last executing test programs: 16.995041368s ago: executing program 1 (id=1327): link(&(0x7f0000000280)='./file0/../file0/file0\x00', &(0x7f0000000400)='./file0/../file0/file0\x00') 16.758387681s ago: executing program 1 (id=1330): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000140)={0x2800000000000000, 0x100000, 0x3ff, 0x2, 0x20}) 16.320273642s ago: executing program 1 (id=1337): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) 15.964393725s ago: executing program 1 (id=1343): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000200)=0x5, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r1, &(0x7f00000014c0)=ANY=[], 0x46b) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000009c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0xc2}}}}}}}, 0x0) 15.725604894s ago: executing program 4 (id=1347): syz_usb_connect(0x0, 0x51, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000cc2e3f2063072110c08e0000000109023f0001000000000904880005ffb717000905adda0000020154090501000004007f070905020c200009027e09050f042000410f04090505"], 0x0) 15.687367205s ago: executing program 1 (id=1348): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x32, 0xf4, 0x49, 0x10, 0x9c0, 0x201, 0xaa4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe5, 0xa5, 0xc8}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000002500)={0x1c, &(0x7f0000000280)={0x0, 0x31, 0x1, '7'}, 0x0, 0x0}) syz_open_dev$midi(&(0x7f0000000700), 0x3, 0x2a0300) syz_usb_control_io(r0, 0x0, 0x0) 13.803041805s ago: executing program 4 (id=1367): syz_usb_connect$uac1(0x2, 0xaf, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029d0003010100000904000000010100000a24010000000201020e06cb0256ceb91200000800fb0c24020302020205000909050c240200030200000000000e0724060001000009240346050200050009240605000106"], 0x0) 13.651509731s ago: executing program 1 (id=1370): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xea, 0x9d, 0xc2, 0x40, 0x14aa, 0x226, 0xfc92, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4f, 0x1, 0x0, 0xf8, 0x4a, 0x3e}}]}}]}}, 0x0) 13.351550413s ago: executing program 2 (id=1373): mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000002540)) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@GFS2_LARGE_FH_SIZE={0x20, 0x8, {{0x9, 0x0, 0xfffffff9, 0x9}, {0x7fff, 0x7, 0x3, 0xd06a}}}, 0x0, 0x600) 13.282050909s ago: executing program 2 (id=1374): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000380)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f0000000540)=""/95, &(0x7f00000004c0)=""/93, 0xffff1000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000340)={0x1, r1}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r3, 0x0) 13.106607248s ago: executing program 2 (id=1375): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1}, 0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 12.984582041s ago: executing program 2 (id=1376): mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x7) 12.866101463s ago: executing program 2 (id=1377): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000084040000000000000002"], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000000c00000002000000002000000000001304000080"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={'nicvf0\x00', 0x0}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x15) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x10) ioctl$TCFLSH(r0, 0x404c4701, 0x20000000) 11.799425616s ago: executing program 2 (id=1379): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="1201000041dc57403a092026687e000000010902240001000000000904330002870628000905061010000d07040905ee"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 11.528941563s ago: executing program 4 (id=1381): syz_emit_ethernet(0x82, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa008100000086dd60f53a0400483a00fe8000000000000000000000000000bbfe80000000000000000000000000002302009078000005006050835900000000fc0100f4ff0000000000000000000000fe880000000000000000000000000101"], 0x0) ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0xc0185879, &(0x7f0000000080)={0x0, 0x200002000001, 0x0, 0x0, 0x0, 0x0, 0x2401}) 11.343538435s ago: executing program 4 (id=1382): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=@newsa={0xf0, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0, @in6=@private1}, {@in=@dev, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0xb}, {}, {}, {}, 0x0, 0x0, 0xa, 0x1}}, 0xf0}}, 0x0) 11.206413287s ago: executing program 4 (id=1383): r0 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1a000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) 11.070605114s ago: executing program 4 (id=1384): mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]}) creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000002540)) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@GFS2_LARGE_FH_SIZE={0x20, 0x8, {{0x9, 0x0, 0xfffffff9, 0x9}, {0x7fff, 0x7, 0x3, 0xd06a}}}, 0x0, 0x600) 9.619575512s ago: executing program 0 (id=1387): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x7) 7.471394644s ago: executing program 0 (id=1389): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fddbdf251e00000008000400ffffffff080004000100000008000100", @ANYRES32], 0x34}, 0x1, 0x0, 0x0, 0x24008991}, 0x0) 7.210940921s ago: executing program 0 (id=1390): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00'}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) 6.97842927s ago: executing program 0 (id=1392): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000047c00000400000014000180080016000000000006000600800a00000800"], 0x1034}}, 0x0) 6.656713583s ago: executing program 0 (id=1394): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000000)={0xb, "1f2afd6d8250eefdb174ff"}) 6.391364175s ago: executing program 0 (id=1396): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)={{0x12, 0x1, 0x0, 0xed, 0x3e, 0xc9, 0x8, 0xccd, 0xb3, 0x2dee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb0, 0x87, 0x1d}}]}}]}}, 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000d00)={0x44, &(0x7f0000000bc0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000100)={0x20, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) 2.732925915s ago: executing program 3 (id=1406): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000000)={0xb, "1f2afd6d8250eefdb174ff"}) 2.415511414s ago: executing program 3 (id=1407): r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001440)={0xfffffffffffffd87, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "741cb976"}]}}, 0x0}, 0x0) 1.527872503s ago: executing program 3 (id=1409): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000140)={0x48}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x51e}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000340)={0x28, 0x6, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2b8000000000000}) close(r0) 1.129323776s ago: executing program 3 (id=1410): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x7) 562.821373ms ago: executing program 3 (id=1412): r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x10000, 0x2, 0x0, 0x8, 0x0, 0x0, {0x3}}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=1413): r0 = syz_usb_connect(0x0, 0x60, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x5e, 0x5b, 0x6b, 0x10, 0x130, 0x130, 0xa71c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1a, 0x0, 0x0, 0x50, 0x63, 0x33}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): s (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1490.415571][T13103] FAULT_INJECTION: forcing a failure. [ 1490.415571][T13103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1490.429363][T12733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.445902][T13103] CPU: 1 UID: 0 PID: 13103 Comm: syz.2.1107 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1490.456385][T13103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1490.466476][T13103] Call Trace: [ 1490.469771][T13103] [ 1490.472720][T13103] dump_stack_lvl+0x16c/0x1f0 [ 1490.477447][T13103] should_fail_ex+0x497/0x5b0 [ 1490.482167][T13103] _copy_from_user+0x30/0xf0 [ 1490.486798][T13103] copy_msghdr_from_user+0x99/0x160 [ 1490.492035][T13103] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1490.497888][T13103] ? __pfx___lock_acquire+0x10/0x10 [ 1490.503150][T13103] ___sys_sendmsg+0xff/0x1e0 [ 1490.507789][T13103] ? __pfx____sys_sendmsg+0x10/0x10 [ 1490.513029][T13103] ? find_held_lock+0x2d/0x110 [ 1490.517836][T13103] ? ksys_write+0x21c/0x260 [ 1490.522388][T13103] ? __fget_light+0x173/0x210 [ 1490.527099][T13103] __sys_sendmsg+0x117/0x1f0 [ 1490.531753][T13103] ? __pfx___sys_sendmsg+0x10/0x10 [ 1490.536949][T13103] do_syscall_64+0xcd/0x250 [ 1490.541756][T13103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1490.547695][T13103] RIP: 0033:0x7f13ef37def9 [ 1490.552132][T13103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1490.572202][T13103] RSP: 002b:00007f13f0127038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1490.580645][T13103] RAX: ffffffffffffffda RBX: 00007f13ef536058 RCX: 00007f13ef37def9 [ 1490.588638][T13103] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 1490.596649][T13103] RBP: 00007f13f0127090 R08: 0000000000000000 R09: 0000000000000000 [ 1490.604643][T13103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1490.612637][T13103] R13: 0000000000000000 R14: 00007f13ef536058 R15: 00007fffddc4ca18 [ 1490.620649][T13103] [ 1490.626061][T12733] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1490.648226][T12733] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.668166][T12733] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1490.694812][T12733] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.704054][T12733] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.715263][T12733] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.724604][T12733] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.791787][ T2464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1490.829538][ T2464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1491.100257][T13109] overlayfs: missing 'lowerdir' [ 1491.610385][T13116] binder: 13115:13116 ioctl 4018620d 0 returned -22 [ 1491.882707][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1491.943932][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1492.130574][ T2527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1492.173014][ T2527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1492.197792][T13123] binder: 13122:13123 ioctl 4018620d 0 returned -22 [ 1492.533931][T13125] FAULT_INJECTION: forcing a failure. [ 1492.533931][T13125] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1492.580738][T13125] CPU: 0 UID: 0 PID: 13125 Comm: syz.2.1112 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1492.591414][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1492.601495][T13125] Call Trace: [ 1492.604811][T13125] [ 1492.607786][T13125] dump_stack_lvl+0x16c/0x1f0 [ 1492.612590][T13125] should_fail_ex+0x497/0x5b0 [ 1492.617304][T13125] ? fs_reclaim_acquire+0xae/0x160 [ 1492.622458][T13125] should_fail_alloc_page+0xe7/0x130 [ 1492.627817][T13125] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 1492.634014][T13125] ? __pfx_mark_lock+0x10/0x10 [ 1492.638827][T13125] __alloc_pages_noprof+0x194/0x2460 [ 1492.644168][T13125] ? hlock_class+0x4e/0x130 [ 1492.648710][T13125] ? hlock_class+0x4e/0x130 [ 1492.653541][T13125] ? __lock_acquire+0xbdd/0x3cb0 [ 1492.658538][T13125] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1492.664312][T13125] ? __pfx___lock_acquire+0x10/0x10 [ 1492.669562][T13125] ? __pfx_mark_lock+0x10/0x10 [ 1492.674366][T13125] ? __pfx_mark_lock+0x10/0x10 [ 1492.679175][T13125] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1492.685104][T13125] ? policy_nodemask+0xea/0x4e0 [ 1492.689990][T13125] alloc_pages_mpol_noprof+0x275/0x610 [ 1492.695491][T13125] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1492.701519][T13125] folio_alloc_mpol_noprof+0x36/0xd0 [ 1492.706864][T13125] vma_alloc_folio_noprof+0xee/0x1b0 [ 1492.712210][T13125] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1492.718143][T13125] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 1492.723377][T13125] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 1492.728612][T13125] __handle_mm_fault+0x2dd7/0x5650 [ 1492.733767][T13125] ? down_read_trylock+0x1ed/0x3f0 [ 1492.738908][T13125] ? lock_vma_under_rcu+0x1e2/0x8f0 [ 1492.744154][T13125] ? __pfx___handle_mm_fault+0x10/0x10 [ 1492.749662][T13125] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 1492.755246][T13125] handle_mm_fault+0x498/0xa60 [ 1492.760058][T13125] ? __pkru_allows_pkey+0x21/0xb0 [ 1492.765163][T13125] do_user_addr_fault+0x60d/0x13f0 [ 1492.770349][T13125] exc_page_fault+0x5c/0xc0 [ 1492.774900][T13125] asm_exc_page_fault+0x26/0x30 [ 1492.779825][T13125] RIP: 0033:0x7f13ef32b22b [ 1492.784262][T13125] Code: c0 8b 87 c0 00 00 00 66 0f 6c c0 85 c0 0f 85 44 01 00 00 c7 87 c0 00 00 00 ff ff ff ff 48 8d 84 24 20 21 00 00 48 8d 7c 24 20 <0f> 29 44 24 40 49 89 e4 48 89 44 24 50 8b 43 74 48 89 9c 24 00 01 [ 1492.803901][T13125] RSP: 002b:00007f13f0124e10 EFLAGS: 00010246 [ 1492.810004][T13125] RAX: 00007f13f0126f30 RBX: 00007f13ef50b620 RCX: 0000000000000000 [ 1492.817996][T13125] RDX: 00007f13f0126f78 RSI: 00007f13ef3dc900 RDI: 00007f13f0124e30 [ 1492.825992][T13125] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 1492.834011][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1492.842019][T13125] R13: 0000000000000000 R14: 00007f13ef536058 R15: 00007fffddc4ca18 [ 1492.850040][T13125] [ 1492.875810][ T29] audit: type=1400 audit(1726655953.304:581): avc: denied { bind } for pid=13124 comm="syz.3.1113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1492.908066][T13125] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 1492.929748][T12942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1493.073246][T13129] tmpfs: Bad value for 'mpol' [ 1493.129606][T12942] veth0_vlan: entered promiscuous mode [ 1493.577350][T12942] veth1_vlan: entered promiscuous mode [ 1494.845939][T12942] veth0_macvtap: entered promiscuous mode [ 1494.957560][T13145] FAULT_INJECTION: forcing a failure. [ 1494.957560][T13145] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1494.971711][T13145] CPU: 1 UID: 0 PID: 13145 Comm: syz.2.1117 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1494.982189][T13145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1494.992375][T13145] Call Trace: [ 1494.995691][T13145] [ 1494.998746][T13145] dump_stack_lvl+0x16c/0x1f0 [ 1495.003484][T13145] should_fail_ex+0x497/0x5b0 [ 1495.008231][T13145] _copy_from_user+0x30/0xf0 [ 1495.012897][T13145] move_addr_to_kernel+0x68/0x160 [ 1495.017996][T13145] __sys_connect+0xbd/0x170 [ 1495.022561][T13145] ? __pfx___sys_connect+0x10/0x10 [ 1495.027747][T13145] ? __pfx_ksys_write+0x10/0x10 [ 1495.032660][T13145] __x64_sys_connect+0x72/0xb0 [ 1495.037478][T13145] ? lockdep_hardirqs_on+0x7c/0x110 [ 1495.042755][T13145] do_syscall_64+0xcd/0x250 [ 1495.047335][T13145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1495.053295][T13145] RIP: 0033:0x7f13ef37def9 [ 1495.057753][T13145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1495.077416][T13145] RSP: 002b:00007f13f0127038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1495.085891][T13145] RAX: ffffffffffffffda RBX: 00007f13ef536058 RCX: 00007f13ef37def9 [ 1495.093919][T13145] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 [ 1495.101937][T13145] RBP: 00007f13f0127090 R08: 0000000000000000 R09: 0000000000000000 [ 1495.109955][T13145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1495.117972][T13145] R13: 0000000000000000 R14: 00007f13ef536058 R15: 00007fffddc4ca18 [ 1495.126013][T13145] [ 1495.129174][ C1] vkms_vblank_simulate: vblank timer overrun [ 1495.140862][ T29] audit: type=1400 audit(1726655955.574:582): avc: denied { shutdown } for pid=13141 comm="syz.2.1117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 