693.026722][T30341] netlink: 'syz.1.8759': attribute type 29 has an invalid length. [ 693.057129][ T5228] Bluetooth: hci3: command tx timeout [ 693.084283][T30341] netlink: 'syz.1.8759': attribute type 29 has an invalid length. [ 693.510715][T29903] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 693.522109][T29903] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 693.534541][T29903] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 693.550687][T29903] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 693.742977][T29903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 693.797837][T29903] 8021q: adding VLAN 0 to HW filter on device team0 [ 693.821992][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 693.829188][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 693.890720][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state [ 693.897931][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 694.282234][T29903] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 694.379752][T29903] veth0_vlan: entered promiscuous mode [ 694.428845][T29903] veth1_vlan: entered promiscuous mode [ 694.494856][T29903] veth0_macvtap: entered promiscuous mode [ 694.521546][T29903] veth1_macvtap: entered promiscuous mode [ 694.554811][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.566219][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.576397][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.603782][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.619810][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.634979][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.645323][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.658346][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.670931][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.686264][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.700696][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 694.716847][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.738620][T29903] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 694.774553][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.788347][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.815154][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.841155][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.851704][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.862995][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.873258][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.885053][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.895103][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.906661][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.917393][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.944105][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.955016][T29903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 694.966866][T29903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 694.988396][T29903] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.032218][T29903] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.051212][T29903] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.071847][T29903] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.090538][T29903] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.121695][T30443] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 695.136693][ T5228] Bluetooth: hci3: command tx timeout [ 695.308873][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.325783][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.396364][ T1071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 695.404235][ T1071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 695.893921][T30483] netlink: 104 bytes leftover after parsing attributes in process `syz.0.8791'. [ 695.904043][T30482] netlink: 71 bytes leftover after parsing attributes in process `syz.4.8792'. [ 696.738090][T30510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8805'. [ 696.758643][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 696.770986][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 696.779951][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 696.800683][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 696.809216][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 696.826511][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 696.975365][T30535] netlink: 5288 bytes leftover after parsing attributes in process `syz.4.8808'. [ 696.987174][T30535] openvswitch: netlink: IP tunnel dst address not specified [ 696.996122][T27672] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 697.187541][T27672] usb 2-1: Using ep0 maxpacket: 8 [ 697.198306][T27672] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 697.216485][T27672] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 697.226766][T27672] usb 2-1: config 0 has no interface number 0 [ 697.249900][T27672] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 697.271253][T27672] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 697.285151][T27672] usb 2-1: config 0 interface 52 has no altsetting 0 [ 697.294393][T27672] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 697.336117][T27672] usb 2-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 697.344846][T27672] usb 2-1: Product: syz [ 697.362254][T27672] usb 2-1: SerialNumber: syz [ 697.379813][T27672] usb 2-1: config 0 descriptor?? [ 697.389421][T30511] chnl_net:caif_netlink_parms(): no params data found [ 697.598284][T27672] input: syz (Stick) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input85 [ 697.698809][T30511] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.729847][T30511] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.746294][T30511] bridge_slave_0: entered allmulticast mode [ 697.763881][T30511] bridge_slave_0: entered promiscuous mode [ 697.787866][T30511] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.819117][T30511] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.836573][T30511] bridge_slave_1: entered allmulticast mode [ 697.844243][T30511] bridge_slave_1: entered promiscuous mode [ 697.880670][ T58] usb 2-1: USB disconnect, device number 67 [ 697.980862][T30511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 697.990673][T30739] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8817'. [ 698.000520][T30739] netlink: 'syz.4.8817': attribute type 7 has an invalid length. [ 698.012280][T30739] netlink: 'syz.4.8817': attribute type 8 has an invalid length. [ 698.022608][T30739] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8817'. [ 698.039396][T30511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 698.166623][T30511] team0: Port device team_slave_0 added [ 698.208136][T30511] team0: Port device team_slave_1 added [ 698.297415][T30511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 698.304423][T30511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 698.366000][T30511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 698.388518][T30511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 698.395489][T30511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 698.421397][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.508632][T30511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 698.777268][T30014] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.897660][ T5228] Bluetooth: hci3: command tx timeout [ 699.007118][T30511] hsr_slave_0: entered promiscuous mode [ 699.022594][T30511] hsr_slave_1: entered promiscuous mode [ 699.038279][T30511] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 699.056659][T30511] Cannot create hsr debugfs directory [ 699.810827][T30511] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.958046][ T5234] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 699.977896][ T5234] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 699.986476][ T5234] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 700.048947][ T5234] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 700.072139][ T5234] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 700.080773][ T5234] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 700.088088][T30511] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.209893][T30014] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.340232][T30511] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.493821][T30014] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.605565][T30511] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.729754][T30014] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.977711][ T5234] Bluetooth: hci3: command tx timeout [ 701.419898][T30511] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 701.577927][T30511] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 701.623353][T30511] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 701.700193][T30014] bridge_slave_1: left allmulticast mode [ 701.719056][T30014] bridge_slave_1: left promiscuous mode [ 701.724816][T30014] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.796901][T30014] bridge_slave_0: left allmulticast mode [ 701.802584][T30014] bridge_slave_0: left promiscuous mode [ 701.820597][T30014] bridge0: port 1(bridge_slave_0) entered disabled state [ 702.176746][ T5234] Bluetooth: hci8: command tx timeout [ 702.689741][T30014] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 702.717157][T30014] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 702.744199][T30014] bond0 (unregistering): Released all slaves [ 702.770415][T30511] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 702.784921][T30946] chnl_net:caif_netlink_parms(): no params data found [ 703.056173][ T5234] Bluetooth: hci3: command tx timeout [ 703.456302][T30014] hsr_slave_0: left promiscuous mode [ 703.473186][T30014] hsr_slave_1: left promiscuous mode [ 703.484897][T30014] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 703.506241][T30014] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 703.514601][T30014] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 703.533864][T30014] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 703.593822][T30014] veth1_macvtap: left promiscuous mode [ 703.603671][T30014] veth0_macvtap: left promiscuous mode [ 703.616578][T30014] veth1_vlan: left promiscuous mode [ 703.621919][T30014] veth0_vlan: left promiscuous mode [ 704.268455][ T5234] Bluetooth: hci8: command tx timeout [ 704.611074][T30014] team0 (unregistering): Port device team_slave_1 removed [ 704.720066][T30014] team0 (unregistering): Port device team_slave_0 removed [ 705.136562][ T5234] Bluetooth: hci3: command tx timeout [ 705.757357][T30946] bridge0: port 1(bridge_slave_0) entered blocking state [ 705.764626][T30946] bridge0: port 1(bridge_slave_0) entered disabled state [ 705.779652][T30946] bridge_slave_0: entered allmulticast mode [ 705.797096][T30946] bridge_slave_0: entered promiscuous mode [ 705.810005][T30946] bridge0: port 2(bridge_slave_1) entered blocking state [ 705.818419][T30946] bridge0: port 2(bridge_slave_1) entered disabled state [ 705.825690][T30946] bridge_slave_1: entered allmulticast mode [ 705.833175][T30946] bridge_slave_1: entered promiscuous mode [ 706.110830][T30946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.142870][T30946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.295828][T30946] team0: Port device team_slave_0 added [ 706.322051][T30946] team0: Port device team_slave_1 added [ 706.337220][ T5234] Bluetooth: hci8: command tx timeout [ 706.470859][T30946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 706.498093][T30946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 706.524977][T30946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 706.580188][T30946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 706.595962][T30946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 706.621935][ C0] vkms_vblank_simulate: vblank timer overrun [ 706.637578][T30946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 706.750569][T30511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 706.910586][T30946] hsr_slave_0: entered promiscuous mode [ 706.926546][T30946] hsr_slave_1: entered promiscuous mode [ 706.936609][T30946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 706.944184][T30946] Cannot create hsr debugfs directory [ 707.114032][T30511] 8021q: adding VLAN 0 to HW filter on device team0 [ 707.189809][ T1071] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.196998][ T1071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 707.265621][ T1071] bridge0: port 2(bridge_slave_1) entered blocking state [ 707.272795][ T1071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 707.503480][T31450] vivid-001: ================= START STATUS ================= [ 707.526136][T31450] vivid-001: Radio HW Seek Mode: Bounded [ 707.536381][T31450] vivid-001: Radio Programmable HW Seek: false [ 707.542591][T31450] vivid-001: RDS Rx I/O Mode: Block I/O [ 707.593763][T31450] vivid-001: Generate RBDS Instead of RDS: false [ 707.598574][T31460] syz.4.8874[31460] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 707.600368][T31460] syz.4.8874[31460] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 707.609691][T31450] vivid-001: RDS Reception: true [ 707.696110][T31450] vivid-001: RDS Program Type: 0 inactive [ 707.726860][T31450] vivid-001: RDS PS Name: inactive [ 707.749510][T31450] vivid-001: RDS Radio Text: inactive [ 707.776298][T31450] vivid-001: RDS Traffic Announcement: false inactive [ 707.784825][T31450] vivid-001: RDS Traffic Program: false inactive [ 707.815213][T31450] vivid-001: RDS Music: false inactive [ 707.842766][T31450] vivid-001: ================== END STATUS ================== [ 707.907409][T31481] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8877'. [ 708.023804][T30511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 708.110753][T30511] veth0_vlan: entered promiscuous mode [ 708.134677][T30511] veth1_vlan: entered promiscuous mode [ 708.271575][T30946] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 708.293875][T30946] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 708.326550][T30946] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 708.357750][T30946] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 708.416555][ T5234] Bluetooth: hci8: command tx timeout [ 708.457922][T30511] veth0_macvtap: entered promiscuous mode [ 708.533762][T30511] veth1_macvtap: entered promiscuous mode [ 708.611795][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.636699][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.657829][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.668796][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.680164][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.707111][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.726001][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.738988][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.749220][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.762051][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.773849][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.787189][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.799907][T30511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 708.818251][T31516] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8887'. [ 708.898259][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.936086][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.958358][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.985993][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.006735][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.017485][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.027859][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.039760][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.058664][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.076016][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.094442][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.112411][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.134859][T30511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.156765][T30511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.183229][T30511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 709.191358][T27671] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 709.266585][T30511] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.285677][T30511] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.317832][T30511] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.336000][T30511] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.379075][T27671] usb 5-1: config 0 has an invalid interface number: 101 but max is 0 [ 709.394677][T30946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 709.396593][T27671] usb 5-1: config 0 has no interface number 0 [ 709.416136][T27671] usb 5-1: config 0 interface 101 has no altsetting 0 [ 709.441741][T27671] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 709.459686][T27671] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.488816][T27671] usb 5-1: config 0 descriptor?? [ 709.505625][T30946] 8021q: adding VLAN 0 to HW filter on device team0 [ 709.521389][T27671] cp210x 5-1:0.101: cp210x converter detected [ 709.538033][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 709.545218][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 709.642608][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 709.649821][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 709.802477][T30946] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 709.826581][T30946] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 709.881133][T31546] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8896'. [ 709.918835][ T1071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.928178][ T1071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.956850][T27671] cp210x 5-1:0.101: failed to get vendor val 0x000e size 3: -71 [ 709.976757][T27671] usb 5-1: cp210x converter now attached to ttyUSB0 [ 710.022953][T27671] usb 5-1: USB disconnect, device number 72 [ 710.030404][ T1071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 710.051218][T27671] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 710.059695][ T1071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.089661][T27671] cp210x 5-1:0.101: device disconnected [ 710.178467][T31576] delete_channel: no stack [ 710.399807][T30946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 710.538980][T30946] veth0_vlan: entered promiscuous mode [ 710.563416][T30946] veth1_vlan: entered promiscuous mode [ 710.648501][T30946] veth0_macvtap: entered promiscuous mode [ 710.688665][T30946] veth1_macvtap: entered promiscuous mode [ 710.736268][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.773771][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.801630][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.832883][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.856299][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.893431][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.917691][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.948427][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 710.965959][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 710.990728][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.001509][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.012960][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.023733][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 711.034648][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.048328][T30946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 711.102230][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.134743][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.186087][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.205910][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.215760][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.256400][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.286037][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.301784][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.317542][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.328878][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.341200][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.352088][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.363251][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.374271][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.403867][T30946] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 711.427887][T30946] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 711.452164][T30946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 711.479732][T30946] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.496343][T30946] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.522024][T30946] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.534822][T30946] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.551475][T31624] netlink: 44 bytes leftover after parsing