last executing test programs: 7.428223299s ago: executing program 1 (id=284): r0 = syz_open_procfs(0x0, 0x0) getdents64(r0, &(0x7f0000003440)=""/92, 0x5c) renameat2(r0, &(0x7f0000000180)='./file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xdec422813438ef76, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='qdisc_dequeue\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f000024e000/0x1000)=nil, 0x1000, 0x2000005, 0x28011, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r2, 0x29, 0x24, &(0x7f00000000c0)=r1, 0x4) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x4, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b71d5decf66cc00"/40, 0x28}], 0x1}, 0x0) 7.410789319s ago: executing program 1 (id=286): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='veno', 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x23) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 7.30016338s ago: executing program 1 (id=288): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b00010000100009045507010349020009058203"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xd887}}}, 0x0) 5.638465071s ago: executing program 0 (id=313): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000e00)=[@cpuid={0x14, 0x18, {0x5, 0x2}}, @set_irq_handler={0xbe, 0x20, {0x96, 0x1}}, @wr_drn={0x6e, 0x20, {0x5, 0x401}}, @wr_crn={0x46, 0x20, {0x4, 0x32dc76b7}}, @wrmsr={0x1e, 0x20, {0x888, 0x5}}, @rdmsr={0x32, 0x18, {0x2a7}}, @in_dx={0x82, 0x20, {0xdc4b, 0x6}}, @wr_drn={0x6e, 0x20, {0x4, 0x8}}, @cpuid={0x14, 0x18, {0x101, 0x10000}}, @wr_crn={0x46, 0x20, {0x3, 0x100000001}}, @wrmsr={0x1e, 0x20, {0x979, 0x10}}, @out_dx={0xaa, 0x28, {0xfad0, 0x4, 0xb205}}, @set_irq_handler={0xbe, 0x20, {0x80}}, @code={0xa, 0x46, {"67d8d90f00944210ff000066b8e7000f00d0f30fc77705430f01d166b826008ee065f3a70f0135de00000066b828000f00d8460f07"}}, @wr_crn={0x46, 0x20, {0x2, 0x3}}, @rdmsr={0x32, 0x18, {0x35b}}, @in_dx={0x82, 0x20, {0x1000000000017b3, 0x5}}, @out_dx={0xaa, 0x28, {0x4632, 0x3, 0x7}}, @in_dx={0x82, 0x20, {0x6373}}, @cpuid={0x14, 0x18, {0x1000, 0x4}}, @out_dx={0xaa, 0x28, {0x46b8, 0x1, 0xcc9d}}, @uexit={0x0, 0x18, 0x4}, @in_dx={0x82, 0x20, {0xe90c, 0x6}}, @wr_drn={0x6e, 0x20, {0x7, 0x8}}, @rdmsr={0x32, 0x18, {0x84b}}, @out_dx={0xaa, 0x28, {0x3f78, 0x4, 0x1}}, @cpuid={0x14, 0x18, {0x7, 0x5}}, @rdmsr={0x32, 0x18, {0x1d4}}, @wr_drn={0x6e, 0x20, {0x1, 0x200}}, @wr_crn={0x46, 0x20, {0x2, 0x80000001}}, @code={0xa, 0x6b, {"b805000005ebeb147000000f01d9f2470f2007c421fd118f7d000000f3420fa6d0c744240050000000c74424020c000000deff1c242489788205f9ffffff66450f381e7098400f0058f1b90c0a00000f32c4826d9bba08000000"}}], 0x429}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[], 0x44}}, 0x20000000) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x10001, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.556312271s ago: executing program 0 (id=314): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x2, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) mlockall(0x7) 5.545756521s ago: executing program 0 (id=315): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000a80)=[@out_dx={0xaa, 0x28, {0xcdae, 0x6, 0x4}}, @wrmsr={0x1e, 0x20, {0xb8d, 0x3}}, @wrmsr={0x1e, 0x20, {0x926, 0x3}}, @wr_crn={0x46, 0x20, {0x4, 0x8}}, @in_dx={0x82, 0x20, {0x15cb}}, @in_dx={0x82, 0x20, {0x2b56, 0x1}}, @wr_crn={0x46, 0x20, {0x0, 0x5}}, @wr_drn={0x6e, 0x20, {0x0, 0x4}}, @in_dx={0x82, 0x20, {0xce1e, 0x3}}, @code={0xa, 0x51, {"c4618565053e000000b805000000b9adcdbab40f01d941d1e9f0408020050f01f82e66400f3a416f01cc640fc73a3e66440f38820766b81c008ec8c4a2795823"}}, @wrmsr={0x1e, 0x20, {0x96c, 0xf9a3}}, @wr_drn={0x6e, 0x20, {0x7, 0x80000000}}, @out_dx={0xaa, 0x28, {0x40000000000ead1, 0x5, 0x4}}, @out_dx={0xaa, 0x28, {0xe1a0, 0x2, 0x6}}, @cpuid={0x14, 0x18, {0x40, 0x800}}, @cpuid={0x14, 0x18, {0x302, 0x4}}, @rdmsr={0x32, 0x18, {0x864}}, @wr_drn={0x6e, 0x20, {0x4, 0xf4}}], 0x271}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) symlink(0x0, &(0x7f0000000000)='./file0\x00') preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.178273293s ago: executing program 1 (id=323): syz_io_uring_setup(0x5b52, &(0x7f00000000c0)={0x0, 0xafcc, 0x190, 0x0, 0x31}, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)='w', 0x1}], 0x1) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000fe"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="c683c320bb386bce45eb641122", 0xd, 0xfffffffffffffffe) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f00000002c0)="66f30f7f2366ba4100b000ee0f01cb470f79a5090000000f01cf430f01dff30f38f6148366bad104b8adc70000efc462fd9ec9b9800000c00f3235000400000f30", 0x41}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r5, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = dup(r7) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x40242, 0x0) ioctl$SNDCTL_DSP_SPEED(r10, 0xc0045002, &(0x7f0000000040)=0x10000) ioctl$SNDCTL_DSP_CHANNELS(r10, 0xc0045006, &(0x7f00000000c0)=0x4) ioctl$SOUND_MIXER_READ_VOLUME(r10, 0x80044d0e, &(0x7f0000000080)) 4.032228313s ago: executing program 4 (id=325): socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299b000) socket$netlink(0x10, 0x3, 0x0) capset(0x0, &(0x7f0000000080)) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0xf000, 0x3, &(0x7f0000009000/0xf000)=nil) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0) write$P9_RREADDIR(r6, &(0x7f0000000640)={0xb, 0x29, 0x2, {0xf}}, 0xfffffc95) 3.975014392s ago: executing program 0 (id=328): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000700)=@updpolicy={0x17c, 0x19, 0x1, 0x70bd25, 0x1, {{@in6=@mcast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x800}, 0x200, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0xc4, 0x5, [{{@in=@loopback, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010100, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x41}, {{@in6=@remote, 0x2000, 0x3c}, 0x2, @in6=@dev, 0x3502, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x43}, 0x0, 0x33}, 0x0, @in=@remote}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 3.815666852s ago: executing program 1 (id=332): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000003c0)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) r1 = dup(r0) sendmmsg$inet6(r1, &(0x7f0000006900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000740)="eb", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001740)="2a31a9d8360aff885d858e78d8967c9f35dc36fe0fef3a6fe82f2023c2e62e04e1935e8068279de02389ba0b9297fce1d1d7193f2b7d3c88d7c527fc27eefa7e44b304ae2517165c029f2b6743c87022cf5551a5250d315f93b8600823129628fa8707ed2e23515b4ef0fc5cef8cc352c36b629ea8f774d3a0286e0c77907a513fa659a712428866e4f4282a43015724ee1c24f0a84f14a1df35ab67a0baaa7d8d945162cf635eeb11da82c1d3933d9fc132db72f90ef8f7ec01a72e7a3f7a73a2d9384333dd49bab8d460dc56444d3f2ab82383d1", 0xd5}], 0x1}}], 0x2, 0x4000051) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0x1}}, 0xfed7) 3.659293002s ago: executing program 0 (id=336): sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x20044000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$netlink_NETLINK_CAP_ACK(0xffffffffffffffff, 0x10e, 0xa, &(0x7f0000000580)=0x6dc1, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280), 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) sendto$inet(r2, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x76, &(0x7f0000000c40)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x10, 0x0, 0x0, 0x0, {[@mptcp=@capable={0x1e, 0xc}, @mptcp=@syn={0x1e, 0xc}, @sack={0x5, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0]}, @md5sig={0x13, 0x12, "a4bcbcee95c6179191d2675112a6689b"}]}}}}}}}, 0x0) 3.595153572s ago: executing program 0 (id=338): r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000a00)={0x1c, &(0x7f0000000780)={0x20, 0x7, 0x1, 'F'}, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 3.428248993s ago: executing program 2 (id=341): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005"], 0xf0}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYBLOB="08000500060000000c0017"], 0x30}}, 0x0) 3.387789594s ago: executing program 2 (id=342): syz_io_uring_setup(0x5b52, &(0x7f00000000c0)={0x0, 0xafcc, 0x190, 0x0, 0x31}, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)='w', 0x1}], 0x1) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000fe"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="c683c320bb386bce45eb641122", 0xd, 0xfffffffffffffffe) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f00000002c0)="66f30f7f2366ba4100b000ee0f01cb470f79a5090000000f01cf430f01dff30f38f6148366bad104b8adc70000efc462fd9ec9b9800000c00f3235000400000f30", 0x41}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r5, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = dup(r7) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x40242, 0x0) ioctl$SNDCTL_DSP_SPEED(r10, 0xc0045002, &(0x7f0000000040)=0x10000) ioctl$SNDCTL_DSP_CHANNELS(r10, 0xc0045006, &(0x7f00000000c0)=0x4) ioctl$SOUND_MIXER_READ_VOLUME(r10, 0x80044d0e, &(0x7f0000000080)) 3.216427675s ago: executing program 2 (id=343): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)={0x1c, r3, 0x48212b8952c3aff5, 0x70bd24, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) sendmmsg$inet6(r0, &(0x7f0000001700), 0x0, 0x24044800) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x2c, r5, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000010}, 0x8040) r6 = syz_usb_connect(0x3, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x34, 0x70, 0x9d, 0x40, 0x55f, 0xc230, 0xb6ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa7, 0xcc}}]}}]}}, 0x0) syz_usb_control_io(r6, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x40, 0x21, 0xffffffffffffffb4, 0x9}}) syz_usb_control_io$lan78xx(r6, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200)={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r6, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r6, 0x0, &(0x7f0000000900)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x1}}) syz_usb_control_io$rtl8150(r6, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000140)={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r6, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x18, 0x6, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @local, {[], {{0xfffe, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x3, 0x2}]}}}}}}}}, 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f0000000e00)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0) 3.108129705s ago: executing program 4 (id=344): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) unshare(0x22020400) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'batadv_slave_0\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x5, 0x80000000, 0x1, 0x4, 0x9, 0xa4, 0x0, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x6, 0x5, 0x101, 0x1002, 0x9, 0x1, 0x3, 0x1, 0xfffffffa, 0x65, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x0, 0x40, 0xd, 0xe, 0x1, 0x100, 0x4, 0x1c00, 0xb, 0x7, 0xbed4, 0x20000008, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x0, 0x83, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x101, 0x2, 0x180000, 0xf, 0x8b, 0x5, 0x2af, 0x6, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0xfffffffe, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0xe, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdfffffc, 0x2, 0x2, 0x84, 0x100, 0x6, 0x252, 0x81, 0x5d102cf1, 0x5, 0x20006, 0x5, 0x1, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x4000000, 0x4, 0x2, 0x40, 0x8, 0x4, 0x6, 0x100, 0x66cd, 0xc, 0x8, 0x1, 0x1fc, 0xc5c, 0x3ff]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) 3.107835975s ago: executing program 4 (id=345): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7f67, 0x0) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0x40) r2 = accept4(r1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, 0x0, &(0x7f00000001c0)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f00000000c0)={0x0, 0x0, {0xc7b6, 0xe7, 0x5, 0xf}}) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000003c0)={0x0, 0x0, {0xfffffffd, 0x0, 0x100b, 0x0, 0x8, 0x1, 0x2, 0x4}}) syz_usb_connect(0x3, 0x80, &(0x7f0000001880)={{0x12, 0x1, 0x250, 0x8e, 0x5a, 0xe4, 0x10, 0x424, 0xc001, 0xe20c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x1, 0x8, 0x5, 0x80, 0x1, [{{0x9, 0x4, 0x22, 0x2, 0x4, 0x64, 0x5, 0x79, 0x3, [], [{{0x9, 0x5, 0x1, 0x8, 0x8, 0x6, 0x3, 0x8, [@generic={0x38, 0xf, "99a105f9bcbc37fe11bf49034e4ef1ee82315b5fd8e1d93b4d0ad06cec0c37d320419b742a9f628ebb910eec8b4684bb910961f95730"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x200, 0x81, 0x2, 0x4}}, {{0x9, 0x5, 0xd, 0xc, 0x200, 0x1, 0x92, 0x7}}, {{0x9, 0x5, 0x4, 0x0, 0x40, 0xd2, 0x7f, 0x5}}]}}]}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x0, 0x40, 0xfd, 0x3, 0x40, 0x7f}, 0x0, 0x0}) 2.927891136s ago: executing program 1 (id=346): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 2.688997278s ago: executing program 3 (id=347): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) 1.004079245s ago: executing program 3 (id=348): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000080)={0x30, r1, 0x1, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xe8}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x30}}, 0x0) 1.003770645s ago: executing program 3 (id=349): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, 0x0, 0x20000044) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0x2, 0x2, 0x73) socket$kcm(0x2, 0x2, 0x73) close_range(r1, 0xffffffffffffffff, 0x0) 677.113556ms ago: executing program 3 (id=350): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 531.696747ms ago: executing program 2 (id=351): mknod(&(0x7f0000000000)='./file0\x00', 0x6000, 0x77b) mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='f2fs\x00', 0x0, 0x0) 248.2974ms ago: executing program 2 (id=352): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a300000000048000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005"], 0xf0}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYRES32=r2, @ANYBLOB="08000500060000000c0017"], 