1495.233884][T12942] veth1_macvtap: entered promiscuous mode [ 1495.355630][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1495.394747][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.427333][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1495.456687][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.468714][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1495.481636][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.492886][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1495.503726][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.531136][T12942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1495.620702][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.668423][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.678712][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.696543][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.749270][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.798882][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.818908][T12942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1495.848816][T12942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1495.873881][T12942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1496.010962][T12942] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.091240][T12942] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.153664][T12942] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.229329][T12942] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1496.506039][ T1849] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1497.038839][ T1849] usb 1-1: Using ep0 maxpacket: 16 [ 1497.607151][ T1849] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1502.309025][ T1849] usb 1-1: string descriptor 0 read error: -71 [ 1502.339047][ T1849] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 1502.372831][ T1849] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1502.415426][ T1849] usb 1-1: config 0 descriptor?? [ 1502.434441][ T2527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1502.443187][ T1849] usb 1-1: can't set config #0, error -71 [ 1502.461558][ T2527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1502.480845][ T1849] usb 1-1: USB disconnect, device number 39 [ 1502.495778][ T8956] Bluetooth: hci6: unexpected event 0x04 length: 14 > 10 [ 1502.762735][T13165] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1503.785293][ T2527] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1503.822282][ T2527] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1504.287184][T13172] tmpfs: Bad value for 'mpol' [ 1504.499051][ T8956] Bluetooth: hci6: command 0x0406 tx timeout [ 1505.626778][ T29] audit: type=1400 audit(1726655965.904:583): avc: denied { map } for pid=13183 comm="syz.1.1129" path="socket:[74096]" dev="sockfs" ino=74096 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1506.218920][ T5275] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1506.339990][ T29] audit: type=1400 audit(1726655965.904:584): avc: denied { read } for pid=13183 comm="syz.1.1129" path="socket:[74096]" dev="sockfs" ino=74096 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1506.406375][ T5275] usb 2-1: device descriptor read/64, error -71 [ 1506.738988][ T5275] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1506.858577][T10054] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1506.883688][T10054] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1506.897794][T10054] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1506.920472][ T5275] usb 2-1: device descriptor read/64, error -71 [ 1506.927365][T10054] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1506.937011][T10054] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1506.945492][T10054] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1507.039342][ T5275] usb usb2-port1: attempt power cycle [ 1507.214163][ T29] audit: type=1326 audit(1726655967.644:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13193 comm="syz.3.1131" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f844f17def9 code=0x0 [ 1507.610801][ T5275] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1507.665344][ T5275] usb 2-1: device descriptor read/8, error -71 [ 1508.777831][T13191] chnl_net:caif_netlink_parms(): no params data found [ 1508.979683][ T8956] Bluetooth: hci0: command tx timeout [ 1509.172776][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1509.431733][T13221] netlink: 'syz.2.1137': attribute type 1 has an invalid length. [ 1509.440094][T13221] netlink: 'syz.2.1137': attribute type 2 has an invalid length. [ 1509.564634][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1509.835632][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1510.072206][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1510.092870][ T29] audit: type=1326 audit(1726655970.524:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6aed7def9 code=0x7ffc0000 [ 1510.170704][ T29] audit: type=1326 audit(1726655970.564:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7fb6aed7def9 code=0x7ffc0000 [ 1510.195004][ T29] audit: type=1326 audit(1726655970.564:588): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6aed7def9 code=0x7ffc0000 [ 1510.219394][ T29] audit: type=1326 audit(1726655970.564:589): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6aed7def9 code=0x7ffc0000 [ 1510.243400][ T29] audit: type=1326 audit(1726655970.574:590): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb6aed7c890 code=0x7ffc0000 [ 1510.277697][ T29] audit: type=1326 audit(1726655970.574:591): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1510.338132][T13191] bridge0: port 1(bridge_slave_0) entered blocking state [ 1510.385753][ T29] audit: type=1326 audit(1726655970.574:592): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1510.438517][T13191] bridge0: port 1(bridge_slave_0) entered disabled state [ 1510.442391][T10258] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1510.450116][T13191] bridge_slave_0: entered allmulticast mode [ 1510.477912][T13191] bridge_slave_0: entered promiscuous mode [ 1510.522773][T13236] netlink: 'syz.2.1141': attribute type 10 has an invalid length. [ 1510.573604][ T8956] Bluetooth: hci4: unexpected event 0x04 length: 14 > 10 [ 1510.583496][T13236] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1510.625730][T13191] bridge0: port 2(bridge_slave_1) entered blocking state [ 1510.648608][T13191] bridge0: port 2(bridge_slave_1) entered disabled state [ 1511.120622][T13241] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1511.317026][T13191] bridge_slave_1: entered allmulticast mode [ 1511.509412][ T8956] Bluetooth: hci0: command tx timeout [ 1511.899564][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 1511.899586][ T29] audit: type=1326 audit(1726655972.334:601): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1511.950355][T10258] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 1511.963273][T10258] usb 2-1: config 0 has no interface number 0 [ 1511.987388][T10258] usb 2-1: New USB device found, idVendor=19d2, idProduct=0139, bcdDevice=c4.7f [ 1511.990528][T13191] bridge_slave_1: entered promiscuous mode [ 1512.016276][T10258] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1512.068926][ T29] audit: type=1326 audit(1726655972.364:602): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1512.092694][ C1] vkms_vblank_simulate: vblank timer overrun [ 1512.099393][T10258] usb 2-1: Product: syz [ 1512.103647][T10258] usb 2-1: Manufacturer: syz [ 1512.108321][T10258] usb 2-1: SerialNumber: syz [ 1512.167142][T10258] usb 2-1: config 0 descriptor?? [ 1512.196940][T10258] option 2-1:0.255: GSM modem (1-port) converter detected [ 1512.211203][ T29] audit: type=1326 audit(1726655972.364:603): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1512.542453][T13191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1512.551862][ T29] audit: type=1326 audit(1726655972.384:604): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1512.573799][T13191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1512.575574][ C1] vkms_vblank_simulate: vblank timer overrun [ 1512.599567][T10054] Bluetooth: hci4: command tx timeout [ 1512.765950][ T29] audit: type=1326 audit(1726655972.384:605): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1512.798124][ T29] audit: type=1326 audit(1726655972.394:606): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1513.197977][ T29] audit: type=1326 audit(1726655972.414:607): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1513.228851][ T29] audit: type=1326 audit(1726655972.414:608): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1513.629724][T10054] Bluetooth: hci0: command tx timeout [ 1514.100543][T13191] team0: Port device team_slave_0 added [ 1514.136178][ T29] audit: type=1326 audit(1726655972.414:609): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1514.159925][ C1] vkms_vblank_simulate: vblank timer overrun [ 1514.224265][ T29] audit: type=1326 audit(1726655972.414:610): auid=4294967295 uid=0 gid=60929 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13228 comm="syz.1.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6aed7dafb code=0x7ffc0000 [ 1514.771066][T13191] team0: Port device team_slave_1 added [ 1515.023934][T13255] fuse: Bad value for 'user_id' [ 1515.031191][T13255] fuse: Bad value for 'user_id' [ 1515.143369][ T36] bridge_slave_1: left allmulticast mode [ 1515.172770][ T36] bridge_slave_1: left promiscuous mode [ 1515.216440][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1515.312538][ T36] bridge_slave_0: left allmulticast mode [ 1515.318262][ T36] bridge_slave_0: left promiscuous mode [ 1515.402921][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1515.710291][T10054] Bluetooth: hci0: command tx timeout [ 1518.020189][T10054] Bluetooth: hci5: command tx timeout [ 1518.170997][T13278] fuse: Bad value for 'user_id' [ 1518.178852][T13278] fuse: Bad value for 'user_id' [ 1518.979747][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1519.023163][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1519.045316][ T36] bond0 (unregistering): Released all slaves [ 1519.110047][T13191] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1519.117069][T13191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1519.229091][T13191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1519.323716][T13191] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1519.338764][T13191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1519.400561][T13191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1519.422218][ T5274] usb 2-1: USB disconnect, device number 18 [ 1519.432426][ T5274] option 2-1:0.255: device disconnected [ 1519.661472][T13285] FAULT_INJECTION: forcing a failure. [ 1519.661472][T13285] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.919237][T13285] CPU: 1 UID: 0 PID: 13285 Comm: syz.0.1153 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1519.929741][T13285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1519.939853][T13285] Call Trace: [ 1519.943158][T13285] [ 1519.946106][T13285] dump_stack_lvl+0x16c/0x1f0 [ 1519.950820][T13285] should_fail_ex+0x497/0x5b0 [ 1519.955542][T13285] _copy_from_user+0x30/0xf0 [ 1519.960206][T13285] __sys_bpf+0x21c/0x49c0 [ 1519.964563][T13285] ? ksys_write+0x21c/0x260 [ 1519.969093][T13285] ? reacquire_held_locks+0x480/0x4c0 [ 1519.974508][T13285] ? __pfx___sys_bpf+0x10/0x10 [ 1519.979310][T13285] ? vfs_write+0x14d/0x1140 [ 1519.983860][T13285] ? __mutex_unlock_slowpath+0x164/0x650 [ 1519.989539][T13285] ? fput+0x30/0x390 [ 1519.993481][T13285] ? ksys_write+0x1ab/0x260 [ 1519.998017][T13285] ? __pfx_ksys_write+0x10/0x10 [ 1520.002913][T13285] __x64_sys_bpf+0x78/0xc0 [ 1520.007361][T13285] ? lockdep_hardirqs_on+0x7c/0x110 [ 1520.012601][T13285] do_syscall_64+0xcd/0x250 [ 1520.017175][T13285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.023110][T13285] RIP: 0033:0x7f22fed7def9 [ 1520.027550][T13285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1520.047188][T13285] RSP: 002b:00007f22fe7ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1520.055638][T13285] RAX: ffffffffffffffda RBX: 00007f22fef36058 RCX: 00007f22fed7def9 [ 1520.063629][T13285] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000000 [ 1520.071633][T13285] RBP: 00007f22fe7ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1520.079639][T13285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1520.087638][T13285] R13: 0000000000000000 R14: 00007f22fef36058 R15: 00007fffabc4c7a8 [ 1520.095654][T13285] [ 1520.252063][ T8956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1520.274915][ T8956] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1520.284019][ T8956] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1520.311163][T13289] fuse: Bad value for 'fd' [ 1520.318055][ T8956] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1520.331120][ T8956] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1520.341199][ T8956] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1520.778822][ T29] kauditd_printk_skb: 17 callbacks suppressed [ 1520.778847][ T29] audit: type=1326 audit(1726655981.204:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1520.886430][ T29] audit: type=1326 audit(1726655981.204:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1520.889336][T13191] hsr_slave_0: entered promiscuous mode [ 1520.945777][ T29] audit: type=1326 audit(1726655981.214:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1521.015375][T13191] hsr_slave_1: entered promiscuous mode [ 1521.038971][ T29] audit: type=1326 audit(1726655981.214:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1521.063656][T13191] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1521.098856][T13191] Cannot create hsr debugfs directory [ 1521.148163][ T29] audit: type=1326 audit(1726655981.214:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1521.392401][ T29] audit: type=1326 audit(1726655981.214:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1521.573680][ T29] audit: type=1326 audit(1726655981.214:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1521.603186][ T29] audit: type=1326 audit(1726655981.214:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1522.501847][ T8956] Bluetooth: hci1: command tx timeout [ 1522.558966][ T29] audit: type=1326 audit(1726655981.214:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1522.792573][ T29] audit: type=1326 audit(1726655981.214:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13293 comm="syz.0.1157" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22fed7def9 code=0x7ffc0000 [ 1522.820165][ T36] hsr_slave_0: left promiscuous mode [ 1522.872760][T10054] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1522.903893][ T36] hsr_slave_1: left promiscuous mode [ 1522.910384][T10054] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1522.939413][T10054] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1522.946873][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1522.957934][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1522.966525][T10054] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1522.977578][T10054] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1522.985695][T10054] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1523.084394][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1523.109190][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1523.204077][ T36] veth1_macvtap: left promiscuous mode [ 1523.225691][ T36] veth0_macvtap: left promiscuous mode [ 1523.246751][ T36] veth1_vlan: left promiscuous mode [ 1523.254906][ T36] veth0_vlan: left promiscuous mode [ 1524.588986][ T8956] Bluetooth: hci1: command tx timeout [ 1524.949693][T13318] fuse: Bad value for 'user_id' [ 1524.954598][T13318] fuse: Bad value for 'user_id' [ 1525.083988][ T8956] Bluetooth: hci3: command tx timeout [ 1525.988669][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1526.031278][ T5276] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1526.220040][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1526.242081][ T5276] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1526.304498][ T5276] usb 3-1: config 64 has an invalid interface number: 16 but max is 0 [ 1526.323374][ T5276] usb 3-1: config 64 has no interface number 0 [ 1526.358868][ T5276] usb 3-1: config 64 interface 16 altsetting 6 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1526.387713][ T5276] usb 3-1: config 64 interface 16 altsetting 6 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1526.412454][ T5276] usb 3-1: config 64 interface 16 altsetting 6 endpoint 0x8F has invalid maxpacket 57417, setting to 1024 [ 1526.443285][ T5276] usb 3-1: config 64 interface 16 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1526.498634][ T5276] usb 3-1: config 64 interface 16 has no altsetting 0 [ 1526.524128][ T5276] usb 3-1: string descriptor 0 read error: -22 [ 1526.555969][ T5276] usb 3-1: New USB device found, idVendor=040b, idProduct=6521, bcdDevice=3c.11 [ 1526.575461][ T5276] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1526.666260][ T8956] Bluetooth: hci1: command tx timeout [ 1526.929673][ T5276] rc_core: IR keymap rc-xbox-dvd not found [ 1526.935591][ T5276] Registered IR keymap rc-empty [ 1527.030717][ T5276] rc rc0: Xbox DVD USB Remote Control(040b,6521) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:64.16/rc/rc0 [ 1527.067735][ T5276] input: Xbox DVD USB Remote Control(040b,6521) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:64.16/rc/rc0/input30 [ 1527.139492][ T8956] Bluetooth: hci3: command tx timeout [ 1527.140440][ T5276] usb 3-1: USB disconnect, device number 14 [ 1527.140517][ C1] xbox_remote 3-1:64.16: xbox_remote_irq_in: usb_submit_urb()=-19 [ 1528.739204][ T8956] Bluetooth: hci1: command tx timeout [ 1529.138233][ T5274] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1529.219157][ T8956] Bluetooth: hci3: command tx timeout [ 1529.348888][ T5274] usb 3-1: Using ep0 maxpacket: 16 [ 1529.356703][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 7 [ 1529.388904][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 9272, setting to 1024 [ 1529.442676][ T5274] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1529.468895][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1529.479373][ T5274] usb 3-1: Product: syz [ 1529.483593][ T5274] usb 3-1: Manufacturer: syz [ 1529.514906][ T5274] usb 3-1: SerialNumber: syz [ 1529.550014][ T5274] usb 3-1: config 0 descriptor?? [ 1531.309189][ T8956] Bluetooth: hci3: command tx timeout [ 1531.585743][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1531.921445][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1531.974983][T10258] usb 3-1: USB disconnect, device number 15 [ 1532.294625][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1532.371803][T13286] chnl_net:caif_netlink_parms(): no params data found [ 1532.757078][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1533.959406][T13286] bridge0: port 1(bridge_slave_0) entered blocking state [ 1533.966679][T13286] bridge0: port 1(bridge_slave_0) entered disabled state [ 1533.989210][T13286] bridge_slave_0: entered allmulticast mode [ 1533.993185][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 1533.993210][ T29] audit: type=1326 audit(1726655994.424:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13348 comm="syz.2.1169" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13ef37def9 code=0x0 [ 1534.010667][T13286] bridge_slave_0: entered promiscuous mode [ 1534.161409][T13286] bridge0: port 2(bridge_slave_1) entered blocking state [ 1534.225372][T13286] bridge0: port 2(bridge_slave_1) entered disabled state [ 1534.264326][T13286] bridge_slave_1: entered allmulticast mode [ 1534.309780][T13286] bridge_slave_1: entered promiscuous mode [ 1534.377910][T13306] chnl_net:caif_netlink_parms(): no params data found [ 1534.479237][ T8543] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1534.693576][ T8543] usb 3-1: Using ep0 maxpacket: 32 [ 1534.762850][ T8543] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1534.801257][ T8543] usb 3-1: config 202 has an invalid interface number: 64 but max is 0 [ 1534.829901][ T8543] usb 3-1: config 202 has no interface number 0 [ 1534.836258][ T8543] usb 3-1: config 202 interface 64 has no altsetting 0 [ 1534.921353][ T8543] usb 3-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=aa.01 [ 1534.940951][ T8543] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1534.992859][ T8543] usb 3-1: Product: syz [ 1534.997089][ T8543] usb 3-1: Manufacturer: syz [ 1535.029899][ T8543] usb 3-1: SerialNumber: syz [ 1535.172277][T13286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1535.422282][T13191] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1535.627891][T13286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1535.685894][T13356] netlink: 'syz.2.1169': attribute type 4 has an invalid length. [ 1535.769562][T13191] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1535.863875][T13191] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1536.268973][T13191] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1536.420047][T13286] team0: Port device team_slave_0 added [ 1536.459229][ T36] bridge_slave_1: left allmulticast mode [ 1536.464980][ T36] bridge_slave_1: left promiscuous mode [ 1536.479413][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1536.576625][ T36] bridge_slave_0: left allmulticast mode [ 1536.630862][ T36] bridge_slave_0: left promiscuous mode [ 1536.637005][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1536.822055][T10054] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1536.835183][T10054] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1536.844551][T10054] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1536.896972][T10054] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1536.919331][T10054] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1536.929192][T10054] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1537.921594][ T8543] hub 3-1:202.64: bad descriptor, ignoring hub [ 1537.927956][ T8543] hub 3-1:202.64: probe with driver hub failed with error -5 [ 1537.996598][ T8543] gspca_main: conex-2.14.0 probing 0572:0041 [ 1538.412119][ T8543] usb 3-1: USB disconnect, device number 16 [ 1538.668449][T13364] fuse: Bad value for 'user_id' [ 1538.673627][T13364] fuse: Bad value for 'user_id' [ 1539.075874][ T8956] Bluetooth: hci2: command tx timeout [ 1539.525740][T13367] FAULT_INJECTION: forcing a failure. [ 1539.525740][T13367] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1539.551756][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1539.578889][T13367] CPU: 0 UID: 0 PID: 13367 Comm: syz.2.1172 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1539.589395][T13367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1539.599512][T13367] Call Trace: [ 1539.602796][T13367] [ 1539.605734][T13367] dump_stack_lvl+0x16c/0x1f0 [ 1539.610436][T13367] should_fail_ex+0x497/0x5b0 [ 1539.615134][T13367] _copy_from_user+0x30/0xf0 [ 1539.619751][T13367] __sys_bpf+0x21c/0x49c0 [ 1539.624093][T13367] ? ksys_write+0x21c/0x260 [ 1539.628634][T13367] ? reacquire_held_locks+0x480/0x4c0 [ 1539.634061][T13367] ? __pfx___sys_bpf+0x10/0x10 [ 1539.638852][T13367] ? vfs_write+0x14d/0x1140 [ 1539.643431][T13367] ? __mutex_unlock_slowpath+0x164/0x650 [ 1539.649138][T13367] ? fput+0x30/0x390 [ 1539.653092][T13367] ? ksys_write+0x1ab/0x260 [ 1539.657648][T13367] ? __pfx_ksys_write+0x10/0x10 [ 1539.662561][T13367] __x64_sys_bpf+0x78/0xc0 [ 1539.667031][T13367] ? lockdep_hardirqs_on+0x7c/0x110 [ 1539.672299][T13367] do_syscall_64+0xcd/0x250 [ 1539.676858][T13367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1539.682819][T13367] RIP: 0033:0x7f13ef37def9 [ 1539.687274][T13367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1539.706936][T13367] RSP: 002b:00007f13f0148038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1539.715413][T13367] RAX: ffffffffffffffda RBX: 00007f13ef535f80 RCX: 00007f13ef37def9 [ 1539.723450][T13367] RDX: 0000000000000090 RSI: 0000000020000200 RDI: 0000000000000005 [ 1539.731470][T13367] RBP: 00007f13f0148090 R08: 0000000000000000 R09: 0000000000000000 [ 1539.739507][T13367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1539.747531][T13367] R13: 0000000000000000 R14: 00007f13ef535f80 R15: 00007fffddc4ca18 [ 1539.755579][T13367] [ 1539.799818][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1539.848364][ T36] bond0 (unregistering): Released all slaves [ 1540.061291][T13286] team0: Port device team_slave_1 added [ 1540.843185][T13306] bridge0: port 1(bridge_slave_0) entered blocking state [ 1540.869131][T13306] bridge0: port 1(bridge_slave_0) entered disabled state [ 1540.876555][T13306] bridge_slave_0: entered allmulticast mode [ 1540.959009][T13306] bridge_slave_0: entered promiscuous mode [ 1540.997128][T13306] bridge0: port 2(bridge_slave_1) entered blocking state [ 1541.030097][T13306] bridge0: port 2(bridge_slave_1) entered disabled state [ 1541.037454][T13306] bridge_slave_1: entered allmulticast mode [ 1541.076657][T13306] bridge_slave_1: entered promiscuous mode [ 1541.138865][ T8956] Bluetooth: hci2: command tx timeout [ 1541.473848][T13286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1541.508947][T13286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1541.619338][T13286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1541.884484][T13286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1541.923109][T13286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1542.015318][T13286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1542.588528][T13306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1542.637453][T13306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1542.845007][T13286] hsr_slave_0: entered promiscuous mode [ 1542.872949][T13286] hsr_slave_1: entered promiscuous mode [ 1542.893820][T13286] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1542.908783][T13286] Cannot create hsr debugfs directory [ 1543.091801][ T36] hsr_slave_0: left promiscuous mode [ 1543.121170][ T36] hsr_slave_1: left promiscuous mode [ 1543.130404][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1543.147567][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1543.157670][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1543.173015][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1543.219503][ T8956] Bluetooth: hci2: command tx timeout [ 1543.250892][ T36] veth1_macvtap: left promiscuous mode [ 1543.256575][ T36] veth0_macvtap: left promiscuous mode [ 1543.272210][ T36] veth1_vlan: left promiscuous mode [ 1543.277689][ T36] veth0_vlan: left promiscuous mode [ 1545.320139][ T8956] Bluetooth: hci2: command tx timeout [ 1545.426449][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1545.573151][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1547.830839][T13306] team0: Port device team_slave_0 added [ 1547.898700][T13306] team0: Port device team_slave_1 added [ 1548.200237][T13306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1548.207250][T13306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1548.250267][T13306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1548.270940][T13306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1548.278104][T13306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1548.304200][T13306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1549.042837][T13306] hsr_slave_0: entered promiscuous mode [ 1549.062238][T13306] hsr_slave_1: entered promiscuous mode [ 1549.589022][T13359] chnl_net:caif_netlink_parms(): no params data found [ 1549.758174][T13286] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1549.951646][T13286] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1550.826379][T13191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1550.934851][T13286] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1551.163898][ T36] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1551.472401][T13286] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1551.621105][ T36] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1551.714300][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 1551.743731][T13403] fuse: Bad value for 'user_id' [ 1551.748691][T13403] fuse: Bad value for 'user_id' [ 1552.015146][ T36] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1552.088554][T13359] bridge0: port 1(bridge_slave_0) entered blocking state [ 1552.105475][T13359] bridge0: port 1(bridge_slave_0) entered disabled state [ 1552.127565][T13359] bridge_slave_0: entered allmulticast mode [ 1552.147661][T13359] bridge_slave_0: entered promiscuous mode [ 1552.211385][T13359] bridge0: port 2(bridge_slave_1) entered blocking state [ 1552.218635][T13359] bridge0: port 2(bridge_slave_1) entered disabled state [ 1552.280407][T13359] bridge_slave_1: entered allmulticast mode [ 1552.292305][T13359] bridge_slave_1: entered promiscuous mode [ 1552.395045][T13191] 8021q: adding VLAN 0 to HW filter on device team0 [ 1552.495975][ T36] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1552.577222][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 1552.584514][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1552.615313][T13359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1552.645696][T13359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1552.739945][ T2527] bridge0: port 2(bridge_slave_1) entered blocking state [ 1552.747221][ T2527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1552.978123][T13359] team0: Port device team_slave_0 added [ 1553.044525][T13359] team0: Port device team_slave_1 added [ 1553.317055][T13359] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1553.335322][T13359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1553.410704][T13359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1553.589292][T13286] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1553.644341][T13286] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1553.765781][T13359] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1553.784643][T13359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1553.823909][T13359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1553.964285][T13286] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1554.026182][ T36] bridge_slave_1: left allmulticast mode [ 1554.033061][ T36] bridge_slave_1: left promiscuous mode [ 1554.039245][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1554.138928][ T36] bridge_slave_0: left allmulticast mode [ 1554.151221][ T36] bridge_slave_0: left promiscuous mode [ 1554.163630][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1554.191638][ T36] bridge_slave_1: left allmulticast mode [ 1554.208920][ T36] bridge_slave_1: left promiscuous mode [ 1554.221460][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1554.248313][ T36] bridge_slave_0: left allmulticast mode [ 1554.263413][ T36] bridge_slave_0: left promiscuous mode [ 1554.275581][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1556.257854][ T8956] Bluetooth: hci5: unexpected event 0x04 length: 14 > 10 [ 1557.013919][T13421] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1558.260558][ T8956] Bluetooth: hci5: command tx timeout [ 1558.456824][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1558.470552][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1558.482941][ T36] bond0 (unregistering): Released all slaves [ 1558.859799][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1558.882078][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1558.949446][ T36] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1558.966744][ T36] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 1558.984922][ T36] bond0 (unregistering): Released all slaves [ 1559.017905][T13286] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1559.124223][T13425] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1184'. [ 