attributes in process `syz.2.8916'. [ 711.586645][T31624] netlink: 'syz.2.8916': attribute type 3 has an invalid length. [ 711.968241][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 711.986086][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.047366][T31633] ptrace attach of "./syz-executor exec"[31634] was attempted by ""[31633] [ 712.074476][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 712.114622][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 712.539302][T31666] netem: change failed [ 712.699815][T31684] netlink: 'syz.4.8932': attribute type 29 has an invalid length. [ 712.817940][T31684] netlink: 'syz.4.8932': attribute type 29 has an invalid length. [ 712.835680][T31690] netlink: 500 bytes leftover after parsing attributes in process `syz.4.8932'. [ 713.124922][T31702] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8939'. [ 713.476089][ T58] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 713.503680][T30014] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 713.707619][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 713.726130][ T58] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 713.745469][ T58] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 713.777000][ T58] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 713.796303][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.817104][ T58] usb 5-1: config 0 descriptor?? [ 713.975820][T30014] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.228718][T30014] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.262371][ T58] plantronics 0003:047F:FFFF.006B: unknown main item tag 0x0 [ 714.277130][ T58] plantronics 0003:047F:FFFF.006B: No inputs registered, leaving [ 714.303841][ T58] plantronics 0003:047F:FFFF.006B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 714.378199][T30014] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.596562][ T29] audit: type=1326 audit(1723880899.149:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=31738 comm="syz.1.8948" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ff7579e79 code=0x0 [ 714.638102][ T5268] usb 5-1: USB disconnect, device number 73 [ 714.735194][T30014] bridge_slave_1: left allmulticast mode [ 714.752292][T30014] bridge_slave_1: left promiscuous mode [ 714.768055][T30014] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.807536][T30014] bridge_slave_0: left allmulticast mode [ 714.826173][T30014] bridge_slave_0: left promiscuous mode [ 714.839855][T30014] bridge0: port 1(bridge_slave_0) entered disabled state [ 715.003365][ T5228] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 715.017730][ T5228] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 715.043203][ T5228] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 715.055533][ T5228] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 715.064163][ T5228] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 715.078038][ T5228] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 715.237065][T31778] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 715.854307][T31798] Bluetooth: MGMT ver 1.23 [ 716.449928][T30014] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 716.499490][T30014] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 716.552955][T30014] bond0 (unregistering): Released all slaves [ 717.071186][T31843] loop8: detected capacity change from 0 to 7 [ 717.137181][ T5234] Bluetooth: hci8: command tx timeout [ 717.153897][T31843] Dev loop8: unable to read RDB block 7 [ 717.183766][T31843] loop8: unable to read partition table [ 717.189733][ T1171] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 717.244522][T31843] loop8: partition table beyond EOD, truncated [ 717.276370][T31843] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 717.276370][T31843] ) failed (rc=-5) [ 717.296771][ T5234] Bluetooth: hci0: command tx timeout [ 717.408711][ T1171] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 717.436409][ T1171] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 717.472681][ T1171] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 717.507995][T30014] hsr_slave_0: left promiscuous mode [ 717.509035][ T1171] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 717.526315][ T1171] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 717.534554][T30014] hsr_slave_1: left promiscuous mode [ 717.544583][ T1171] usb 5-1: Product: syz [ 717.550394][ T1171] usb 5-1: Manufacturer: syz [ 717.560892][ T1171] usb 5-1: SerialNumber: syz [ 717.578847][ T1171] cdc_ncm 5-1:1.0: skipping garbage [ 717.584973][ T1171] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 717.592283][T30014] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 717.595954][ T1171] cdc_ncm 5-1:1.0: bind() failure [ 717.616499][T30014] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 717.625641][T30014] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 717.654604][T30014] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 717.757273][T30014] veth1_macvtap: left promiscuous mode [ 717.762845][T30014] veth0_macvtap: left promiscuous mode [ 717.786900][T30014] veth1_vlan: left promiscuous mode [ 717.796461][T30014] veth0_vlan: left promiscuous mode [ 718.815212][T30014] team0 (unregistering): Port device team_slave_1 removed [ 718.929502][T30014] team0 (unregistering): Port device team_slave_0 removed [ 719.228403][ T5234] Bluetooth: hci8: command tx timeout [ 719.918845][ T58] usb 5-1: USB disconnect, device number 74 [ 720.358425][T31771] chnl_net:caif_netlink_parms(): no params data found [ 720.389928][T31982] netlink: 'syz.1.8988': attribute type 3 has an invalid length. [ 720.415794][T31982] netlink: 'syz.1.8988': attribute type 3 has an invalid length. [ 720.438115][T31982] netlink: 'syz.1.8988': attribute type 5 has an invalid length. [ 720.691940][T31771] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.716914][T31771] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.734337][T31771] bridge_slave_0: entered allmulticast mode [ 720.744366][T31771] bridge_slave_0: entered promiscuous mode [ 720.772953][T31771] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.793053][T31771] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.826219][T31771] bridge_slave_1: entered allmulticast mode [ 720.834325][T31771] bridge_slave_1: entered promiscuous mode [ 720.958777][T31771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.983591][T31771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 721.097706][T31771] team0: Port device team_slave_0 added [ 721.106086][ T5268] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 721.136480][T31771] team0: Port device team_slave_1 added [ 721.232059][T31771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 721.245910][T31771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.271791][ C0] vkms_vblank_simulate: vblank timer overrun [ 721.281593][T31771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 721.293687][ T5268] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 721.294358][T31771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 721.310857][ T5228] Bluetooth: hci8: command tx timeout [ 721.326441][ T5268] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 721.343562][ T5268] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 721.362929][ T5268] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 721.376978][T31771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 721.382938][ T5268] usb 1-1: SerialNumber: syz [ 721.404508][ C0] vkms_vblank_simulate: vblank timer overrun [ 721.447537][T31771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.570339][T31771] hsr_slave_0: entered promiscuous mode [ 721.596241][T31771] hsr_slave_1: entered promiscuous mode [ 721.603907][T31771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 721.613689][T31771] Cannot create hsr debugfs directory [ 721.674807][ T5268] usb 1-1: 0:2 : does not exist [ 721.746371][ T5268] usb 1-1: USB disconnect, device number 55 [ 722.497225][ T5228] Bluetooth: hci9: command 0x1003 tx timeout [ 722.505510][ T5234] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 722.536934][T31771] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 722.549418][T31771] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 722.560334][T31771] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 722.597956][T31771] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 722.694160][T32305] netlink: 'syz.2.9011': attribute type 10 has an invalid length. [ 722.726930][T32305] geneve0: entered promiscuous mode [ 722.765825][T32305] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 722.914731][T31771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 722.964898][T31771] 8021q: adding VLAN 0 to HW filter on device team0 [ 722.992481][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 722.999710][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 723.071602][ T1071] bridge0: port 2(bridge_slave_1) entered blocking state [ 723.078799][ T1071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 723.376091][ T5234] Bluetooth: hci8: command tx timeout [ 723.418573][T27671] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 723.616735][T27671] usb 3-1: Using ep0 maxpacket: 8 [ 723.634613][T31771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 723.649824][T27671] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 723.676650][T27671] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 723.726499][T27671] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 723.747239][T31771] veth0_vlan: entered promiscuous mode [ 723.757830][T27671] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 723.784944][T31771] veth1_vlan: entered promiscuous mode [ 723.790736][T27671] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 723.815471][T27671] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 723.844263][T27671] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 723.890703][T27671] usb 3-1: config 0 descriptor?? [ 723.917690][T31771] veth0_macvtap: entered promiscuous mode [ 723.927820][ T5234] Bluetooth: hci9: urb ffff888059ea6f00 submission failed (90) [ 723.949742][T31771] veth1_macvtap: entered promiscuous mode [ 723.969894][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 723.997449][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.007515][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 724.024395][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.034690][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 