0x30}}, 0x0) 248.03176ms ago: executing program 3 (id=353): syz_io_uring_setup(0x5b52, &(0x7f00000000c0)={0x0, 0xafcc, 0x190, 0x0, 0x31}, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000000)='w', 0x1}], 0x1) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00\x00', @ANYRES16, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000fe"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="c683c320bb386bce45eb641122", 0xd, 0xfffffffffffffffe) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f00000002c0)="66f30f7f2366ba4100b000ee0f01cb470f79a5090000000f01cf430f01dff30f38f6148366bad104b8adc70000efc462fd9ec9b9800000c00f3235000400000f30", 0x41}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r5, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = dup(r7) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x40242, 0x0) ioctl$SNDCTL_DSP_SPEED(r10, 0xc0045002, &(0x7f0000000040)=0x10000) ioctl$SNDCTL_DSP_CHANNELS(r10, 0xc0045006, &(0x7f00000000c0)=0x4) ioctl$SOUND_MIXER_READ_VOLUME(r10, 0x80044d0e, &(0x7f0000000080)) 241.92655ms ago: executing program 2 (id=354): r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b100c00000000000109022d00010000600009040080020300000009210604000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0) 159.32502ms ago: executing program 3 (id=355): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, 0x0, 0x0) syz_io_uring_setup(0x1e1e, 0x0, 0x0, &(0x7f0000000000)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_SENDMSG={0x9, 0x10, 0x0, r4, 0x0, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0, 0x4008010}) r5 = syz_open_dev$vbi(&(0x7f0000000280), 0x3, 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) write$binfmt_script(r6, &(0x7f0000000100), 0xfffffd9d) write$binfmt_script(r6, &(0x7f0000001b00), 0xfffffd9d) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, 0x0, 0x0) 307.571µs ago: executing program 4 (id=356): writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead9", 0x101}], 0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000)) 141.82µs ago: executing program 4 (id=357): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) ftruncate(r0, 0xc17a) mq_notify(r0, 0x0) 0s ago: executing program 4 (id=358): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000a80)=[@out_dx={0xaa, 0x28, {0xcdae, 0x6, 0x4}}, @wrmsr={0x1e, 0x20, {0xb8d, 0x3}}, @wrmsr={0x1e, 0x20, {0x926, 0x3}}, @wr_crn={0x46, 0x20, {0x4, 0x8}}, @in_dx={0x82, 0x20, {0x15cb}}, @in_dx={0x82, 0x20, {0x2b56, 0x1}}, @wr_crn={0x46, 0x20, {0x0, 0x5}}, @wr_drn={0x6e, 0x20, {0x0, 0x4}}, @in_dx={0x82, 0x20, {0xce1e, 0x3}}, @code={0xa, 0x51, {"c4618565053e000000b805000000b9adcdbab40f01d941d1e9f0408020050f01f82e66400f3a416f01cc640fc73a3e66440f38820766b81c008ec8c4a2795823"}}, @wrmsr={0x1e, 0x20, {0x96c, 0xf9a3}}, @wr_drn={0x6e, 0x20, {0x7, 0x80000000}}, @out_dx={0xaa, 0x28, {0x40000000000ead1, 0x5, 0x4}}, @out_dx={0xaa, 0x28, {0xe1a0, 0x2, 0x6}}, @cpuid={0x14, 0x18, {0x40, 0x800}}, @cpuid={0x14, 0x18, {0x302, 0x4}}, @rdmsr={0x32, 0x18, {0x864}}, @wr_drn={0x6e, 0x20, {0x4, 0xf4}}], 0x271}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) symlink(0x0, &(0x7f0000000000)='./file0\x00') preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. [ 34.769646][ T4171] cgroup: Unknown subsys name 'net' [ 34.926864][ T4171] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 35.857874][ T4171] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 36.904362][ T4188] chnl_net:caif_netlink_parms(): no params data found [ 36.915698][ T4195] chnl_net:caif_netlink_parms(): no params data found [ 36.960985][ T4193] chnl_net:caif_netlink_parms(): no params data found [ 36.987986][ T4182] chnl_net:caif_netlink_parms(): no params data found [ 37.024304][ T4183] chnl_net:caif_netlink_parms(): no params data found [ 37.045852][ T4188] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.052897][ T4188] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.060732][ T4188] device bridge_slave_0 entered promiscuous mode [ 37.071479][ T4188] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.078518][ T4188] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.086236][ T4188] device bridge_slave_1 entered promiscuous mode [ 37.119208][ T4195] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.126309][ T4195] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.133841][ T4195] device bridge_slave_0 entered promiscuous mode [ 37.140694][ T4193] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.147885][ T4193] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.155539][ T4193] device bridge_slave_0 entered promiscuous mode [ 37.173710][ T4188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.185638][ T4195] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.192659][ T4195] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.200130][ T4195] device bridge_slave_1 entered promiscuous mode [ 37.207213][ T4193] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.214459][ T4193] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.221807][ T4193] device bridge_slave_1 entered promiscuous mode [ 37.231049][ T4188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.267057][ T4182] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.274163][ T4182] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.281661][ T4182] device bridge_slave_0 entered promiscuous mode [ 37.289807][ T4195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.311421][ T4182] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.318556][ T4182] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.326113][ T4182] device bridge_slave_1 entered promiscuous mode [ 37.333779][ T4195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.348596][ T4193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.359000][ T4188] team0: Port device team_slave_0 added [ 37.365084][ T4183] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.372106][ T4183] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.379888][ T4183] device bridge_slave_0 entered promiscuous mode [ 37.395527][ T4193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.405908][ T4188] team0: Port device team_slave_1 added [ 37.416085][ T4183] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.423133][ T4183] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.430670][ T4183] device bridge_slave_1 entered promiscuous mode [ 37.443222][ T4182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.465754][ T4195] team0: Port device team_slave_0 added [ 37.477342][ T4182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.487498][ T4193] team0: Port device team_slave_0 added [ 37.499939][ T4195] team0: Port device team_slave_1 added [ 37.506756][ T4183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.517357][ T4183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.531138][ T4193] team0: Port device team_slave_1 added [ 37.541900][ T4188] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.548854][ T4188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.574817][ T4188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.603258][ T4188] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.610242][ T4188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.636278][ T4188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.656532][ T4182] team0: Port device team_slave_0 added [ 37.663309][ T4183] team0: Port device team_slave_0 added [ 37.669314][ T4193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.676406][ T4193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.702556][ T4193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.715933][ T4193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.722853][ T4193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.748918][ T4193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.760383][ T4195] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.767331][ T4195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.793210][ T4195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.804719][ T4182] team0: Port device team_slave_1 added [ 37.810557][ T4195] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.817511][ T4195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.843514][ T4195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.855523][ T4183] team0: Port device team_slave_1 added [ 37.886378][ T4183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.893310][ T4183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.919373][ T4183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.930855][ T4182] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.937885][ T4182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.964428][ T4182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.976337][ T4182] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.983255][ T4182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.009326][ T4182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.026687][ T4188] device hsr_slave_0 entered promiscuous mode [ 38.033060][ T4188] device hsr_slave_1 entered promiscuous mode [ 38.046758][ T4183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.053712][ T4183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.079625][ T4183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.126921][ T4193] device hsr_slave_0 entered promiscuous mode [ 38.133348][ T4193] device hsr_slave_1 entered promiscuous mode [ 38.140025][ T4193] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.147830][ T4193] Cannot create hsr debugfs directory [ 38.160286][ T4195] device hsr_slave_0 entered promiscuous mode [ 38.166707][ T4195] device hsr_slave_1 entered promiscuous mode [ 38.172940][ T4195] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.180832][ T4195] Cannot create hsr debugfs directory [ 38.188499][ T4183] device hsr_slave_0 entered promiscuous mode [ 38.195192][ T4183] device hsr_slave_1 entered promiscuous mode [ 38.201473][ T4183] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.209041][ T4183] Cannot create hsr debugfs directory [ 38.239429][ T4182] device hsr_slave_0 entered promiscuous mode [ 38.246087][ T4182] device hsr_slave_1 entered promiscuous mode [ 38.252399][ T4182] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.260034][ T4182] Cannot create hsr debugfs directory [ 38.422130][ T4182] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.433213][ T4182] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.442395][ T4182] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.450905][ T4182] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.478299][ T4183] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.486159][ T4183] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.499247][ T4183] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.511602][ T4183] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.544809][ T4195] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.554170][ T4195] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.562304][ T4195] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.573020][ T4195] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.599635][ T4182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.636285][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.645886][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.658739][ T4182] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.666125][ T4193] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.676880][ T4193] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.684067][ T4239] Bluetooth: hci0: command 0x0409 tx timeout [ 38.690244][ T4239] Bluetooth: hci2: command 0x0409 tx timeout [ 38.696903][ T4239] Bluetooth: hci1: command 0x0409 tx timeout [ 38.716563][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 38.725317][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.733946][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.741068][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.749415][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 38.758566][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.766663][ T4250] Bluetooth: hci3: command 0x0409 tx timeout [ 38.767059][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.779644][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.787073][ T4251] Bluetooth: hci4: command 0x0409 tx timeout [ 38.787191][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 38.801541][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 38.810713][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 38.818725][ T4193] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.836937][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 38.846431][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 38.854832][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 38.863068][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 38.874921][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 38.882521][ T4193] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.893709][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.907590][ T4195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.920916][ T4183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.929383][ T4188] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.941360][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.952936][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.960983][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.972307][ T4183] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.980762][ T4188] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.989441][ T4188] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.998477][ T4188] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.007506][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.019016][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.028183][ T4182] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.039425][ T4195] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.049278][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.059592][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.067885][ T438] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.074904][ T438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.105501][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.114725][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.123234][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.132026][ T438] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.139077][ T438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.148419][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.157001][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.165318][ T438] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.172326][ T438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.179899][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.188402][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.197402][ T438] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.204443][ T438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.211920][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 39.220228][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 39.228529][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 39.237021][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.245604][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.253315][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.272395][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 39.281202][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 39.290119][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 39.301507][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.310273][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.318671][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.326996][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.335629][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.346125][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 39.354729][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.377029][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.385732][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.393054][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.402689][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 39.411654][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.419957][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.428106][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.436812][ T4183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.455444][ T4182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.470437][ T4195] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.482166][ T4195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.501192][ T4188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.510350][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.519344][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.529936][ T4193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.553187][ T4182] device veth0_vlan entered promiscuous mode [ 39.566265][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 39.575744][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 39.585285][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 39.593386][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 39.606859][ T4193] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.617946][ T4188] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.628391][ T4182] device veth1_vlan entered promiscuous mode [ 39.639649][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 39.648352][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 39.660982][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 39.668789][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.676917][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.684442][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.691868][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.704115][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.735384][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 39.745425][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.752794][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.762148][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.770595][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.778802][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.785815][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.793279][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.801755][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.810342][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.817368][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.824889][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.833169][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.841616][ T1236] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.848657][ T1236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.856779][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.865954][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.874537][ T1236] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.881548][ T1236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.889365][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 39.897757][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 39.906306][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 39.914876][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.922963][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 39.931456][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.940310][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 39.948146][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 39.956417][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 39.972734][ T4195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.985559][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.993740][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.001446][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.012268][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.021753][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.030147][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.038767][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.048957][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.058210][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.066316][ T4182] device veth0_macvtap entered promiscuous mode [ 40.076302][ T4182] device veth1_macvtap entered promiscuous mode [ 40.084628][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 