1559.580810][T13359] hsr_slave_0: entered promiscuous mode [ 1559.599414][T13359] hsr_slave_1: entered promiscuous mode [ 1559.606811][T13359] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1559.619080][T13359] Cannot create hsr debugfs directory [ 1560.964499][ T8956] Bluetooth: hci5: unexpected event 0x04 length: 14 > 10 [ 1561.284308][T13441] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1561.406330][ T36] hsr_slave_0: left promiscuous mode [ 1561.413827][ T36] hsr_slave_1: left promiscuous mode [ 1561.433713][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1561.450460][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1561.464310][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1561.478809][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1561.520554][ T36] hsr_slave_0: left promiscuous mode [ 1561.538539][ T36] hsr_slave_1: left promiscuous mode [ 1561.547864][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1561.561821][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1561.573453][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1561.594276][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1561.694237][ T36] veth1_macvtap: left promiscuous mode [ 1561.700160][ T36] veth0_macvtap: left promiscuous mode [ 1561.706432][ T36] veth1_vlan: left promiscuous mode [ 1561.712424][ T36] veth0_vlan: left promiscuous mode [ 1561.720431][ T36] veth1_macvtap: left promiscuous mode [ 1561.726150][ T36] veth0_macvtap: left promiscuous mode [ 1561.732562][ T36] veth1_vlan: left promiscuous mode [ 1561.738270][ T36] veth0_vlan: left promiscuous mode [ 1562.776216][ T5209] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1562.979220][ T8956] Bluetooth: hci5: command tx timeout [ 1563.050831][ T5209] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1563.060358][ T5209] usb 3-1: config 1 has an invalid descriptor of length 110, skipping remainder of the config [ 1563.070729][ T5209] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1563.079941][ T5209] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 101, changing to 10 [ 1563.091682][ T5209] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 10100, setting to 1024 [ 1563.107626][ T5209] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1563.115272][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1563.116794][ T5209] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1563.132681][ T5209] usb 3-1: Product: syz [ 1563.136887][ T5209] usb 3-1: Manufacturer: syz [ 1563.147132][T13443] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1563.156795][ T5209] cdc_wdm 3-1:1.0: skipping garbage [ 1563.171263][ T5209] cdc_wdm 3-1:1.0: skipping garbage [ 1563.179082][ T5209] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 1563.185069][ T5209] cdc_wdm 3-1:1.0: Unknown control protocol [ 1563.236361][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1563.373906][ T5209] usb 3-1: USB disconnect, device number 17 [ 1565.059061][ T8956] Bluetooth: hci5: command 0x0406 tx timeout [ 1567.062776][ T8956] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1567.074809][ T8956] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1567.109488][ T8956] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1567.119891][ T8956] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1567.128171][ T8956] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1567.135939][ T8956] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1571.002400][ T8956] Bluetooth: hci4: command tx timeout [ 1571.480350][T10054] Bluetooth: hci5: unexpected event 0x04 length: 14 > 10 [ 1571.526211][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1573.302037][T13468] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1573.558095][T10054] Bluetooth: hci4: command tx timeout [ 1573.563965][T10054] Bluetooth: hci5: command 0x0406 tx timeout [ 1574.049654][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1574.826506][T10054] Bluetooth: hci5: unexpected event 0x04 length: 14 > 10 [ 1575.252659][T13480] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1575.628958][T10054] Bluetooth: hci4: command tx timeout [ 1575.741949][T13306] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1575.807623][T13306] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1575.914800][T13306] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1576.154464][T13306] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1576.462891][T13286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1576.790756][T13286] 8021q: adding VLAN 0 to HW filter on device team0 [ 1576.851648][T12546] bridge0: port 1(bridge_slave_0) entered blocking state [ 1576.858962][T12546] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1576.909484][T10054] Bluetooth: hci5: command 0x0406 tx timeout [ 1576.984433][ T2458] bridge0: port 2(bridge_slave_1) entered blocking state [ 1576.991767][ T2458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1577.383896][T13486] fuse: Bad value for 'user_id' [ 1577.411989][T13486] fuse: Bad value for 'user_id' [ 1577.445061][T13452] chnl_net:caif_netlink_parms(): no params data found [ 1577.682128][T13359] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1577.699116][T10054] Bluetooth: hci4: command tx timeout [ 1577.715075][T13359] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1577.875708][T13452] bridge0: port 1(bridge_slave_0) entered blocking state [ 1577.883259][T13452] bridge0: port 1(bridge_slave_0) entered disabled state [ 1577.890819][T13452] bridge_slave_0: entered allmulticast mode [ 1577.900630][T13452] bridge_slave_0: entered promiscuous mode [ 1577.910660][T13359] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1577.937738][T13306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1577.957907][T13452] bridge0: port 2(bridge_slave_1) entered blocking state [ 1577.965579][T13452] bridge0: port 2(bridge_slave_1) entered disabled state [ 1577.982103][T13452] bridge_slave_1: entered allmulticast mode [ 1577.994084][T13452] bridge_slave_1: entered promiscuous mode [ 1578.025815][T13359] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1578.157341][T13452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1578.190947][T13452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1578.384796][T13452] team0: Port device team_slave_0 added [ 1578.418847][T10476] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1578.513902][T13452] team0: Port device team_slave_1 added [ 1578.547454][T13306] 8021q: adding VLAN 0 to HW filter on device team0 [ 1578.644622][T10476] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1578.647199][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 1578.659717][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1578.660803][T10476] usb 3-1: config 64 has an invalid interface number: 16 but max is 0 [ 1578.675968][T10476] usb 3-1: config 64 has no interface number 0 [ 1578.685084][T10476] usb 3-1: config 64 interface 16 altsetting 6 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1578.699627][T10476] usb 3-1: config 64 interface 16 altsetting 6 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1578.715128][T13452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1578.718851][T10476] usb 3-1: config 64 interface 16 altsetting 6 endpoint 0x8F has invalid maxpacket 57417, setting to 1024 [ 1578.735648][T10476] usb 3-1: config 64 interface 16 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1578.735722][T13452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1578.750308][T10476] usb 3-1: config 64 interface 16 has no altsetting 0 [ 1578.791849][T13452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1578.792343][T10476] usb 3-1: string descriptor 0 read error: -22 [ 1578.810284][T10476] usb 3-1: New USB device found, idVendor=040b, idProduct=6521, bcdDevice=3c.11 [ 1578.814925][T13452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1578.826935][T10476] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1578.837180][T13452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1578.864212][T13452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1578.884709][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state [ 1578.892070][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1578.959641][T10476] rc_core: IR keymap rc-xbox-dvd not found [ 1578.966988][T10476] Registered IR keymap rc-empty [ 1579.000711][T10476] rc rc0: Xbox DVD USB Remote Control(040b,6521) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:64.16/rc/rc0 [ 1579.046095][T10476] input: Xbox DVD USB Remote Control(040b,6521) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:64.16/rc/rc0/input31 [ 1579.277137][T13452] hsr_slave_0: entered promiscuous mode [ 1579.319917][T13452] hsr_slave_1: entered promiscuous mode [ 1579.348993][T13452] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1579.356649][T13452] Cannot create hsr debugfs directory [ 1579.370392][ T1849] usb 3-1: USB disconnect, device number 18 [ 1579.370444][ C0] xbox_remote 3-1:64.16: xbox_remote_irq_in: usb_submit_urb()=-19 [ 1579.872334][ T8956] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1579.886351][ T8956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1579.902334][ T36] bridge_slave_1: left allmulticast mode [ 1579.908039][ T36] bridge_slave_1: left promiscuous mode [ 1579.918041][ T8956] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1579.936757][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1579.954609][ T8956] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1579.965091][ T8956] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1579.966412][ T36] bridge_slave_0: left allmulticast mode [ 1579.973146][ T8956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1579.981498][ T36] bridge_slave_0: left promiscuous mode [ 1579.991635][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1580.933003][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1581.003957][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1581.020804][ T36] bond0 (unregistering): Released all slaves [ 1581.467026][ T36] hsr_slave_0: left promiscuous mode [ 1581.533626][ T36] hsr_slave_1: left promiscuous mode [ 1581.565571][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1581.588290][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1582.019009][T10054] Bluetooth: hci0: command tx timeout [ 1582.533072][ T8956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1582.544541][ T8956] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1582.554411][ T8956] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1582.564567][ T8956] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1582.572742][ T8956] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1582.580741][ T8956] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1582.795508][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1582.891431][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1583.734125][T13513] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1197'. [ 1584.012357][T13359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1584.106695][T10054] Bluetooth: hci0: command tx timeout [ 1584.138354][T13359] 8021q: adding VLAN 0 to HW filter on device team0 [ 1584.315401][ T2458] bridge0: port 1(bridge_slave_0) entered blocking state [ 1584.322748][ T2458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1584.509613][ T2458] bridge0: port 2(bridge_slave_1) entered blocking state [ 1584.516922][ T2458] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1584.658988][T10054] Bluetooth: hci1: command tx timeout [ 1585.042872][T10054] Bluetooth: hci5: unexpected event 0x04 length: 14 > 10 [ 1585.607629][T13537] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1586.179359][T10054] Bluetooth: hci0: command tx timeout [ 1586.739527][T10054] Bluetooth: hci1: command tx timeout [ 1587.059107][T10054] Bluetooth: hci5: command 0x0406 tx timeout [ 1587.727026][T13514] chnl_net:caif_netlink_parms(): no params data found [ 1587.883314][T13502] chnl_net:caif_netlink_parms(): no params data found [ 1587.993224][T13452] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1588.017631][T13452] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1588.092008][T13452] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1588.118482][T13452] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1588.260176][T10054] Bluetooth: hci0: command tx timeout [ 1588.464253][T13514] bridge0: port 1(bridge_slave_0) entered blocking state [ 1588.471819][T13514] bridge0: port 1(bridge_slave_0) entered disabled state [ 1588.480337][T13514] bridge_slave_0: entered allmulticast mode [ 1588.490007][T13514] bridge_slave_0: entered promiscuous mode [ 1588.595919][T13562] openvswitch: netlink: Missing key (keys=100040, expected=200000) [ 1588.632060][T13514] bridge0: port 2(bridge_slave_1) entered blocking state [ 1588.649155][T13514] bridge0: port 2(bridge_slave_1) entered disabled state [ 1588.657879][T13514] bridge_slave_1: entered allmulticast mode [ 1588.666510][T13514] bridge_slave_1: entered promiscuous mode [ 1588.681766][T13359] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1588.820264][T10054] Bluetooth: hci1: command tx timeout [ 1588.864561][T13514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1588.874516][T13502] bridge0: port 1(bridge_slave_0) entered blocking state [ 1588.882322][T13502] bridge0: port 1(bridge_slave_0) entered disabled state [ 1588.891301][T13502] bridge_slave_0: entered allmulticast mode [ 1588.900746][T13502] bridge_slave_0: entered promiscuous mode [ 1588.957076][T13514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1589.004165][T13502] bridge0: port 2(bridge_slave_1) entered blocking state [ 1589.011584][T13502] bridge0: port 2(bridge_slave_1) entered disabled state [ 1589.019455][ T8543] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1589.020176][T13502] bridge_slave_1: entered allmulticast mode [ 1589.038346][T13502] bridge_slave_1: entered promiscuous mode [ 1589.173318][T13502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1589.194344][T13514] team0: Port device team_slave_0 added [ 1589.208377][T13514] team0: Port device team_slave_1 added [ 1589.227066][ T8543] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1589.233646][T13502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1589.236679][ T8543] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1589.255328][ T8543] usb 3-1: Product: syz [ 1589.264111][ T8543] usb 3-1: Manufacturer: syz [ 1589.275191][ T8543] usb 3-1: SerialNumber: syz [ 1589.284115][ T8543] usb 3-1: config 0 descriptor?? [ 1589.379280][T13502] team0: Port device team_slave_0 added [ 1589.412987][T13514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1589.420258][T13514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1589.448025][T13514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1589.480915][T13502] team0: Port device team_slave_1 added [ 1589.488505][T13514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1589.498453][T13514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1589.511290][ T8543] hso 3-1:0.0: Failed to find BULK IN ep [ 1589.526289][T13514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1589.546069][ T8543] usb-storage 3-1:0.0: USB Mass Storage device detected [ 1589.702345][T13502] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1589.713390][T13502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1589.738578][ T25] usb 3-1: USB disconnect, device number 19 [ 1589.740342][T13502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1589.761291][T13502] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1589.768375][T13502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1589.796603][T13502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1589.912401][T13514] hsr_slave_0: entered promiscuous mode [ 1589.922076][T13514] hsr_slave_1: entered