724.046645][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.056627][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 724.067139][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.077478][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 724.087976][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.135372][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 724.154125][ T5268] usb 3-1: USB disconnect, device number 73 [ 724.155926][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.181750][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 724.215854][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.238577][T31771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 724.275434][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.299508][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.319962][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.345998][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.367278][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.393022][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.413642][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.434768][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.463525][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.494561][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.515019][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.526256][T27650] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 724.539641][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.560687][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.594662][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.614268][T31771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 724.630383][T31771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 724.660647][T31771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 724.698683][T31771] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.718272][T31771] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.738427][T27650] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 724.745920][T31771] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.758758][T27650] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 724.776591][T31771] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 724.797277][T27650] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 724.823403][T27650] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 724.843662][T27650] usb 5-1: SerialNumber: syz [ 725.018226][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 725.037357][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 725.074302][T27650] usb 5-1: 0:2 : does not exist [ 725.139579][T27650] usb 5-1: 5:0: cannot get min/max values for control 4 (id 5) [ 725.159474][T29979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 725.177422][T29979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 725.181006][T27650] usb 5-1: USB disconnect, device number 75 [ 726.420465][T32481] netlink: 'syz.1.9050': attribute type 3 has an invalid length. [ 726.858596][T32489] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 726.889493][T32489] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 727.557147][ T58] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 727.616587][T27650] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 727.736252][ T58] usb 1-1: Using ep0 maxpacket: 32 [ 727.765844][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 727.786232][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 727.816111][ T58] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 727.839523][T27650] usb 5-1: config index 0 descriptor too short (expected 106, got 36) [ 727.859271][T27650] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 727.870345][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.887103][T27650] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 727.906990][ T58] usb 1-1: config 0 descriptor?? [ 727.912372][T27650] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 727.956061][T27650] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.981812][T27650] usb 5-1: config 0 descriptor?? [ 728.322498][T29979] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.387470][ T58] ft260 0003:0403:6030.006C: unknown main item tag 0x0 [ 728.412293][T27650] corsair 0003:1B1C:1B3E.006D: failed to start in urb: -90 [ 728.428862][T27650] corsair 0003:1B1C:1B3E.006D: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.4-1/input0 [ 728.586815][ T58] ft260 0003:0403:6030.006C: chip code: 5e81 abf2 [ 728.725528][T27650] usb 5-1: USB disconnect, device number 76 [ 728.752193][T29979] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.868322][T29979] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.896628][ T5234] Bluetooth: hci0: command tx timeout [ 729.018188][T29979] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.055327][ T5220] usb 1-1: USB disconnect, device number 56 [ 729.238144][T32557] netlink: 'syz.2.9062': attribute type 3 has an invalid length. [ 729.286148][T32557] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.9062'. [ 729.306420][T29979] bridge_slave_1: left allmulticast mode [ 729.312093][T29979] bridge_slave_1: left promiscuous mode [ 729.337178][T29979] bridge0: port 2(bridge_slave_1) entered disabled state [ 729.369226][T29979] bridge_slave_0: left allmulticast mode [ 729.388378][T29979] bridge_slave_0: left promiscuous mode [ 729.397640][T29979] bridge0: port 1(bridge_slave_0) entered disabled state [ 729.430273][T32565] netlink: 16 bytes leftover after parsing attributes in process `syz.4.9063'. [ 729.723014][ T5228] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 729.736600][ T5228] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 729.756802][ T5228] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 729.789959][ T5228] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 729.806618][ T5228] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 729.816330][ T5228] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 730.702370][T29979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 730.721335][T29979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 730.741126][T29979] bond0 (unregistering): Released all slaves [ 731.680487][T32730] input: syz1 as /devices/virtual/input/input86 [ 731.859570][ T5234] Bluetooth: hci8: command tx timeout [ 732.000665][T29979] hsr_slave_0: left promiscuous mode [ 732.056368][T29979] hsr_slave_1: left promiscuous mode [ 732.101606][T29979] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 732.137897][T29979] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 732.151270][ T29] audit: type=1326 audit(1723880916.699:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32761 comm="syz.2.9095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 732.157094][T29979] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 732.234347][T29979] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 732.242026][ T29] audit: type=1326 audit(1723880916.729:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32761 comm="syz.2.9095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 732.324271][ T29] audit: type=1326 audit(1723880916.729:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32761 comm="syz.2.9095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 732.340602][T29979] veth1_macvtap: left promiscuous mode [ 732.378121][T29979] veth0_macvtap: left promiscuous mode [ 732.383828][T29979] veth1_vlan: left promiscuous mode [ 732.398542][ T29] audit: type=1326 audit(1723880916.729:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32761 comm="syz.2.9095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 732.407049][T29979] veth0_vlan: left promiscuous mode [ 733.647088][T29979] team0 (unregistering): Port device team_slave_1 removed [ 733.740848][T29979] team0 (unregistering): Port device team_slave_0 removed [ 733.936074][ T5234] Bluetooth: hci8: command tx timeout [ 734.661629][T32568] chnl_net:caif_netlink_parms(): no params data found [ 735.164285][T32568] bridge0: port 1(bridge_slave_0) entered blocking state [ 735.178442][T32568] bridge0: port 1(bridge_slave_0) entered disabled state [ 735.195540][T32568] bridge_slave_0: entered allmulticast mode [ 735.209658][T32568] bridge_slave_0: entered promiscuous mode [ 735.239509][T32568] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.256820][T32568] bridge0: port 2(bridge_slave_1) entered disabled state [ 735.274236][T32568] bridge_slave_1: entered allmulticast mode [ 735.328045][T32568] bridge_slave_1: entered promiscuous mode [ 735.543576][T32568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 735.565626][T32568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 735.803650][T32568] team0: Port device team_slave_0 added [ 735.842380][T32568] team0: Port device team_slave_1 added [ 736.012183][T32568] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 736.021217][ T5234] Bluetooth: hci8: command tx timeout [ 736.031722][ T489] loop0: detected capacity change from 0 to 7 [ 736.036499][ T29] audit: type=1326 audit(1723880920.549:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=484 comm="syz.0.9121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 736.038389][T32568] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 736.086878][T32568] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 736.087963][ T489] Dev loop0: unable to read RDB block 7 [ 736.098199][ T29] audit: type=1326 audit(1723880920.549:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=484 comm="syz.0.9121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 736.129355][T32568] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 736.136594][T32568] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 736.136954][ T489] loop0: unable to read partition table [ 736.162492][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.163139][ T29] audit: type=1326 audit(1723880920.579:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=484 comm="syz.0.9121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f1701379e79 code=0x7ffc0000 [ 736.163192][T32568] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 736.196308][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.216571][ T489] loop0: partition table beyond EOD, truncated [ 736.224266][ T489] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 736.224266][ T489] ) failed (rc=-5) [ 736.338178][T32568] hsr_slave_0: entered promiscuous mode [ 736.354495][T32568] hsr_slave_1: entered promiscuous mode [ 736.377265][T32568] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 736.394282][T32568] Cannot