40.093386][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.102669][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.111158][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.124356][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.132464][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.151421][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.161181][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.176172][ T4193] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 40.187906][ T4193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.195808][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 40.205120][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 40.214317][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 40.222541][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 40.231023][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.239319][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.250979][ T4188] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 40.262416][ T4188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.272163][ T4182] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.281470][ T4182] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.290379][ T4182] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.299182][ T4182] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.317373][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.326845][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.335675][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.344756][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.359547][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.368592][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.408724][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.424123][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.441209][ T4195] device veth0_vlan entered promiscuous mode [ 40.449977][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.457757][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.466225][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.474340][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.482292][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.490218][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.506008][ T4195] device veth1_vlan entered promiscuous mode [ 40.514979][ T4183] device veth0_vlan entered promiscuous mode [ 40.526183][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 40.537855][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 40.548335][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 40.564956][ T4193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.572652][ T4183] device veth1_vlan entered promiscuous mode [ 40.596634][ T438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.604885][ T4183] device veth0_macvtap entered promiscuous mode [ 40.611813][ T438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.621559][ T4188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.636811][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 40.645510][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 40.653254][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 40.661307][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.669508][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.677832][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.687470][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 40.694870][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 40.702179][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.710549][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.719236][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.733208][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 40.741542][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 40.752085][ T4183] device veth1_macvtap entered promiscuous mode [ 40.760765][ T4195] device veth0_macvtap entered promiscuous mode [ 40.767333][ T4250] Bluetooth: hci1: command 0x041b tx timeout [ 40.767634][ T4268] Bluetooth: hci0: command 0x041b tx timeout [ 40.773324][ T4250] Bluetooth: hci2: command 0x041b tx timeout [ 40.792790][ T4193] device veth0_vlan entered promiscuous mode [ 40.803204][ T4193] device veth1_vlan entered promiscuous mode [ 40.811925][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 40.819988][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 40.827878][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.836235][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.844148][ T4243] Bluetooth: hci3: command 0x041b tx timeout [ 40.844916][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 40.857904][ T4268] Bluetooth: hci4: command 0x041b tx timeout [ 40.864038][ T1236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.871953][ T1236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.872685][ T4188] device veth0_vlan entered promiscuous mode [ 40.891092][ T4195] device veth1_macvtap entered promiscuous mode [ 40.899478][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 40.907502][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.915162][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.922557][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.931246][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.939624][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.948028][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 40.956353][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 40.964533][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 40.971983][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 40.985768][ T4188] device veth1_vlan entered promiscuous mode [ 41.017755][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.028568][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.042659][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.051818][ T4195] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.062537][ T4195] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.074131][ T4195] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.085313][ T4188] device veth0_macvtap entered promiscuous mode [ 41.094153][ T4188] device veth1_macvtap entered promiscuous mode [ 41.101158][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.109136][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 41.117025][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 41.126946][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.135632][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.144597][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.152811][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.161200][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.169645][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.178119][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.186478][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.194908][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.205815][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.216480][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.227004][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.237557][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.247546][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.258161][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.268548][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 