promiscuous mode [ 1589.928646][T13514] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1589.937838][T13514] Cannot create hsr debugfs directory [ 1590.097897][T13359] veth0_vlan: entered promiscuous mode [ 1590.159105][ T36] bridge_slave_1: left allmulticast mode [ 1590.164829][ T36] bridge_slave_1: left promiscuous mode [ 1590.171316][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1590.184175][ T36] bridge_slave_0: left allmulticast mode [ 1590.190672][ T36] bridge_slave_0: left promiscuous mode [ 1590.196464][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1590.217638][ T36] bridge_slave_1: left allmulticast mode [ 1590.223850][ T36] bridge_slave_1: left promiscuous mode [ 1590.231661][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1590.244931][ T36] bridge_slave_0: left allmulticast mode [ 1590.253756][ T36] bridge_slave_0: left promiscuous mode [ 1590.261342][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1590.900268][T10054] Bluetooth: hci1: command tx timeout [ 1591.502696][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1591.516624][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1591.530022][ T36] bond0 (unregistering): Released all slaves [ 1591.802119][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1591.815443][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1591.833604][ T36] bond0 (unregistering): Released all slaves [ 1591.862748][T13502] hsr_slave_0: entered promiscuous mode [ 1591.870168][T13502] hsr_slave_1: entered promiscuous mode [ 1591.876842][T13502] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1591.897137][T13502] Cannot create hsr debugfs directory [ 1592.061872][T13575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1211'. [ 1592.205603][ T36] hsr_slave_0: left promiscuous mode [ 1592.212439][ T36] hsr_slave_1: left promiscuous mode [ 1592.218660][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1592.227025][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1592.254461][ T36] hsr_slave_0: left promiscuous mode [ 1592.267869][ T36] hsr_slave_1: left promiscuous mode [ 1592.275548][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1592.285455][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1592.428822][ T5209] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1592.661775][ T5209] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1592.682409][ T5209] usb 3-1: New USB device found, idVendor=0471, idProduct=0310, bcdDevice=e4.df [ 1592.692317][ T5209] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1592.705658][ T5209] usb 3-1: config 0 descriptor?? [ 1592.721136][ T5209] pwc: Philips PCVC730K (ToUCam Fun)/PCVC830 (ToUCam II) USB webcam detected. [ 1592.819905][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1592.913646][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1592.946919][ T5209] pwc: Failed to set LED on/off time (-71) [ 1592.958902][ T5209] pwc: send_video_command error -71 [ 1592.964385][ T5209] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 1592.977622][ T5209] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 1592.990355][ T5209] usb 3-1: USB disconnect, device number 20 [ 1593.958246][T10258] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1594.157535][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1594.185314][T10258] usb 3-1: Using ep0 maxpacket: 16 [ 1594.209198][T10258] usb 3-1: config 0 has an invalid interface number: 251 but max is 0 [ 1594.217548][T10258] usb 3-1: config 0 has no interface number 0 [ 1594.231817][T10258] usb 3-1: config 0 interface 251 altsetting 0 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1594.248148][T10258] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0006, bcdDevice=81.7b [ 1594.257369][T10258] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1594.266160][T10258] usb 3-1: Product: syz [ 1594.270506][T10258] usb 3-1: Manufacturer: syz [ 1594.275154][T10258] usb 3-1: SerialNumber: syz [ 1594.283954][T10258] usb 3-1: config 0 descriptor?? [ 1594.285128][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1594.294323][T10258] ati_remote 3-1:0.251: ati_remote_probe: Unexpected endpoint_in [ 1594.542771][T10258] usb 3-1: USB disconnect, device number 21 [ 1595.532787][ T5209] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 1595.754827][T13452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1595.777985][ T5209] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1595.790865][ T5209] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1595.836240][ T5209] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1595.863301][ T5209] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1595.872945][ T5209] usb 3-1: Product: syz [ 1595.877178][ T5209] usb 3-1: Manufacturer: syz [ 1595.900767][ T5209] usb 3-1: SerialNumber: syz [ 1595.923291][ T8956] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1595.935937][ T8956] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1595.974627][ T8956] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1595.999345][ T8956] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1596.022292][ T8956] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1596.038510][ T8956] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1596.201839][ T5209] usb 3-1: 0:2 : does not exist [ 1596.231391][ T5209] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1596.270714][ T5209] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1596.334188][ T5209] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1596.378041][T13452] 8021q: adding VLAN 0 to HW filter on device team0 [ 1596.389737][ T5209] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1596.424699][ T5209] usb 3-1: USB disconnect, device number 22 [ 1596.635171][ T2464] bridge0: port 1(bridge_slave_0) entered blocking state [ 1596.642554][ T2464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1596.677968][ T2464] bridge0: port 2(bridge_slave_1) entered blocking state [ 1596.685238][ T2464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1596.936597][T13591] sg_write: process 262 (syz.2.1217) changed security contexts after opening file descriptor, this is not allowed. [ 1596.951530][T13591] program syz.2.1217 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1597.243143][T13587] chnl_net:caif_netlink_parms(): no params data found [ 1597.311862][ T5342] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1597.531152][ T5342] usb 3-1: Using ep0 maxpacket: 32 [ 1597.542922][ T5342] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1597.579067][ T5342] usb 3-1: config 2 has an invalid interface number: 147 but max is 0 [ 1597.587303][ T5342] usb 3-1: config 2 has no interface number 0 [ 1597.601500][ T5342] usb 3-1: config 2 interface 147 has no altsetting 0 [ 1597.631079][ T5342] usb 3-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=c8.8e [ 1597.658752][ T5342] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1597.667086][ T5342] usb 3-1: Product: syz [ 1597.679976][ T5342] usb 3-1: Manufacturer: syz [ 1597.684721][ T5342] usb 3-1: SerialNumber: syz [ 1597.790681][T13587] bridge0: port 1(bridge_slave_0) entered blocking state [ 1597.803857][T13587] bridge0: port 1(bridge_slave_0) entered disabled state [ 1597.819916][T13587] bridge_slave_0: entered allmulticast mode [ 1597.829963][T13587] bridge_slave_0: entered promiscuous mode [ 1597.876461][T13514] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1597.898018][T13452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1597.915667][T13587] bridge0: port 2(bridge_slave_1) entered blocking state [ 1597.920471][ T5342] ims_pcu 3-1:2.147: probe with driver ims_pcu failed with error -22 [ 1597.932668][T13587] bridge0: port 2(bridge_slave_1) entered disabled state [ 1597.944864][ T5342] usb 3-1: USB disconnect, device number 23 [ 1597.959035][T13587] bridge_slave_1: entered allmulticast mode [ 1597.967848][T13587] bridge_slave_1: entered promiscuous mode [ 1598.013641][T13514] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1598.099378][T10054] Bluetooth: hci3: command tx timeout [ 1598.138865][T13514] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1598.151894][T13514] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1598.248138][T13587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1598.330160][T13587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1598.517887][T13587] team0: Port device team_slave_0 added [ 1598.553747][T13502] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1598.605282][T13587] team0: Port device team_slave_1 added [ 1598.650909][T13502] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1598.752533][T13587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1598.759781][T13587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1598.785935][T13587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1598.807972][T13502] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1598.852955][T13587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1598.865529][T13587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1598.898875][T13587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1598.974848][T13502] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1599.043246][ T36] bridge_slave_1: left allmulticast mode [ 1599.052264][ T36] bridge_slave_1: left promiscuous mode [ 1599.058132][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1599.074049][ T36] bridge_slave_0: left allmulticast mode [ 1599.080273][ T36] bridge_slave_0: left promiscuous mode [ 1599.086049][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1599.256352][T10476] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1599.488242][T10476] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1599.497743][T10476] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1599.506081][T10476] usb 3-1: Product: syz [ 1599.510527][T10476] usb 3-1: Manufacturer: syz [ 1599.515190][T10476] usb 3-1: SerialNumber: syz [ 1599.528371][T10476] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1599.797991][ T5342] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1599.807666][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1599.836668][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1599.853178][ T36] bond0 (unregistering): Released all slaves [ 1599.963524][T13587] hsr_slave_0: entered promiscuous mode [ 1599.975542][T13587] hsr_slave_1: entered promiscuous mode [ 1600.113588][ T36] hsr_slave_0: left promiscuous mode [ 1600.120550][ T36] hsr_slave_1: left promiscuous mode [ 1600.127168][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1600.135704][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1600.167026][ T36] veth0_vlan: left promiscuous mode [ 1600.179450][T10054] Bluetooth: hci3: command tx timeout [ 1600.447471][ C0] usb 3-1: ath9k_htc: over RX MAX_PKT_NUM [ 1600.654298][ T5303] usb 3-1: USB disconnect, device number 24 [ 1600.909175][ T5342] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1600.918011][ T5342] ath9k_htc: Failed to initialize the device [ 1600.947029][ T5303] usb 3-1: ath9k_htc: USB layer deinitialized [ 1600.958572][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1601.055206][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1602.070220][T13452] veth0_vlan: entered promiscuous mode [ 1602.262171][T10054] Bluetooth: hci3: command tx timeout [ 1602.483338][T13452] veth1_vlan: entered promiscuous mode [ 1602.612963][T13622] hsr0: entered allmulticast mode [ 1602.619923][T13622] hsr_slave_0: entered allmulticast mode [ 1602.626158][T13622] hsr_slave_1: entered allmulticast mode [ 1602.855150][T13514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1602.945937][T13452] veth0_macvtap: entered promiscuous mode [ 1603.002137][T13452] veth1_macvtap: entered promiscuous mode [ 1603.083134][T13502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1603.106882][T13514] 8021q: adding VLAN 0 to HW filter on device team0 [ 1603.226317][T13452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1603.239089][T13452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1603.254606][T13452] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1603.296384][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 1603.303838][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1603.319093][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state [ 1603.326383][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1603.375432][T13452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1603.395546][T13452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1603.409070][T13452] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1603.514628][T13502] 8021q: adding VLAN 0 to HW filter on device team0 [ 1603.535410][T13587] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1603.555163][T13587] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1603.568397][T13587] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1603.639907][T13452] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1603.648659][T13452] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1603.667606][T13452] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1603.690072][T13452] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1603.714892][T13587] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1603.766103][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 1603.773451][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1603.815536][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1603.822875][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1604.130930][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1604.151876][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1604.284839][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1604.307122][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1604.340095][T10054] Bluetooth: hci3: command tx timeout [ 1604.521178][T13587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1604.636342][T13587] 8021q: adding VLAN 0 to HW filter on device team0 [ 1604.664581][T13514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1604.695892][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1604.703226][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1604.757545][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 1604.764994][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1605.061159][ T29] audit: type=1400 audit(1726656065.484:645): avc: denied { name_bind } for pid=13650 comm="syz.4.1232" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 1605.089318][T13502] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1605.100126][ T29] audit: type=1400 audit(1726656065.494:646): avc: denied { name_connect } for pid=13650 comm="syz.4.1232" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 1605.180150][ T29] audit: type=1400 audit(1726656065.614:647): avc: denied { ioctl } for pid=13648 comm="syz.2.1231" path="/88/file0/file0" dev="fuse" ino=0 ioctlcmd=0x31f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 1605.255200][T13514] veth0_vlan: entered promiscuous mode [ 1605.392614][T13514] veth1_vlan: entered promiscuous mode [ 1605.552523][T13502] veth0_vlan: entered promiscuous mode [ 1605.685986][T13502] veth1_vlan: entered promiscuous mode [ 1605.761200][T13514] veth0_macvtap: entered promiscuous mode [ 1605.806471][T13514] veth1_macvtap: entered promiscuous mode [ 1605.955528][T13502] veth0_macvtap: entered promiscuous mode [ 1605.986926][T13587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1606.007548][T13514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1606.029464][T13514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.045829][T13514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1606.056482][T13514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.079610][T13514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1606.122917][T13502] veth1_macvtap: entered promiscuous mode [ 