create hsr debugfs directory [ 737.206780][ T627] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 737.539106][T32568] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 737.599523][T32568] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 737.639798][T32568] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 737.664833][T32568] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 738.096989][ T5234] Bluetooth: hci8: command tx timeout [ 738.134638][T32568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.252267][T32568] 8021q: adding VLAN 0 to HW filter on device team0 [ 738.343811][ T1071] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.350997][ T1071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.388279][ T1071] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.395424][ T1071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.464057][ T698] netlink: 'syz.1.9149': attribute type 21 has an invalid length. [ 738.495986][ T698] netlink: 176 bytes leftover after parsing attributes in process `syz.1.9149'. [ 738.888757][ T710] netlink: 'syz.1.9151': attribute type 16 has an invalid length. [ 738.909180][ T58] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 738.920891][ T710] netlink: 48 bytes leftover after parsing attributes in process `syz.1.9151'. [ 738.969149][ T710] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.118470][ T58] usb 5-1: Using ep0 maxpacket: 8 [ 739.133253][ T58] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 739.167927][ T58] usb 5-1: config 0 has no interface number 0 [ 739.189219][ T58] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 739.226265][ T58] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 739.249505][T32568] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.266555][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.302296][ T717] netlink: 165 bytes leftover after parsing attributes in process `syz.1.9155'. [ 739.303140][ T58] usb 5-1: config 0 descriptor?? [ 739.367104][ T58] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 739.434787][T32568] veth0_vlan: entered promiscuous mode [ 739.508744][T32568] veth1_vlan: entered promiscuous mode [ 739.603651][ T731] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 739.656737][ T58] usb 5-1: USB disconnect, device number 77 [ 739.670115][T32568] veth0_macvtap: entered promiscuous mode [ 739.678921][ T58] iowarrior 5-1:0.1: I/O-Warror #0 now disconnected [ 739.702516][T32568] veth1_macvtap: entered promiscuous mode [ 739.751488][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.780708][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.791044][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.801890][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.813091][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.830221][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.847072][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.862380][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.879784][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.894317][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.905450][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.916948][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.927859][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.938808][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.960813][T32568] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 740.021706][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.040773][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.066341][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.076905][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.093315][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.116008][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.137057][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.161908][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.172819][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.184490][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.195172][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.209932][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.221427][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.242236][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.263252][T32568] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.287147][T32568] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.328720][T32568] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 740.353754][T32568] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.382024][T32568] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.400731][T32568] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.429979][T32568] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.637737][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 740.661715][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 740.745974][ T58] psmouse serio6: Failed to reset mouse on : -5 [ 740.755230][T32723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 740.797444][T32723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 741.305602][ T812] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9180'. [ 741.906054][T27650] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 742.096176][T27650] usb 5-1: Using ep0 maxpacket: 16 [ 742.103541][T27650] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 742.132485][T27650] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 742.156056][T27650] usb 5-1: New USB device found, idVendor=05ac, idProduct=0223, bcdDevice= 0.00 [ 742.176277][T27650] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.187152][T27650] usb 5-1: config 0 descriptor?? [ 742.206963][T27650] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input89 [ 742.397194][ T4654] bcm5974 5-1:0.0: could not read from device [ 742.431541][ T4654] bcm5974 5-1:0.0: could not read from device [ 742.432871][ T865] [U]  [ 742.442378][T27650] usb 5-1: USB disconnect, device number 78 [ 742.839300][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.649362][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.803945][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.993659][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.321212][ T5228] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 744.334549][ T5228] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 744.342967][ T5228] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 744.351806][ T5228] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 744.360143][ T35] bridge_slave_1: left allmulticast mode [ 744.365799][ T35] bridge_slave_1: left promiscuous mode [ 744.373761][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 744.383536][ T5228] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 744.391742][ T5228] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 744.416805][ T35] bridge_slave_0: left allmulticast mode [ 744.436498][ T35] bridge_slave_0: left promiscuous mode [ 744.451700][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.515967][ T58] misc userio: Buffer overflowed, userio client isn't keeping up [ 744.785271][ T29] audit: type=1326 audit(1723880929.329:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=944 comm="syz.2.9214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 744.829058][ T29] audit: type=1326 audit(1723880929.359:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=944 comm="syz.2.9214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 744.886398][ T29] audit: type=1326 audit(1723880929.379:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=944 comm="syz.2.9214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 744.937859][ T29] audit: type=1326 audit(1723880929.379:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=944 comm="syz.2.9214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 744.977557][ T29] audit: type=1326 audit(1723880929.379:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=944 comm="syz.2.9214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f3dd79e79 code=0x7ffc0000 [ 850.005837][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 850.005869][ C0] rcu: 1-...!: (1 ticks this GP) idle=a23c/1/0x4000000000000000 softirq=82236/82236 fqs=33 [ 850.006900][ C0] rcu: (detected by 0, t=10504 jiffies, g=126297, q=547 ncpus=2) [ 850.006924][ C0] Sending NMI from CPU 0 to CPUs 1: [ 850.006967][ C1] NMI backtrace for cpu 1 [ 850.006982][ C1] CPU: 1 UID: 0 PID: 29 Comm: kauditd Not tainted 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0 [ 850.007002][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 850.007013][ C1] RIP: 0010:rb_insert_color+0x5/0x690 [ 850.007044][ C1] Code: 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d 41 ff e3 cc 90 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 38 49 89 f7 48 89 fd 48 bb 00 [ 850.007058][ C1] RSP: 0018:ffffc90000a18cb0 EFLAGS: 00000082 [ 850.007075][ C1] RAX: 1ffff1101726593b RBX: ffff8880b932c901 RCX: dffffc0000000000 [ 850.007088][ C1] RDX: 0000000000000000 RSI: ffff8880b932c9d0 RDI: ffff888069caf340 [ 850.007101][ C1] RBP: 1ffff1100d395e68 R08: ffff888069caf357 R09: 0000000000000000 [ 850.007113][ C1] R10: ffff888069caf340 R11: ffffed100d395e6b R12: ffff8880b932c9d0 [ 850.007127][ C1] R13: ffff8880b932c9d0 R14: 0000000000000000 R15: ffff888069caf340 [ 850.007139][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 850.007154][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 850.007166][ C1] CR2: 00007f0c2edfff7c CR3: 000000004bbbc000 CR4: 00000000003506f0 [ 850.007181][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 850.007192][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 850.007203][ C1] Call Trace: [ 850.007210][ C1] [ 850.007219][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 850.007261][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 850.007309][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 850.007349][ C1] ? nmi_handle+0x2a/0x5a0 [ 850.007404][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 850.007445][ C1] ? nmi_handle+0x14f/0x5a0 [ 850.007480][ C1] ? nmi_handle+0x2a/0x5a0 [ 850.007517][ C1] ? rb_insert_color+0x5/0x690 [ 850.007562][ C1] ? default_do_nmi+0x63/0x160 [ 850.007590][ C1] ? exc_nmi+0x123/0x1f0 [ 850.007609][ C1] ? end_repeat_nmi+0xf/0x53 [ 850.007636][ C1] ? rb_insert_color+0x5/0x690 [ 850.007658][ C1] ? rb_insert_color+0x5/0x690 [ 850.007683][ C1] ? rb_insert_color+0x5/0x690 [ 850.007705][ C1] [ 850.007711][ C1] [ 850.007717][ C1] timerqueue_add+0x260/0x290 [ 