41.279204][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.290391][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.298980][ T4195] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.308220][ T4195] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.317496][ T4195] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.330794][ T4195] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.349389][ T4193] device veth0_macvtap entered promiscuous mode [ 41.357586][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.366767][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.376428][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.385068][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.393688][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.402038][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.423087][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 41.436046][ T4183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.449726][ T4183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.458971][ T4183] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.467824][ T4183] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.481283][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.496648][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.506796][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.517410][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.527477][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 41.537938][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 41.548552][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.005283][ T4193] device veth1_macvtap entered promiscuous mode [ 42.012620][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 42.021321][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.030448][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.040905][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.051945][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.061894][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.073129][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.083056][ T4188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.093590][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.105519][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.119147][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.127780][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.156819][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.167416][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.180709][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.191824][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.206631][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.217202][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.231391][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 42.241999][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.267233][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.276102][ T4188] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.285093][ T4188] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.294234][ T4188] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.302926][ T4188] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.322373][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 42.331842][ T438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.342390][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.352998][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.354447][ T4302] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7'. [ 42.367335][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.382179][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.392040][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.402451][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.412257][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 42.422834][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 42.433816][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.454629][ T4302] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7'. [ 42.464253][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 42.473052][ T1236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.483842][ T4193] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.493338][ T4193] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.502150][ T4193] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.510956][ T4193] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.530809][ T4301] netlink: 60 bytes leftover after parsing attributes in process `syz.1.7'. [ 42.554969][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.562876][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.602775][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 42.612059][ T1236] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.623248][ T438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.635296][ T438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.664235][ T4274] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.667593][ T1236] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.681840][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 42.692075][ T4274] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.694283][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 42.771761][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 42.849747][ T4297] Bluetooth: hci0: command 0x040f tx timeout [ 42.849914][ T1108] Bluetooth: hci2: command 0x040f tx timeout [ 42.855960][ T4297] Bluetooth: hci1: command 0x040f tx timeout [ 42.880808][ T4306] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 42.899986][ T4306] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 42.926017][ T1108] Bluetooth: hci4: command 0x040f tx timeout [ 42.937963][ T4306] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 43.110541][ T438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.123684][ T1108] Bluetooth: hci3: command 0x040f tx timeout [ 43.130825][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 43.152371][ T438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.190842][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 43.227482][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.273372][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.297300][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 43.317303][ T4321] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 43.318252][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 43.328822][ T4324] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 43.355023][ T4322] tipc: Failed to remove unknown binding: 66,1,1/0:1041309886/1041309888 [ 