1606.154850][T13514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1606.170727][T13514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.188791][T13514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1606.200254][T13514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.212621][T13514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1606.267619][T13514] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.289629][T13514] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.300313][T13514] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.309713][T13514] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.386931][T13502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1606.404674][T13502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.415269][T13502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1606.434379][T13502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.444984][T13502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1606.455881][T13502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.473216][T13502] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1606.523293][T13502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1606.535002][T13502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.546275][T13502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1606.556889][T13502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.566911][T13502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1606.578653][T13502] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1606.599671][T13502] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1606.656577][T13502] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.666492][ T5342] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1606.678829][T13502] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.687715][T13502] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.706379][T13502] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1606.802397][T13587] veth0_vlan: entered promiscuous mode [ 1606.871544][ T5342] usb 5-1: Using ep0 maxpacket: 8 [ 1606.899150][ T5342] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1606.943925][ T5342] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 1606.959398][ T5342] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 1606.967366][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1606.970255][ T5342] usb 5-1: SerialNumber: syz [ 1606.988063][ T5342] usb 5-1: config 0 descriptor?? [ 1606.998108][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1607.010062][ T5342] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 1607.029295][ T5342] usb 5-1: No streaming interface found for terminal 36. [ 1607.065721][T13587] veth1_vlan: entered promiscuous mode [ 1607.174813][ T2464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1607.206091][ T2464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1607.254346][T10476] usb 5-1: USB disconnect, device number 25 [ 1607.370151][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1607.394403][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1607.470326][ T29] audit: type=1326 audit(1726656067.904:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13683 comm="syz.1.1155" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3cdaf7def9 code=0x0 [ 1607.487237][T13587] veth0_macvtap: entered promiscuous mode [ 1607.516024][ T47] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 1607.540044][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1607.556140][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1607.572468][T13587] veth1_macvtap: entered promiscuous mode [ 1607.885803][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1607.897296][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1607.907331][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1607.918096][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1607.928834][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1607.931956][ T47] usb 3-1: config 0 has an invalid interface number: 16 but max is 0 [ 1607.954192][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1607.960048][ T47] usb 3-1: config 0 has no interface number 0 [ 1607.969499][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1607.980736][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1607.994507][ T47] usb 3-1: config 0 interface 16 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1607.996991][T13587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1608.013267][ T47] usb 3-1: config 0 interface 16 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 1608.028024][ T47] usb 3-1: config 0 interface 16 altsetting 0 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 1608.044925][ T47] usb 3-1: config 0 interface 16 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89 [ 1608.064700][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1608.080782][ T47] usb 3-1: config 0 interface 16 altsetting 0 endpoint 0x89 has an invalid bInterval 118, changing to 10 [ 1608.096668][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1608.116496][ T47] usb 3-1: config 0 interface 16 altsetting 0 endpoint 0x89 has invalid maxpacket 17628, setting to 1024 [ 1608.128113][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1608.154979][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1608.155039][ T47] usb 3-1: config 0 interface 16 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 1608.190410][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1608.190774][ T47] usb 3-1: New USB device found, idVendor=12d1, idProduct=c301, bcdDevice=85.83 [ 1608.201079][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1608.201104][T13587] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1608.230924][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1608.297882][T13690] FAULT_INJECTION: forcing a failure. [ 1608.297882][T13690] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1608.311171][T13690] CPU: 1 UID: 0 PID: 13690 Comm: syz.3.1151 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1608.321636][T13690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1608.331713][T13690] Call Trace: [ 1608.335015][T13690] [ 1608.337963][T13690] dump_stack_lvl+0x16c/0x1f0 [ 1608.342679][T13690] should_fail_ex+0x497/0x5b0 [ 1608.347412][T13690] _copy_from_user+0x30/0xf0 [ 1608.352049][T13690] move_addr_to_kernel+0x68/0x160 [ 1608.357109][T13690] __sys_bind+0xc4/0x220 [ 1608.361390][T13690] ? __pfx___sys_bind+0x10/0x10 [ 1608.366295][T13690] __x64_sys_bind+0x72/0xb0 [ 1608.370845][T13690] do_syscall_64+0xcd/0x250 [ 1608.375382][T13690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1608.381322][T13690] RIP: 0033:0x7f97ea57def9 [ 1608.385762][T13690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1608.405397][T13690] RSP: 002b:00007f97eb337038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1608.413835][T13690] RAX: ffffffffffffffda RBX: 00007f97ea736130 RCX: 00007f97ea57def9 [ 1608.421832][T13690] RDX: 0000000000000006 RSI: 0000000020000000 RDI: 0000000000000008 [ 1608.429853][T13690] RBP: 00007f97eb337090 R08: 0000000000000000 R09: 0000000000000000 [ 1608.437850][T13690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1608.445843][T13690] R13: 0000000000000000 R14: 00007f97ea736130 R15: 00007ffe21394db8 [ 1608.453962][T13690] [ 1608.457017][ C1] vkms_vblank_simulate: vblank timer overrun [ 1608.657241][ T47] usb 3-1: config 0 descriptor?? [ 1608.698790][T13587] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1608.741543][T13682] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1608.758654][T13587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1608.766428][ T47] option 3-1:0.16: GSM modem (1-port) converter detected [ 1608.849989][T13587] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1608.928999][T13587] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1608.964965][T13587] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1609.042825][T13587] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1609.125972][T10476] usb 3-1: USB disconnect, device number 25 [ 1609.148663][T10476] option 3-1:0.16: device disconnected [ 1609.508516][ T1117] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1609.532449][ T1117] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1609.602913][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1609.612310][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1609.682736][T13708] netlink: 'syz.4.1252': attribute type 15 has an invalid length. [ 1610.159036][ T5274] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1610.271613][ T29] audit: type=1400 audit(1726656070.704:649): avc: denied { shutdown } for pid=13720 comm="syz.4.1257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 1610.371736][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1610.383150][ T5274] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1610.395496][ T5274] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1610.408618][ T5274] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1610.432497][ T5274] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1610.452727][ T5274] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1610.539930][ T5274] usb 3-1: config 0 descriptor?? [ 1610.832367][ T5274] hdpvr 3-1:0.0: firmware version 0xa dated £üxÇ)8µŸ)ìF0-]ìg¿dX‡ [ 1610.832367][ T5274] ¹6É««}(û­Âó‰Ñ@&u‚DLK [ 1610.852617][ T5274] hdpvr 3-1:0.0: untested firmware, the driver might not work. [ 1610.868845][ T47] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1611.063263][ T47] usb 5-1: Using ep0 maxpacket: 16 [ 1611.075462][ T47] usb 5-1: config 0 has an invalid interface number: 26 but max is 0 [ 1611.088773][ T47] usb 5-1: config 0 has no interface number 0 [ 1611.114084][ T47] usb 5-1: New USB device found, idVendor=0130, idProduct=0130, bcdDevice=a7.1c [ 1611.128796][ T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1611.148534][ T47] usb 5-1: Product: syz [ 1611.158659][ T47] usb 5-1: Manufacturer: syz [ 1611.168942][ T47] usb 5-1: SerialNumber: syz [ 1611.180333][ T47] usb 5-1: config 0 descriptor?? [ 1611.201011][ T47] gspca_main: spca508-2.14.0 probing 0130:0130 [ 1611.309303][ T1849] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1611.326378][ T5274] hdpvr 3-1:0.0: Could not setup controls [ 1611.347035][ T5274] hdpvr 3-1:0.0: registering videodev failed [ 1611.409350][ T47] gspca_spca508: reg_read err -32 [ 1611.412611][ T5274] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -71 [ 1611.417409][ T47] gspca_spca508: reg_read err -32 [ 1611.475609][ T5274] usb 3-1: USB disconnect, device number 26 [ 1611.529173][ T1849] usb 4-1: Using ep0 maxpacket: 8 [ 1611.558499][ T1849] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 1611.576553][ T1849] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1611.589367][ T1849] usb 4-1: Product: syz [ 1611.593634][ T1849] usb 4-1: Manufacturer: syz [ 1611.598298][ T1849] usb 4-1: SerialNumber: syz [ 1611.624733][ T1849] usb 4-1: config 0 descriptor?? [ 1611.631261][ T47] gspca_spca508: reg_read err -71 [ 1611.648787][ T47] gspca_spca508: reg_read err -71 [ 1611.667575][ T47] gspca_spca508: reg write: error -71 [ 1611.677686][ T47] spca508 5-1:0.26: probe with driver spca508 failed with error -71 [ 1611.709506][ T47] usb 5-1: USB disconnect, device number 26 [ 1611.872747][ T1849] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1612.370083][ T5274] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 1612.418753][ T29] audit: type=1400 audit(1726656072.844:650): avc: denied { read } for pid=13752 comm="syz.4.1272" path="socket:[80707]" dev="sockfs" ino=80707 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 1612.445136][T13753] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1272'. [ 1612.456646][T13753] netlink: 'syz.4.1272': attribute type 7 has an invalid length. [ 1612.494201][T13753] netlink: 'syz.4.1272': attribute type 8 has an invalid length. [ 1612.526034][T13753] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1272'. [ 1612.593322][ T5274] usb 2-1: Using ep0 maxpacket: 8 [ 1612.623595][ T5274] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 1612.643617][ T5274] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1612.663491][ T5274] usb 2-1: Product: syz [ 1612.678211][ T5274] usb 2-1: Manufacturer: syz [ 1612.688143][ T5274] usb 2-1: SerialNumber: syz [ 1612.696547][ T1849] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1612.708330][ T5274] usb 2-1: config 0 descriptor?? [ 1612.729850][ T1849] usb 4-1: USB disconnect, device number 32 [ 1612.946338][ T5274] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1613.099023][T10258] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 1613.159068][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 1613.305925][T10258] usb 1-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=c2.c6 [ 1613.324580][T10258] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1613.363817][T10258] usb 1-1: config 0 descriptor?? [ 1613.414600][ T5274] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1613.444477][ T5274] usb 2-1: USB disconnect, device number 19 [ 1613.766834][T13787] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1288'. [ 1613.798090][T13787] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1288'. [ 1613.837307][T10258] mxuport 1-1:0.0: mxuport_recv_ctrl_urb - short read (0 / 4) [ 1613.845730][T13787] gretap0: entered promiscuous mode [ 1613.851619][T10258] mxuport 1-1:0.0: probe with driver mxuport failed with error -5 [ 1613.864415][T13787] batadv_slave_1: entered promiscuous mode [ 1613.879109][ T5342] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 1614.096186][ T5342] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1614.128068][ T5342] usb 3-1: not running at top speed; connect to a high speed hub [ 1614.148588][ T5342] usb 3-1: config 3 has an invalid interface number: 171 but max is 0 [ 1614.154035][ T1849] usb 1-1: USB disconnect, device number 40 [ 1614.167530][ T5342] usb 3-1: config 3 has no interface number 0 [ 1614.189299][ T5342] usb 3-1: config 3 interface 171 has no altsetting 0 [ 1614.216223][ T5342] usb 3-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=29.3b [ 1614.237762][ T5342] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1614.256076][ T5342] usb 3-1: Product: syz [ 1614.268215][ T5342] usb 3-1: Manufacturer: syz [ 1614.273207][ T5342] usb 3-1: SerialNumber: syz [ 1614.446597][ T29] audit: type=1400 audit(1726656074.874:651): avc: denied { read } for pid=13801 comm="syz.1.1296" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1614.495119][ T29] audit: type=1400 audit(1726656074.894:652): avc: denied { open } for pid=13801 comm="syz.1.1296" path="/10/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1614.538960][ T5274] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1614.572066][ T5342] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 1614.608218][ T5342] usb 3-1: USB disconnect, device number 27 [ 1614.637711][ T29] audit: type=1400 audit(1726656075.064:653): avc: denied { unmount } for pid=13514 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1614.769093][ T5274] usb 5-1: Using ep0 maxpacket: 32 [ 1614.789982][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1614.811744][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1614.827162][ T5274] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1614.836426][ T5274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1614.866240][ T5274] usb 5-1: config 0 descriptor?? [ 1614.884057][ T5274] hub 5-1:0.0: USB hub found [ 1614.928435][ T29] audit: type=1400 audit(1726656075.354:654): avc: denied { create } for pid=13812 comm="syz.3.1301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1614.970123][ T29] audit: type=1400 audit(1726656075.354:655): avc: denied { connect } for pid=13812 comm="syz.3.1301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1615.068818][ T1849] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 1615.107417][ T5274] hub 5-1:0.0: 1 port detected [ 1615.286459][ T1849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1615.300466][T13821] No control pipe specified [ 1615.313672][ T1849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1615.340479][ T1849] usb 2-1: New USB device found, idVendor=0c70, idProduct=f012, bcdDevice= 0.00 [ 1615.355563][ T1849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1615.382897][ T1849] usb 2-1: config 0 descriptor?? [ 1615.641321][T13119] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1615.773174][ T5274] hub 5-1:0.0: activate --> -90 [ 1615.855349][T13119] usb 3-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1615.884897][T13119] usb 3-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1615.896297][ T1849] aquacomputer_d5next 0003:0C70:F012.0009: unknown main item tag 0x0 [ 1615.913324][T13119] usb 3-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1615.937381][ T1849] aquacomputer_d5next 0003:0C70:F012.0009: hidraw0: USB HID v0.00 Device [HID 0c70:f012] on usb-dummy_hcd.1-1/input0 [ 1615.949768][T13834] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1310'. [ 1615.963091][T13119] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1615.972226][T13119] usb 3-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00 [ 1615.985423][T13119] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1616.013948][T13119] usb 3-1: config 0 descriptor?? [ 1616.092865][ T1849] usb 2-1: USB disconnect, device number 20 [ 1616.147472][T13837] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1312'. [ 1616.394410][ T5274] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 1616.411202][ T5209] usb 5-1: USB disconnect, device number 27 [ 1616.417473][ T5274] usb 5-1-port1: cannot reset (err = -71) [ 1616.437733][ T5274] usb 5-1-port1: Cannot enable. Maybe the USB cable is bad? [ 1616.456814][ T5274] usb 5-1-port1: attempt power cycle [ 1616.462633][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.462744][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.462784][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.462822][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.462861][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.462899][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.462937][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.462975][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463013][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463050][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463089][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463127][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463173][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463212][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463251][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463290][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463329][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463368][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463407][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463444][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463482][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463521][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463559][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463598][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463637][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463675][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463714][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463752][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463791][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463828][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463867][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463905][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463942][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.463980][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.471038][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.471085][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.471124][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.471164][T13119] asus 0003:0B05:1ABE.000A: unknown main item tag 0x0 [ 1616.527497][T13119] asus 0003:0B05:1ABE.000A: hidraw0: USB HID v0.00 Device [HID 0b05:1abe] on usb-dummy_hcd.2-1/input0 [ 1616.703616][T13844] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 1616.796989][T13119] asus 0003:0B05:1ABE.000A: Asus input not registered [ 1616.815780][T13119] asus 0003:0B05:1ABE.000A: probe with driver asus failed with error -12 [ 1616.840343][T13119] usb 3-1: USB disconnect, device number 28 [ 1616.897196][T13846] No control pipe specified [ 1616.938949][T10258] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1617.131833][T10258] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1617.142363][T10258] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1617.176570][T10258] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1617.217362][T10258] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1617.248946][T10258] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1617.258093][T10258] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1617.302817][ T29] audit: type=1400 audit(1726656077.734:656): avc: denied { mounton } for pid=13856 comm="syz.0.1320" path="/proc/37/ns/mnt" dev="proc" ino=81086 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lnk_file permissive=1 [ 1617.319264][T10258] usb 4-1: config 0 descriptor?? [ 1617.578900][T10258] hdpvr 4-1:0.0: firmware version 0xa dated £üxÇ)8µŸ)ìF0-]ìg¿dX‡ [ 1617.578900][T10258] ¹6É««}(û­Âó‰Ñ@&u‚DLK [ 1617.591261][T13863] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1323'. [ 1617.658175][T10258] hdpvr 4-1:0.0: untested firmware, the driver might not work. [ 1617.799495][T10258] hdpvr 4-1:0.0: device init failed [ 1617.804890][T10258] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 1617.876453][T10258] usb 4-1: USB disconnect, device number 33 [ 1618.078624][T13876] netlink: 4072 bytes leftover after parsing attributes in process `syz.0.1329'. [ 1618.106096][T13876] openvswitch: netlink: Actions may not be safe on all matching packets [ 1618.539155][ T29] audit: type=1400 audit(1726656078.934:657): avc: denied { bind } for pid=13887 comm="syz.4.1334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1618.855380][T13906] overlayfs: failed to decode file handle (len=7, type=251, flags=0, err=-61) [ 1618.876774][ T29] audit: type=1400 audit(1726656079.304:658): avc: denied { setattr } for pid=13903 comm="syz.3.1341" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1619.229028][ T5274] usb 1-1: new full-speed USB device number 41 using dummy_hcd [ 1619.419014][T10258] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1619.434884][ T5274] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 1619.448785][T13119] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1619.453888][ T5274] usb 1-1: config 0 has no interface number 0 [ 1619.478854][ T5274] usb 1-1: config 0 interface 51 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 1619.500629][ T5274] usb 1-1: config 0 interface 51 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1619.528875][ T5274] usb 1-1: New USB device found, idVendor=093a, idProduct=2620, bcdDevice=7e.68 [ 1619.551013][ T5274] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1619.572086][ T5274] usb 1-1: config 0 descriptor?? [ 1619.595655][ T5274] gspca_main: gspca_pac7302-2.14.0 probing 093a:2620 [ 1619.609841][T10258] usb 5-1: Using ep0 maxpacket: 32 [ 1619.618103][T10258] usb 5-1: config 0 has an invalid interface number: 136 but max is 0 [ 1619.629823][T13119] usb 2-1: Using ep0 maxpacket: 16 [ 1619.637343][T10258] usb 5-1: config 0 has no interface number 0 [ 1619.654253][T13119] usb 2-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 1619.668898][T13119] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1619.677266][T10258] usb 5-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 1619.698586][T13119] usb 2-1: Product: syz [ 1619.706432][T10258] usb 5-1: config 0 interface 136 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1619.723229][T13119] usb 2-1: Manufacturer: syz [ 1619.728245][T13119] usb 2-1: SerialNumber: syz [ 1619.744505][T10258] usb 5-1: config 0 interface 136 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 1619.760179][T13119] usb 2-1: config 0 descriptor?? [ 1619.772229][T10258] usb 5-1: config 0 interface 136 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 1619.793058][T13119] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 1619.807568][T10258] usb 5-1: config 0 interface 136 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1619.832754][T10258] usb 5-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0 [ 1619.858528][T10258] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1619.872538][T10258] usb 5-1: config 0 descriptor?? [ 1619.894190][T13937] binder: 13936:13937 ioctl c0306201 20000680 returned -14 [ 1619.895428][T10258] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1620.251556][T10258] usb 5-1: USB disconnect, device number 32 [ 1620.410661][ T5274] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1620.421005][ T5274] gspca_pac7302 1-1:0.51: probe with driver gspca_pac7302 failed with error -71 [ 1620.440706][T13119] gp8psk: usb out operation failed. [ 1620.449615][T13119] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1620.459210][ T5274] usb 1-1: USB disconnect, device number 41 [ 1620.479798][T13119] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 1620.510822][T13119] usb 2-1: media controller created [ 1620.622121][T13119] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1620.689398][T13119] gp8psk_fe: Frontend revision 1 attached [ 1620.701514][T13119] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 1620.722016][T13119] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 1620.947908][T13119] gp8psk: usb in 138 operation failed. [ 1620.966147][T13119] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 1621.010815][T13119] gp8psk: found Genpix USB device pID = 201 (hex) [ 1621.072754][T13119] usb 2-1: USB disconnect, device number 21 [ 1621.365787][T13119] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 1621.369007][ T5274] usb 5-1: new full-speed USB device number 33 using dummy_hcd [ 1621.426302][T13973] overlayfs: failed to resolve './file1': -2 [ 1621.469001][ T5209] usb 1-1: new full-speed USB device number 42 using dummy_hcd [ 1621.603599][ T5274] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1621.621102][ T5274] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1621.646622][ T5274] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1621.660651][ T5274] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1621.672995][ T5274] usb 5-1: Product: syz [ 1621.677668][ T5274] usb 5-1: Manufacturer: syz [ 1621.704497][ T5209] usb 1-1: config 0 has an invalid interface number: 229 but max is 0 [ 1621.713817][ T5209] usb 1-1: config 0 has no interface number 0 [ 1621.721825][ T5274] usb 5-1: SerialNumber: syz [ 1621.726731][ T5209] usb 1-1: config 0 interface 229 altsetting 0 endpoint 0x85 has invalid maxpacket 1023, setting to 64 [ 1621.732915][T13119] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1621.740314][ T5209] usb 1-1: config 0 interface 229 altsetting 0 endpoint 0x82 has invalid maxpacket 30578, setting to 64 [ 1621.768089][ T5209] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38 [ 1621.778899][ T5209] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1621.791718][ T5209] usb 1-1: Product: syz [ 1621.796526][ T5209] usb 1-1: Manufacturer: syz [ 1621.811739][ T5209] usb 1-1: SerialNumber: syz [ 1621.821267][ T5209] usb 1-1: config 0 descriptor?? [ 1621.830422][T13963] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1621.838975][ T5275] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1622.011414][ T5274] usb 5-1: 0:2 : does not exist [ 1622.017306][T13119] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1622.027765][ T5274] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1622.039556][T13119] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1622.048877][ T5275] usb 4-1: Using ep0 maxpacket: 8 [ 1622.059712][T13119] usb 2-1: Product: syz [ 1622.069261][T13119] usb 2-1: Manufacturer: syz [ 1622.074040][T13119] usb 2-1: SerialNumber: syz [ 1622.083408][ T5274] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1622.108995][ T5275] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 1622.110683][T13119] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1622.130977][ T5209] usb 1-1: USB disconnect, device number 42 [ 1622.148735][ T5275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1622.159464][ T5275] usb 4-1: Product: syz [ 1622.160992][T10258] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1622.165571][ T5275] usb 4-1: Manufacturer: syz [ 1622.213887][ T5275] usb 4-1: SerialNumber: syz [ 1622.234498][ T5275] usb 4-1: config 0 descriptor?? [ 1622.244578][ T5274] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 1622.277526][ T5274] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5) [ 1622.325330][ T5274] usb 5-1: USB disconnect, device number 33 [ 1622.530609][ T5275] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1623.381027][ T5275] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1623.425494][ T5275] usb 4-1: USB disconnect, device number 34 [ 1623.570791][ T5274] usb 3-1: new full-speed USB device number 29 using dummy_hcd [ 1623.735341][T13996] overlayfs: failed to resolve './file1': -2 [ 1623.771547][ T5274] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 1623.797510][ T5274] usb 3-1: config 0 has no interface number 0 [ 1623.809601][ T5274] usb 3-1: config 0 interface 51 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 1623.823595][ T5274] usb 3-1: config 0 interface 51 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1623.837862][ T5274] usb 3-1: New USB device found, idVendor=093a, idProduct=2620, bcdDevice=7e.68 [ 1623.847436][ T5274] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1623.861184][ T5274] usb 3-1: config 0 descriptor?? [ 1623.875237][ T5274] gspca_main: gspca_pac7302-2.14.0 probing 093a:2620 [ 1624.762418][ T5274] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 1624.778900][ T5274] gspca_pac7302 3-1:0.51: probe with driver gspca_pac7302 failed with error -71 [ 1624.843069][ T5274] usb 3-1: USB disconnect, device number 29 [ 1624.904079][T10258] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 1626.847198][ C1] hrtimer: interrupt took 19714624 ns [ 1627.949416][T14014] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.1392'. [ 1629.069475][T10476] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1629.248881][T10476] usb 1-1: Using ep0 maxpacket: 8 [ 1629.257388][T10476] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 1629.257438][T10476] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1629.257476][T10476] usb 1-1: Product: syz [ 1629.257505][T10476] usb 1-1: Manufacturer: syz [ 1629.257533][T10476] usb 1-1: SerialNumber: syz [ 1629.278145][T10476] usb 1-1: config 0 descriptor?? [ 1629.522800][T10476] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1630.009916][T14027] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1631.234427][T10476] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1632.670223][ T29] audit: type=1400 audit(1726656093.094:659): avc: denied { mounton } for pid=14045 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1632.719797][ T8956] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1632.723252][ T8956] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1632.725151][ T8956] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1632.727777][ T8956] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1632.729659][ T8956] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1632.731097][ T8956] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1633.419598][T14050] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1634.342287][T14045] chnl_net:caif_netlink_parms(): no params data found [ 1634.828976][ T8956] Bluetooth: hci2: command tx timeout [ 1635.379009][T10476] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1635.499243][T10054] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1635.507875][T10054] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1635.510985][T10054] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1635.513777][T10054] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1635.515029][T10054] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1635.515660][T10054] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1635.558191][T10476] usb 4-1: Using ep0 maxpacket: 16 [ 1635.573128][T10476] usb 4-1: config 0 has an invalid interface number: 26 but max is 0 [ 1635.573175][T10476] usb 4-1: config 0 has no interface number 0 [ 1635.591507][T10476] usb 4-1: New USB device found, idVendor=0130, idProduct=0130, bcdDevice=a7.1c [ 1635.591558][T10476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1635.591595][T10476] usb 4-1: Product: syz [ 1635.591622][T10476] usb 4-1: Manufacturer: syz [ 1635.591651][T10476] usb 4-1: SerialNumber: syz [ 1635.600646][T10476] usb 4-1: config 0 descriptor?? [ 1635.639847][T10476] gspca_main: spca508-2.14.0 probing 0130:0130 [ 1635.902996][T10476] gspca_spca508: reg_read err -32 [ 1635.909127][T10476] gspca_spca508: reg_read err -71 [ 1635.919213][T10476] gspca_spca508: reg_read err -71 [ 1635.920770][T10476] gspca_spca508: reg_read err -71 [ 1635.921981][T10476] gspca_spca508: reg_read err -71 [ 1635.922481][T10476] gspca_spca508: reg write: error -71 [ 1635.922612][T10476] spca508 4-1:0.26: probe with driver spca508 failed with error -71 [ 1635.926178][T10476] usb 4-1: USB disconnect, device number 35 [ 1636.277445][ T8956] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1636.286890][ T8956] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1636.288291][ T8956] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1636.292954][ T8956] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1636.294257][ T8956] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1636.294868][ T8956] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1636.911377][ T8956] Bluetooth: hci2: command tx timeout [ 1637.629367][ T8956] Bluetooth: hci6: command tx timeout [ 1638.349118][ T8956] Bluetooth: hci7: command tx timeout [ 1638.989593][ T8956] Bluetooth: hci2: command tx timeout [ 1639.720538][ T8956] Bluetooth: hci6: command tx timeout [ 1640.428857][ T8956] Bluetooth: hci7: command tx timeout [ 1641.078735][ T8956] Bluetooth: hci2: command tx timeout [ 1641.796700][ T8956] Bluetooth: hci6: command tx timeout [ 1641.930238][T10054] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1641.934992][T10054] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1641.937207][T10054] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1641.939131][T10054] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1641.940333][T10054] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1641.940944][T10054] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1642.509533][ T8956] Bluetooth: hci7: command tx timeout [ 1643.870810][ T8956] Bluetooth: hci6: command tx timeout [ 1644.109193][ T8956] Bluetooth: hci8: command tx timeout [ 1644.590555][ T8956] Bluetooth: hci7: command tx timeout [ 1646.211831][ T8956] Bluetooth: hci8: command tx timeout [ 1647.193576][T10054] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1647.198646][T10054] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1647.206613][T10054] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1647.208413][T10054] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1647.214248][T10054] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1647.214878][T10054] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1648.268849][T10054] Bluetooth: hci8: command tx timeout [ 1649.309091][T10054] Bluetooth: hci9: command tx timeout [ 1650.348825][T10054] Bluetooth: hci8: command tx timeout [ 1651.388911][T10054] Bluetooth: hci9: command tx timeout [ 1651.551579][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2665 jiffies s: 99925 root: 0x2/. [ 1651.551650][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 1651.551684][ T19] Sending NMI from CPU 0 to CPUs 1: [ 1651.551726][ C1] NMI backtrace for cpu 1 [ 1651.551748][ C1] CPU: 1 UID: 0 PID: 10258 Comm: kworker/1:4 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 1651.551781][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1651.551799][ C1] Workqueue: events request_firmware_work_func [ 1651.551837][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x23/0x70 [ 1651.551886][ C1] Code: 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 15 d4 ff 77 7e 65 8b 05 d5 ff 77 7e a9 00 01 ff 00 48 8b 34 24 74 1d f6 c4 01 74 43 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 1c 16 00 00 85 c0 [ 1651.551913][ C1] RSP: 0018:ffffc90000a184f0 EFLAGS: 00000002 [ 1651.551934][ C1] RAX: 0000000000010101 RBX: ffff8880353d2400 RCX: ffffffff86cca208 [ 1651.551958][ C1] RDX: ffff888030d51e00 RSI: ffffffff86cc9a31 RDI: ffff8880291d2000 [ 1651.551977][ C1] RBP: ffff8880353d245c R08: 0000000000000001 R09: 0000000000000000 [ 1651.551995][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1651.552012][ C1] R13: ffff88803180c298 R14: ffff8880291d2000 R15: ffff8880353d2440 [ 1651.552031][ C1] FS: 0000000000000000(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 [ 1651.552058][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1651.552077][ C1] CR2: 0000001b2c716ff8 CR3: 000000000db7c000 CR4: 00000000003506f0 [ 1651.552095][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1651.552111][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1651.552129][ C1] Call Trace: [ 1651.552138][ C1] [ 1651.552150][ C1] ? show_regs+0x8c/0xa0 [ 1651.552193][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 1651.552235][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1651.552274][ C1] ? nmi_handle+0x1a9/0x5c0 [ 1651.552300][ C1] ? __sanitizer_cov_trace_pc+0x23/0x70 [ 1651.552344][ C1] ? default_do_nmi+0x6a/0x160 [ 1651.552380][ C1] ? exc_nmi+0x170/0x1e0 [ 1651.552413][ C1] ? end_repeat_nmi+0xf/0x53 [ 1651.552443][ C1] ? __usb_hcd_giveback_urb+0x118/0x6e0 [ 1651.552485][ C1] ? usb_hcd_unmap_urb_for_dma+0x21/0x6d0 [ 1651.552527][ C1] ? __sanitizer_cov_trace_pc+0x23/0x70 [ 1651.552593][ C1] ? __sanitizer_cov_trace_pc+0x23/0x70 [ 1651.552639][ C1] ? __sanitizer_cov_trace_pc+0x23/0x70 [ 1651.552682][ C1] [ 1651.552691][ C1] [ 1651.552700][ C1] usb_hcd_unmap_urb_for_dma+0x21/0x6d0 [ 1651.552742][ C1] ? dummy_timer+0x17b4/0x38d0 [ 1651.552785][ C1] __usb_hcd_giveback_urb+0x528/0x6e0 [ 1651.552830][ C1] usb_hcd_giveback_urb+0x396/0x450 [ 1651.552875][ C1] dummy_timer+0x17c3/0x38d0 [ 1651.552919][ C1] ? debug_object_deactivate+0x1f0/0x370 [ 1651.552959][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 1651.553007][ C1] ? __hrtimer_run_queues+0x5a7/0xcc0 [ 1651.553037][ C1] ? __pfx_lock_release+0x10/0x10 [ 1651.553079][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 1651.553119][ C1] ? timerqueue_del+0x83/0x150 [ 1651.553158][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 1651.553197][ C1] __hrtimer_run_queues+0x20c/0xcc0 [ 1651.553234][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1651.553265][ C1] ? ktime_get_update_offsets_now+0x201/0x310 [ 1651.553311][ C1] hrtimer_interrupt+0x31b/0x800 [ 1651.553351][ C1] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 1651.553383][ C1] sysvec_apic_timer_interrupt+0x43/0xb0 [ 1651.553425][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1651.553470][ C1] RIP: 0010:rcu_is_watching+0x5/0xc0 [ 1651.553514][ C1] Code: e8 00 ea a5 09 65 8a 05 05 c4 91 7e 0f b6 c0 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <53> 65 ff 05 7b a0 91 7e e8 9e e9 a5 09 48 c7 c3 c8 7e 03 00 83 f8 [ 1651.553540][ C1] RSP: 0018:ffffc90000a18a60 EFLAGS: 00000246 [ 1651.553560][ C1] RAX: 0000000000000000 RBX: ffff8880330bad50 RCX: ffffffff8a65309e [ 1651.553579][ C1] RDX: ffff888030d51e00 RSI: ffffffff8a653399 RDI: 0000000000000001 [ 1651.553597][ C1] RBP: 000000000000004c R08: 0000000000000001 R09: 0000000000000000 [ 1651.553614][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 1651.553630][ C1] R13: ffff88804c638700 R14: 000000000003d8cc R15: 0000000000000001 [ 1651.553654][ C1] ? cfg80211_inform_bss_frame_data+0xae/0x7a0 [ 1651.553686][ C1] ? cfg80211_inform_bss_frame_data+0x3a9/0x7a0 [ 1651.553723][ C1] cfg80211_inform_bss_frame_data+0x3ae/0x7a0 [ 1651.553759][ C1] ieee80211_bss_info_update+0x311/0xab0 [ 1651.553797][ C1] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 1651.553840][ C1] ? ieee80211_get_channel_khz+0x14d/0x1e0 [ 1651.553885][ C1] ieee80211_scan_rx+0x474/0xac0 [ 1651.553923][ C1] ieee80211_rx_list+0x1be3/0x2e90 [ 1651.553972][ C1] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 1651.554007][ C1] ? lock_acquire+0x1b1/0x560 [ 1651.554056][ C1] ? skb_dequeue+0x126/0x180 [ 1651.554090][ C1] ieee80211_rx_napi+0xdd/0x400 [ 1651.554126][ C1] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 1651.554162][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 1651.554204][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1651.554248][ C1] ieee80211_handle_queued_frames+0xd5/0x130 [ 1651.554284][ C1] tasklet_action_common.constprop.0+0x24c/0x3e0 [ 1651.554325][ C1] handle_softirqs+0x216/0x8f0 [ 1651.554358][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1651.554393][ C1] irq_exit_rcu+0xbb/0x120 [ 1651.554422][ C1] sysvec_apic_timer_interrupt+0x95/0xb0 [ 1651.554463][ C1] [ 1651.554472][ C1] [ 1651.554481][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1651.554525][ C1] RIP: 0010:console_flush_all+0xa19/0xd70 [ 1651.554556][ C1] Code: e8 8c 6c 26 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 6a 24 1f 00 48 85 db 0f 85 8b 01 00 00 e8 ec 21 1f 00 fb 48 8b 04 24 <4c> 89 fa 83 e2 07 0f b6 00 38 d0 7f 08 84 c0 0f 85 a9 02 00 00 41 [ 1651.554581][ C1] RSP: 0018:ffffc90004e275d8 EFLAGS: 00000293 [ 1651.554601][ C1] RAX: fffff520009c4ee2 RBX: 0000000000000000 RCX: ffffffff816cb6e6 [ 1651.554620][ C1] RDX: ffff888030d51e00 RSI: ffffffff816cb6f4 RDI: 0000000000000007 [ 1651.554638][ C1] RBP: dffffc0000000000 R08: 0000000000000007 R09: 0000000000000000 [ 1651.554656][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000200 [ 1651.554672][ C1] R13: ffffffff8ee64018 R14: ffffffff8ee63fc0 R15: ffffc90004e27710 [ 1651.554697][ C1] ? console_flush_all+0xa06/0xd70 [ 1651.554727][ C1] ? console_flush_all+0xa14/0xd70 [ 1651.554759][ C1] ? console_flush_all+0xa14/0xd70 [ 1651.554793][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 1651.554830][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1651.554872][ C1] console_unlock+0xae/0x290 [ 1651.554902][ C1] ? __pfx_console_unlock+0x10/0x10 [ 1651.554931][ C1] ? mark_held_locks+0x9f/0xe0 [ 1651.554977][ C1] ? dev_printk_emit+0xfb/0x140 [ 1651.555016][ C1] vprintk_emit+0x409/0x600 [ 1651.555048][ C1] dev_printk_emit+0xfb/0x140 [ 1651.555084][ C1] ? __pfx_dev_printk_emit+0x10/0x10 [ 1651.555123][ C1] ? lock_acquire+0x1b1/0x560 [ 1651.555167][ C1] ? __wait_for_common+0x2cf/0x5f0 [ 1651.555192][ C1] ? __pfx_lock_release+0x10/0x10 [ 1651.555238][ C1] __dev_printk+0xf5/0x270 [ 1651.555279][ C1] _dev_err+0xe5/0x120 [ 1651.555319][ C1] ? __pfx__dev_err+0x10/0x10 [ 1651.555362][ C1] ? do_init_timer+0xc9/0x110 [ 1651.555399][ C1] ? ath9k_htc_wait_for_target+0xc9/0x1c0 [ 1651.555434][ C1] ath9k_htc_wait_for_target+0x185/0x1c0 [ 1651.555467][ C1] ath9k_htc_probe_device+0x185/0x2660 [ 1651.555503][ C1] ? ath9k_hif_usb_alloc_urbs+0xae4/0x1020 [ 1651.555541][ C1] ? __pfx_ath9k_htc_probe_device+0x10/0x10 [ 1651.555575][ C1] ? usb_submit_urb+0x883/0x1730 [ 1651.555609][ C1] ? usb_free_urb.part.0+0x3e/0x100 [ 1651.555638][ C1] ? usb_free_urb+0x1f/0x30 [ 1651.555664][ C1] ? ath9k_hif_usb_alloc_urbs+0xbc5/0x1020 [ 1651.555703][ C1] ath9k_htc_hw_init+0x33/0x70 [ 1651.555736][ C1] ath9k_hif_usb_firmware_cb+0x272/0x620 [ 1651.555775][ C1] ? __pfx_ath9k_hif_usb_firmware_cb+0x10/0x10 [ 1651.555810][ C1] request_firmware_work_func+0x13a/0x250 [ 1651.555845][ C1] ? __pfx_request_firmware_work_func+0x10/0x10 [ 1651.555886][ C1] process_one_work+0x9c5/0x1b40 [ 1651.555918][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1651.555965][ C1] ? __pfx_process_one_work+0x10/0x10 [ 1651.556014][ C1] ? assign_work+0x1a0/0x250 [ 1651.556055][ C1] worker_thread+0x6c8/0xf00 [ 1651.556087][ C1] ? __kthread_parkme+0x148/0x220 [ 1651.556120][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1651.556146][ C1] kthread+0x2c1/0x3a0 [ 1651.556176][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1651.556215][ C1] ? __pfx_kthread+0x10/0x10 [ 1651.556247][ C1] ret_from_fork+0x45/0x80 [ 1651.556287][ C1] ? __pfx_kthread+0x10/0x10 [ 1651.556319][ C1] ret_from_fork_asm+0x1a/0x30 [ 1651.556368][ C1] [ 1653.471568][T10054] Bluetooth: hci9: command tx timeout [ 1655.549377][T10054] Bluetooth: hci9: command tx timeout [ 1675.211001][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 1692.035545][T10054] Bluetooth: hci4: command 0x0406 tx timeout [ 1692.980255][T14075] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1692.984207][T14075] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1692.985623][T14075] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1692.987490][T14075] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1692.988816][T14075] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1692.989974][T14075] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1695.412963][T14080] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1695.420702][T14080] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1695.422137][T14080] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1695.423927][T14080] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1695.425122][T14080] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 1695.425733][T14080] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1696.203144][T14083] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 1696.208215][T14083] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 1696.215649][T14083] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 1696.220449][T14083] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 1696.221628][T14083] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 1696.222249][T14083] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 1701.109356][T14088] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1702.298880][T14088] Bluetooth: hci0: command 0x0406 tx timeout [ 1702.307144][T14088] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 1702.318068][T14088] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 1702.339562][T14088] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 1702.349561][T14088] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 1702.357301][T14088] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 1704.808863][T14080] Bluetooth: hci12: command tx timeout [ 1704.816174][T14080] Bluetooth: hci11: command tx timeout [ 1704.823273][T14080] Bluetooth: hci10: command tx timeout [ 1705.208913][ T8956] Bluetooth: hci13: command tx timeout [ 1706.943769][T14080] Bluetooth: hci10: command tx timeout [ 1706.958901][T14080] Bluetooth: hci11: command tx timeout [ 1706.964469][T14080] Bluetooth: hci12: command tx timeout [ 1707.290357][T11836] Bluetooth: hci13: command tx timeout [ 1707.508921][T11836] Bluetooth: hci1: command 0x0406 tx timeout [ 1709.112469][ T8956] Bluetooth: hci11: command tx timeout [ 1709.118057][ T8956] Bluetooth: hci12: command tx timeout [ 1709.123662][ T8956] Bluetooth: hci10: command tx timeout [ 1709.321448][T11836] Bluetooth: hci13: command tx timeout