850.007736][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 850.007761][ C1] enqueue_hrtimer+0x1b2/0x3c0 [ 850.007783][ C1] __hrtimer_run_queues+0x6cb/0xd50 [ 850.007800][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 850.007833][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 850.007852][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 850.007878][ C1] hrtimer_interrupt+0x396/0x990 [ 850.007910][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 850.007937][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 850.007960][ C1] [ 850.007966][ C1] [ 850.007973][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 850.007992][ C1] RIP: 0010:console_flush_all+0xaad/0xfd0 [ 850.008011][ C1] Code: ff ff e8 06 c3 1f 00 90 0f 0b 90 e9 d8 f8 ff ff e8 f8 c2 1f 00 e8 43 43 3a 0a 4d 85 f6 74 b6 e8 e9 c2 1f 00 fb 48 8b 44 24 70 <42> 0f b6 04 38 84 c0 48 8b 7c 24 30 0f 85 22 02 00 00 0f b6 1f 31 [ 850.008025][ C1] RSP: 0018:ffffc90000a577e0 EFLAGS: 00000293 [ 850.008038][ C1] RAX: 1ffff9200014af48 RBX: 0000000000000000 RCX: ffff888017e99e00 [ 850.008051][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 850.008061][ C1] RBP: ffffc90000a57990 R08: ffffffff8173c714 R09: 1ffffffff269e508 [ 850.008074][ C1] R10: dffffc0000000000 R11: fffffbfff269e509 R12: ffffffff8ef1fb18 [ 850.008087][ C1] R13: ffffffff8ef1fac0 R14: 0000000000000200 R15: dffffc0000000000 [ 850.008103][ C1] ? console_flush_all+0xa44/0xfd0 [ 850.008130][ C1] ? console_flush_all+0x152/0xfd0 [ 850.008154][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 850.008174][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 850.008198][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 850.008224][ C1] console_unlock+0x13b/0x4d0 [ 850.008244][ C1] ? __pfx_console_unlock+0x10/0x10 [ 850.008260][ C1] ? _printk+0xd5/0x120 [ 850.008283][ C1] ? _printk+0xd5/0x120 [ 850.008306][ C1] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 850.008328][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 850.008354][ C1] vprintk_emit+0x5a6/0x770 [ 850.008373][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 850.008390][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 850.008412][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 850.008441][ C1] _printk+0xd5/0x120 [ 850.008466][ C1] ? kauditd_hold_skb+0xe7/0x210 [ 850.008488][ C1] ? __pfx__printk+0x10/0x10 [ 850.008516][ C1] ? netlink_has_listeners+0x2ea/0x3a0 [ 850.008542][ C1] kauditd_hold_skb+0x1be/0x210 [ 850.008568][ C1] ? __pfx_kauditd_hold_skb+0x10/0x10 [ 850.008589][ C1] ? __pfx_kauditd_send_multicast_skb+0x10/0x10 [ 850.008610][ C1] kauditd_send_queue+0x2b1/0x310 [ 850.008631][ C1] ? __pfx_kauditd_send_multicast_skb+0x10/0x10 [ 850.008652][ C1] ? __pfx_kauditd_hold_skb+0x10/0x10 [ 850.008676][ C1] ? kauditd_thread+0xb4/0x9b0 [ 850.008696][ C1] kauditd_thread+0x74a/0x9b0 [ 850.008715][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 850.008739][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 850.008761][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 850.008784][ C1] ? __pfx_kauditd_thread+0x10/0x10 [ 850.008804][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 850.008828][ C1] ? __kthread_parkme+0x169/0x1d0 [ 850.008853][ C1] ? __pfx_kauditd_thread+0x10/0x10 [ 850.008872][ C1] kthread+0x2f0/0x390 [ 850.008896][ C1] ? __pfx_kauditd_thread+0x10/0x10 [ 850.008915][ C1] ? __pfx_kthread+0x10/0x10 [ 850.008939][ C1] ret_from_fork+0x4b/0x80 [ 850.008961][ C1] ? __pfx_kthread+0x10/0x10 [ 850.008984][ C1] ret_from_fork_asm+0x1a/0x30 [ 850.009016][ C1] [ 850.009956][ C0] rcu: rcu_preempt kthread starved for 10340 jiffies! g126297 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 850.009980][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 850.009992][ C0] rcu: RCU grace-period kthread stack dump: [ 850.010001][ C0] task:rcu_preempt state:R running task stack:25816 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 850.010045][ C0] Call Trace: [ 850.010053][ C0] [ 850.010067][ C0] __schedule+0x17ae/0x4a10 [ 850.010117][ C0] ? __pfx___schedule+0x10/0x10 [ 850.010148][ C0] ? __pfx_lock_release+0x10/0x10 [ 850.010172][ C0] ? __asan_memset+0x23/0x50 [ 850.010198][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 850.010225][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 850.010255][ C0] ? schedule+0x90/0x320 [ 850.010281][ C0] schedule+0x14b/0x320 [ 850.010310][ C0] schedule_timeout+0x1be/0x310 [ 850.010339][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 850.010365][ C0] ? __pfx_process_timeout+0x10/0x10 [ 850.010399][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 850.010431][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 850.010455][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 850.010496][ C0] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 850.010523][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 850.010547][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 850.010579][ C0] ? finish_swait+0xd4/0x1e0 [ 850.010608][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 850.010636][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 850.010659][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 850.010690][ C0] ? __kthread_parkme+0x169/0x1d0 [ 850.010721][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 850.010746][ C0] kthread+0x2f0/0x390 [ 850.010773][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 850.010797][ C0] ? __pfx_kthread+0x10/0x10 [ 850.010827][ C0] ret_from_fork+0x4b/0x80 [ 850.010852][ C0] ? __pfx_kthread+0x10/0x10 [ 850.010880][ C0] ret_from_fork_asm+0x1a/0x30 [ 850.010922][ C0] [ 850.010931][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 850.010941][ C0] CPU: 0 UID: 0 PID: 961 Comm: syz.0.9221 Not tainted 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0 [ 850.010963][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 850.010975][ C0] RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0 [ 850.010998][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 19 15 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 c4 10 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 a8 10 [ 850.011015][ C0] RSP: 0018:ffffc90009b47400 EFLAGS: 00000246 [ 850.011033][ C0] RAX: ffffffff818779b8 RBX: 1ffff110172688f1 RCX: 0000000000040000 [ 850.011049][ C0] RDX: ffffc900126eb000 RSI: 000000000003ffff RDI: 0000000000040000 [ 850.011064][ C0] RBP: ffffc90009b475e0 R08: ffffffff81877987 R09: 1ffffffff269e508 [ 850.011080][ C0] R10: dffffc0000000000 R11: fffffbfff269e509 R12: dffffc0000000000 [ 850.011095][ C0] R13: ffff8880b9344788 R14: ffff8880b923fb40 R15: 0000000000000001 [ 850.011111][ C0] FS: 00007f17020ab6c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 850.011129][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 850.011144][ C0] CR2: 0000001b2ed1dff8 CR3: 0000000064f72000 CR4: 00000000003506f0 [ 850.011161][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 850.011174][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 850.011188][ C0] Call Trace: [ 850.011195][ C0] [ 850.011204][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 850.011236][ C0] ? print_other_cpu_stall+0x1470/0x15a0 [ 850.011277][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 850.011302][ C0] ? __pfx_lock_release+0x10/0x10 [ 850.011344][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 850.011371][ C0] ? rcu_sched_clock_irq+0xa2c/0x10d0 [ 850.011408][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 850.011437][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 850.011459][ C0] ? acct_account_cputime+0xd3/0x210 [ 850.011488][ C0] ? update_process_times+0x1ce/0x230 [ 850.011516][ C0] ? tick_nohz_handler+0x37c/0x500 [ 850.011543][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 850.011566][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 850.011588][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 850.011631][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 850.011654][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 850.011687][ C0] ? hrtimer_interrupt+0x396/0x990 [ 850.011732][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 850.011763][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 850.011790][ C0] [ 850.011798][ C0] [ 850.011807][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 850.011836][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 850.011856][ C0] ? smp_call_function_many_cond+0x1878/0x29d0 [ 850.011880][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 850.011907][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 850.011938][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 850.011960][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 850.012000][ C0] ? __get_immv32+0x19c/0x350 [ 850.012028][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 850.012050][ C0] ? __pfx___might_resched+0x10/0x10 [ 850.012083][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 850.012108][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 850.012131][ C0] text_poke_bp_batch+0x352/0xb30 [ 850.012167][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 850.012198][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 850.012223][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 850.012253][ C0] text_poke_bp+0xb0/0x100 [ 850.012279][ C0] ? __pfx_text_poke_bp+0x10/0x10 [ 850.012301][ C0] ? trace_contention_end+0x3c/0x120 [ 850.012327][ C0] ? __mutex_lock+0x2ef/0xd70 [ 850.012346][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 850.012378][ C0] __static_call_transform+0x51a/0x810 [ 850.012401][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 850.012427][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 850.012451][ C0] ? __pfx___static_call_transform+0x10/0x10 [ 850.012480][ C0] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 850.012511][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 850.012532][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 850.012558][ C0] arch_static_call_transform+0x141/0x380 [ 850.012584][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 850.012606][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 850.012634][ C0] __static_call_update+0xd8/0x5e0 [ 850.012661][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 850.012689][ C0] ? __pfx___static_call_update+0x10/0x10 [ 850.012712][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 850.012737][ C0] ? rcu_is_watching+0x15/0xb0 [ 850.012762][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 850.012787][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 850.012812][ C0] ? tracepoint_add_func+0x49a/0x9e0 [ 850.012842][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 850.012863][ C0] tracepoint_add_func+0x918/0x9e0 [ 850.012895][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 850.012920][ C0] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 850.012953][ C0] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 850.012981][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 850.013003][ C0] ? anon_inode_getfile+0xff/0x180 [ 850.013035][ C0] ? bpf_probe_register+0x134/0x1f0 [ 850.013063][ C0] bpf_raw_tp_link_attach+0x48b/0x6e0 [ 850.013093][ C0] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 850.013152][ C0] bpf_raw_tracepoint_open+0x1c2/0x240 [ 850.013181][ C0] __sys_bpf+0x3c0/0x810 [ 850.013207][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 850.013245][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 850.013274][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 850.013302][ C0] ? do_syscall_64+0x100/0x230 [ 850.013331][ C0] __x64_sys_bpf+0x7c/0x90 [ 850.013354][ C0] do_syscall_64+0xf3/0x230 [ 850.013375][ C0] ? clear_bhb_loop+0x35/0x90 [ 850.013400][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.013421][ C0] RIP: 0033:0x7f1701379e79 [ 850.013440][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 850.013457][ C0] RSP: 002b:00007f17020ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 850.013478][ C0] RAX: ffffffffffffffda RBX: 00007f1701515f80 RCX: 00007f1701379e79 [ 850.013494][ C0] RDX: 000000000000002a RSI: 0000000020000380 RDI: 0000000000000011 [ 850.013507][ C0] RBP: 00007f17013e7916 R08: 0000000000000000 R09: 0000000000000000 [ 850.013521][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 850.013535][ C0] R13: 0000000000000000 R14: 00007f1701515f80 R15: 00007ffde2e8c118 [ 850.013566][ C0] [ 992.552485][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [syz.0.9221:961] [ 992.552518][ C0] Modules linked in: [ 992.552533][ C0] irq event stamp: 1167666 [ 992.552543][ C0] hardirqs last enabled at (1167665): [] irqentry_exit+0x63/0x90 [ 992.552574][ C0] hardirqs last disabled at (1167666): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 992.552605][ C0] softirqs last enabled at (1167656): [] __irq_exit_rcu+0xf4/0x1c0 [ 992.552634][ C0] softirqs last disabled at (1167555): [] __irq_exit_rcu+0xf4/0x1c0 [ 992.552665][ C0] CPU: 0 UID: 0 PID: 961 Comm: syz.0.9221 Not tainted 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0 [ 992.552693][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 992.552708][ C0] RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0 [ 992.552732][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 19 15 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 c4 10 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 a8 10 [ 992.552750][ C0] RSP: 0018:ffffc90009b47400 EFLAGS: 00000246 [ 992.552768][ C0] RAX: ffffffff818779b8 RBX: 1ffff110172688f1 RCX: 0000000000040000 [ 992.552784][ C0] RDX: ffffc900126eb000 RSI: 000000000003ffff RDI: 0000000000040000 [ 992.552799][ C0] RBP: ffffc90009b475e0 R08: ffffffff81877987 R09: 1ffffffff269e508 [ 992.552815][ C0] R10: dffffc0000000000 R11: fffffbfff269e509 R12: dffffc0000000000 [ 992.552830][ C0] R13: ffff8880b9344788 R14: ffff8880b923fb40 R15: 0000000000000001 [ 992.552846][ C0] FS: 00007f17020ab6c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 992.552864][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 992.552879][ C0] CR2: 0000001b2ed1dff8 CR3: 0000000064f72000 CR4: 00000000003506f0 [ 992.552897][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 992.552910][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 992.552924][ C0] Call Trace: [ 992.552934][ C0] [ 992.552944][ C0] ? watchdog_timer_fn+0x75b/0x960 [ 992.552977][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 992.553008][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 992.553035][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 992.553070][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 992.553099][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 992.553120][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 992.553165][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 992.553188][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 992.553222][ C0] ? hrtimer_interrupt+0x396/0x990 [ 992.553268][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 992.553300][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 992.553326][ C0] [ 992.553334][ C0] [ 992.553344][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 992.553373][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 992.553393][ C0] ? smp_call_function_many_cond+0x1878/0x29d0 [ 992.553418][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 992.553444][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.553476][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 992.553499][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.553539][ C0] ? __get_immv32+0x19c/0x350 [ 992.553568][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 992.553590][ C0] ? __pfx___might_resched+0x10/0x10 [ 992.553623][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 992.553647][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 992.553671][ C0] text_poke_bp_batch+0x352/0xb30 [ 992.553713][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 992.553743][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 992.553768][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.553798][ C0] text_poke_bp+0xb0/0x100 [ 992.553825][ C0] ? __pfx_text_poke_bp+0x10/0x10 [ 992.553846][ C0] ? trace_contention_end+0x3c/0x120 [ 992.553868][ C0] ? __mutex_lock+0x2ef/0xd70 [ 992.553888][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.553920][ C0] __static_call_transform+0x51a/0x810 [ 992.553943][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.553969][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.553993][ C0] ? __pfx___static_call_transform+0x10/0x10 [ 992.554022][ C0] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 992.554054][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.554075][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.554101][ C0] arch_static_call_transform+0x141/0x380 [ 992.554127][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.554150][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.554178][ C0] __static_call_update+0xd8/0x5e0 [ 992.554205][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.554233][ C0] ? __pfx___static_call_update+0x10/0x10 [ 992.554257][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 992.554282][ C0] ? rcu_is_watching+0x15/0xb0 [ 992.554308][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 992.554332][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 992.554357][ C0] ? tracepoint_add_func+0x49a/0x9e0 [ 992.554386][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.554408][ C0] tracepoint_add_func+0x918/0x9e0 [ 992.554440][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.554464][ C0] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 992.554497][ C0] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 992.554525][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.554548][ C0] ? anon_inode_getfile+0xff/0x180 [ 992.554580][ C0] ? bpf_probe_register+0x134/0x1f0 [ 992.554607][ C0] bpf_raw_tp_link_attach+0x48b/0x6e0 [ 992.554638][ C0] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 992.554702][ C0] bpf_raw_tracepoint_open+0x1c2/0x240 [ 992.554731][ C0] __sys_bpf+0x3c0/0x810 [ 992.554757][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 992.554794][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 992.554824][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 992.554852][ C0] ? do_syscall_64+0x100/0x230 [ 992.554877][ C0] __x64_sys_bpf+0x7c/0x90 [ 992.554900][ C0] do_syscall_64+0xf3/0x230 [ 992.554921][ C0] ? clear_bhb_loop+0x35/0x90 [ 992.554946][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.554967][ C0] RIP: 0033:0x7f1701379e79 [ 992.554988][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 992.555004][ C0] RSP: 002b:00007f17020ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 992.555026][ C0] RAX: ffffffffffffffda RBX: 00007f1701515f80 RCX: 00007f1701379e79 [ 992.555041][ C0] RDX: 000000000000002a RSI: 0000000020000380 RDI: 0000000000000011 [ 992.555055][ C0] RBP: 00007f17013e7916 R08: 0000000000000000 R09: 0000000000000000 [ 992.555069][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 992.555083][ C0] R13: 0000000000000000 R14: 00007f1701515f80 R15: 00007ffde2e8c118 [ 992.555115][ C0] [ 992.555124][ C0] Sending NMI from CPU 0 to CPUs 1: [ 992.555153][ C1] NMI backtrace for cpu 1 [ 992.555162][ C1] CPU: 1 UID: 0 PID: 29 Comm: kauditd Not tainted 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0 [ 992.555181][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 992.555190][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 [ 992.555213][ C1] Code: 8b 3d ac 88 74 0c 48 89 de 5b e9 93 6e 58 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 00 d7 03 00 65 8b 15 90 4c 70 7e 81 e2 00 01 ff 00 [ 992.555226][ C1] RSP: 0018:ffffc90000a18d38 EFLAGS: 00000097 [ 992.555240][ C1] RAX: ffffffff81810422 RBX: 0000000000000001 RCX: ffff888017e99e00 [ 992.555252][ C1] RDX: ffff888017e99e00 RSI: 0000000000000001 RDI: 0000000000000007 [ 992.555263][ C1] RBP: ffffc90000a18ea8 R08: ffffffff81810418 R09: 1ffffffff29f26b5 [ 992.555276][ C1] R10: dffffc0000000000 R11: fffffbfff29f26b6 R12: 1ffff1101726593b [ 992.555289][ C1] R13: dffffc0000000000 R14: ffff888069caf340 R15: ffff8880b932c980 [ 992.555302][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 992.555316][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 992.555328][ C1] CR2: 00007f0c2edfff7c CR3: 000000004bbbc000 CR4: 00000000003506f0 [ 992.555342][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 992.555352][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 992.555363][ C1] Call Trace: [ 992.555370][ C1] [ 992.555378][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 992.555418][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 992.555452][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 992.555472][ C1] ? nmi_handle+0x2a/0x5a0 [ 992.555497][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 992.555517][ C1] ? nmi_handle+0x14f/0x5a0 [ 992.555533][ C1] ? nmi_handle+0x2a/0x5a0 [ 992.555550][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 992.555570][ C1] ? rb_insert_color+0x5/0x690 [ 992.555591][ C1] ? default_do_nmi+0x63/0x160 [ 992.555612][ C1] ? exc_nmi+0x123/0x1f0 [ 992.555631][ C1] ? end_repeat_nmi+0xf/0x53 [ 992.555653][ C1] ? debug_deactivate+0x38/0x220 [ 992.555670][ C1] ? debug_deactivate+0x42/0x220 [ 992.555689][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 992.555711][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 992.555733][ C1] ? __sanitizer_cov_trace_pc+0x8/0x70 [ 992.555754][ C1] [ 992.555760][ C1] [ 992.555765][ C1] debug_deactivate+0x42/0x220 [ 992.555784][ C1] __hrtimer_run_queues+0x305/0xd50 [ 992.555802][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 992.555835][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 992.555853][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 992.555879][ C1] hrtimer_interrupt+0x396/0x990 [ 992.555911][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 992.555937][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 992.555961][ C1] [ 992.555967][ C1] [ 992.555973][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 992.555992][ C1] RIP: 0010:console_flush_all+0xaad/0xfd0 [ 992.556011][ C1] Code: ff ff e8 06 c3 1f 00 90 0f 0b 90 e9 d8 f8 ff ff e8 f8 c2 1f 00 e8 43 43 3a 0a 4d 85 f6 74 b6 e8 e9 c2 1f 00 fb 48 8b 44 24 70 <42> 0f b6 04 38 84 c0 48 8b 7c 24 30 0f 85 22 02 00 00 0f b6 1f 31 [ 992.556025][ C1] RSP: 0018:ffffc90000a577e0 EFLAGS: 00000293 [ 992.556038][ C1] RAX: 1ffff9200014af48 RBX: 0000000000000000 RCX: ffff888017e99e00 [ 992.556050][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 992.556060][ C1] RBP: ffffc90000a57990 R08: ffffffff8173c714 R09: 1ffffffff269e508 [ 992.556073][ C1] R10: dffffc0000000000 R11: fffffbfff269e509 R12: ffffffff8ef1fb18 [ 992.556086][ C1] R13: ffffffff8ef1fac0 R14: 0000000000000200 R15: dffffc0000000000 [ 992.556102][ C1] ? console_flush_all+0xa44/0xfd0 [ 992.556129][ C1] ? console_flush_all+0x152/0xfd0 [ 992.556153][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 992.556173][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 992.556197][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 992.556223][ C1] console_unlock+0x13b/0x4d0 [ 992.556243][ C1] ? __pfx_console_unlock+0x10/0x10 [ 992.556258][ C1] ? _printk+0xd5/0x120 [ 992.556281][ C1] ? _printk+0xd5/0x120 [ 992.556303][ C1] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 992.556325][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 992.556350][ C1] vprintk_emit+0x5a6/0x770 [ 992.556368][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 992.556385][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 992.556407][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 992.556440][ C1] _printk+0xd5/0x120 [ 992.556465][ C1] ? kauditd_hold_skb+0xe7/0x210 [ 992.556487][ C1] ? __pfx__printk+0x10/0x10 [ 992.556515][ C1] ? netlink_has_listeners+0x2ea/0x3a0 [ 992.556541][ C1] kauditd_hold_skb+0x1be/0x210 [ 992.556563][ C1] ? __pfx_kauditd_hold_skb+0x10/0x10 [ 992.556583][ C1] ? __pfx_kauditd_send_multicast_skb+0x10/0x10 [ 992.556604][ C1] kauditd_send_queue+0x2b1/0x310 [ 992.556626][ C1] ? __pfx_kauditd_send_multicast_skb+0x10/0x10 [ 992.556647][ C1] ? __pfx_kauditd_hold_skb+0x10/0x10 [ 992.556671][ C1] ? kauditd_thread+0xb4/0x9b0 [ 992.556690][ C1] kauditd_thread+0x74a/0x9b0 [ 992.556709][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 992.556733][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 992.556755][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 992.556778][ C1] ? __pfx_kauditd_thread+0x10/0x10 [ 992.556798][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 992.556823][ C1] ? __kthread_parkme+0x169/0x1d0 [ 992.556847][ C1] ? __pfx_kauditd_thread+0x10/0x10 [ 992.556867][ C1] kthread+0x2f0/0x390 [ 992.556890][ C1] ? __pfx_kauditd_thread+0x10/0x10 [ 992.556910][ C1] ? __pfx_kthread+0x10/0x10 [ 992.556933][ C1] ret_from_fork+0x4b/0x80 [ 992.556955][ C1] ? __pfx_kthread+0x10/0x10 [ 992.556978][ C1] ret_from_fork_asm+0x1a/0x30 [ 992.557010][ C1] [ 992.557149][ C0] Kernel panic - not syncing: softlockup: hung tasks [ 992.557163][ C0] CPU: 0 UID: 0 PID: 961 Comm: syz.0.9221 Tainted: G L 6.11.0-rc3-syzkaller-00279-ge5fa841af679 #0 [ 992.557190][ C0] Tainted: [L]=SOFTLOCKUP [ 992.557198][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 992.557210][ C0] Call Trace: [ 992.557218][ C0] [ 992.557227][ C0] dump_stack_lvl+0x241/0x360 [ 992.557251][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 992.557271][ C0] ? __pfx__printk+0x10/0x10 [ 992.557307][ C0] ? vscnprintf+0x5d/0x90 [ 992.557332][ C0] panic+0x349/0x860 [ 992.557361][ C0] ? watchdog_timer_fn+0x914/0x960 [ 992.557390][ C0] ? __pfx_panic+0x10/0x10 [ 992.557415][ C0] ? tick_nohz_tick_stopped+0x82/0xb0 [ 992.557436][ C0] ? __irq_work_queue_local+0x137/0x410 [ 992.557464][ C0] ? irq_work_queue+0xca/0x150 [ 992.557488][ C0] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 992.557513][ C0] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 992.557544][ C0] watchdog_timer_fn+0x957/0x960 [ 992.557575][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 992.557605][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 992.557631][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 992.557665][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 992.557698][ C0] __hrtimer_run_queues+0x551/0xd50 [ 992.557719][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 992.557762][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 992.557785][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 992.557817][ C0] hrtimer_interrupt+0x396/0x990 [ 992.557863][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 992.557895][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 992.557922][ C0] [ 992.557930][ C0] [ 992.557939][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 992.557961][ C0] RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0 [ 992.557983][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 19 15 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 c4 10 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 a8 10 [ 992.557999][ C0] RSP: 0018:ffffc90009b47400 EFLAGS: 00000246 [ 992.558017][ C0] RAX: ffffffff818779b8 RBX: 1ffff110172688f1 RCX: 0000000000040000 [ 992.558032][ C0] RDX: ffffc900126eb000 RSI: 000000000003ffff RDI: 0000000000040000 [ 992.558046][ C0] RBP: ffffc90009b475e0 R08: ffffffff81877987 R09: 1ffffffff269e508 [ 992.558062][ C0] R10: dffffc0000000000 R11: fffffbfff269e509 R12: dffffc0000000000 [ 992.558077][ C0] R13: ffff8880b9344788 R14: ffff8880b923fb40 R15: 0000000000000001 [ 992.558099][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 992.558119][ C0] ? smp_call_function_many_cond+0x1878/0x29d0 [ 992.558150][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.558181][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 992.558203][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.558242][ C0] ? __get_immv32+0x19c/0x350 [ 992.558269][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 992.558291][ C0] ? __pfx___might_resched+0x10/0x10 [ 992.558323][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 992.558347][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 992.558370][ C0] text_poke_bp_batch+0x352/0xb30 [ 992.558406][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 992.558435][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 992.558459][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.558488][ C0] text_poke_bp+0xb0/0x100 [ 992.558514][ C0] ? __pfx_text_poke_bp+0x10/0x10 [ 992.558535][ C0] ? trace_contention_end+0x3c/0x120 [ 992.558556][ C0] ? __mutex_lock+0x2ef/0xd70 [ 992.558574][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.558605][ C0] __static_call_transform+0x51a/0x810 [ 992.558628][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.558653][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.558676][ C0] ? __pfx___static_call_transform+0x10/0x10 [ 992.558708][ C0] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 992.558739][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.558759][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.558784][ C0] arch_static_call_transform+0x141/0x380 [ 992.558810][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.558832][ C0] ? __SCT__tp_func_io_uring_create+0x8/0x8 [ 992.558859][ C0] __static_call_update+0xd8/0x5e0 [ 992.558885][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.558912][ C0] ? __pfx___static_call_update+0x10/0x10 [ 992.558935][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 992.558959][ C0] ? rcu_is_watching+0x15/0xb0 [ 992.558984][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 992.559008][ C0] ? tracepoint_add_func+0x2e4/0x9e0 [ 992.559032][ C0] ? tracepoint_add_func+0x49a/0x9e0 [ 992.559062][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.559082][ C0] tracepoint_add_func+0x918/0x9e0 [ 992.559114][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.559138][ C0] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 992.559170][ C0] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 992.559197][ C0] ? __pfx___bpf_trace_io_uring_register+0x10/0x10 [ 992.559219][ C0] ? anon_inode_getfile+0xff/0x180 [ 992.559250][ C0] ? bpf_probe_register+0x134/0x1f0 [ 992.559276][ C0] bpf_raw_tp_link_attach+0x48b/0x6e0 [ 992.559307][ C0] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 992.559365][ C0] bpf_raw_tracepoint_open+0x1c2/0x240 [ 992.559393][ C0] __sys_bpf+0x3c0/0x810 [ 992.559419][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 992.559455][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 992.559484][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 992.559511][ C0] ? do_syscall_64+0x100/0x230 [ 992.559536][ C0] __x64_sys_bpf+0x7c/0x90 [ 992.559558][ C0] do_syscall_64+0xf3/0x230 [ 992.559578][ C0] ? clear_bhb_loop+0x35/0x90 [ 992.559602][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.559623][ C0] RIP: 0033:0x7f1701379e79 [ 992.559639][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 992.559655][ C0] RSP: 002b:00007f17020ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 992.559675][ C0] RAX: ffffffffffffffda RBX: 00007f1701515f80 RCX: 00007f1701379e79 [ 992.559694][ C0] RDX: 000000000000002a RSI: 0000000020000380 RDI: 0000000000000011 [ 992.559707][ C0] RBP: 00007f17013e7916 R08: 0000000000000000 R09: 0000000000000000 [ 992.559721][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 992.559734][ C0] R13: 0000000000000000 R14: 00007f1701515f80 R15: 00007ffde2e8c118 [ 992.559764][ C0] [ 993.688323][ C0] Shutting down cpus with NMI [ 993.688443][ C0] Kernel Offset: disabled