43.376672][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 43.409186][ T4322] tipc: Failed to remove unknown binding: 66,1,1/0:1041309886/1041309888 [ 43.423918][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 43.441425][ T4322] tipc: Failed to remove unknown binding: 66,1,1/0:1041309886/1041309888 [ 43.847204][ T4297] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 43.970211][ T4353] binfmt_misc: register: failed to install interpreter file ./file0 [ 44.848112][ T4363] tipc: Started in network mode [ 44.866202][ T4363] tipc: Node identity b2b16cc6b477, cluster identity 4711 [ 44.926010][ T4243] Bluetooth: hci1: command 0x0419 tx timeout [ 44.937161][ T4363] tipc: Enabled bearer , priority 0 [ 44.960537][ T4243] Bluetooth: hci2: command 0x0419 tx timeout [ 44.978873][ T4365] device syzkaller0 entered promiscuous mode [ 44.996470][ T4243] Bluetooth: hci0: command 0x0419 tx timeout [ 45.103110][ T4363] tipc: Resetting bearer [ 45.141685][ T4362] tipc: Resetting bearer [ 45.164196][ T4243] Bluetooth: hci4: command 0x0419 tx timeout [ 45.204600][ T4362] tipc: Disabling bearer [ 45.227004][ T4374] tipc: Failed to remove unknown binding: 66,1,1/0:186946190/186946192 [ 45.246328][ T4243] Bluetooth: hci3: command 0x0419 tx timeout [ 45.277886][ T4374] tipc: Failed to remove unknown binding: 66,1,1/0:186946190/186946192 [ 45.351146][ T4374] tipc: Failed to remove unknown binding: 66,1,1/0:186946190/186946192 [ 45.503531][ T4297] usb 1-1: Using ep0 maxpacket: 32 [ 45.577587][ T4388] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 45.635028][ T4297] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 45.663521][ T4297] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 45.667897][ T4243] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 45.683443][ T4297] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 45.696826][ T4297] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.719497][ T4297] usb 1-1: config 0 descriptor?? [ 45.785487][ T4297] hub 1-1:0.0: bad descriptor, ignoring hub [ 45.791520][ T4297] hub: probe of 1-1:0.0 failed with error -5 [ 45.817521][ T4297] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 46.064159][ T4243] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 46.086509][ T4243] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 46.140338][ T4243] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 46.179333][ T4243] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 46.234681][ T4243] usb 3-1: config 0 descriptor?? [ 46.294382][ T4243] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 46.841206][ T4415] tipc: Enabled bearer , priority 0 [ 46.859448][ T4415] device syzkaller0 entered promiscuous mode [ 46.881443][ T4415] tipc: Resetting bearer [ 46.889255][ T4414] tipc: Resetting bearer [ 46.904102][ T4414] tipc: Disabling bearer [ 47.143609][ T2176] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 47.315843][ T1325] usb 1-1: USB disconnect, device number 2 [ 47.427447][ T4420] loop5: detected capacity change from 0 to 7 [ 47.431613][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 47.447390][ T4420] Dev loop5: unable to read RDB block 7 [ 47.452998][ T4420] loop5: unable to read partition table [ 47.453419][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 47.458765][ T4420] loop5: partition table beyond EOD, [ 47.467535][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 47.473418][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 47.481823][ T4420] truncated [ 47.490785][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 47.493989][ T4420] loop_reread_partitions: partition scan of loop5 (úù) failed (rc=-5) [ 47.502742][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 47.555116][ T3561] Dev loop5: unable to read RDB block 7 [ 47.560688][ T3561] loop5: unable to read partition table [ 47.572237][ T3561] loop5: partition table beyond EOD, truncated [ 47.603602][ T2176] usb 2-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice= 8.8f [ 47.626376][ T2176] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.651367][ T2176] usb 2-1: config 0 descriptor?? [ 47.656845][ T4435] tipc: Failed to remove unknown binding: 66,1,1/0:1516174140/1516174142 [ 47.670414][ T4435] tipc: Failed to remove unknown binding: 66,1,1/0:1516174140/1516174142 [ 47.687806][ T4435] tipc: Failed to remove unknown binding: 66,1,1/0:1516174140/1516174142 [ 47.726416][ T2176] gspca_main: pac7311-2.14.0 probing 093a:2601 [ 47.860025][ T4445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.48'. [ 47.983541][ T25] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 48.363616][ T25] usb 1-1: not running at top speed; connect to a high speed hub [ 48.413500][ T1325] usb 3-1: USB disconnect, device number 2 [ 48.464296][ T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 48.474652][ T25] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 48.484097][ T25] usb 1-1: config 1 has no interface number 1 [ 48.490313][ T25] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 48.513535][ T25] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 48.545085][ T2176] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -110 [ 48.553263][ T2176] pac7311: probe of 2-1:0.0 failed with error -110 [ 48.713998][ T25] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 48.723902][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 48.733676][ T25] usb 1-1: Product: syz [ 48.737829][ T25] usb 1-1: Manufacturer: syz [ 48.743807][ T4458] tipc: Started in network mode [ 48.748659][ T4458] tipc: Node identity 4a9446b7df6d, cluster identity 4711 [ 48.763437][ T25] usb 1-1: SerialNumber: syz [ 48.772783][ T4458] tipc: Enabled bearer , priority 0 [ 48.794804][ T4458] device syzkaller0 entered promiscuous mode [ 48.820034][ T4458] tipc: Resetting bearer [ 48.853704][ T4457] tipc: Resetting bearer [ 48.859544][ T4466] syz.4.57 uses obsolete (PF_INET,SOCK_PACKET) [ 48.959943][ T4457] tipc: Disabling bearer [ 49.123855][ T26] audit: type=1326 audit(1761716644.780:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4465 comm="syz.4.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d7b6ebfc9 code=0x7ffc0000 [ 49.194370][ T25] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 49.236616][ T25] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 49.448272][ T26] audit: type=1326 audit(1761716644.780:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4465 comm="syz.4.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d7b6ebfc9 code=0x7ffc0000 [ 49.504673][ T26] audit: type=1326 audit(1761716644.780:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4465 comm="syz.4.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f8d7b6ebfc9 code=0x7ffc0000 [ 49.523542][ T25] usb 1-1: USB disconnect, device number 3 [ 49.588137][ T26] audit: type=1326 audit(1761716644.780:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4465 comm="syz.4.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d7b6ebfc9 code=0x7ffc0000 [ 49.643565][ T26] audit: type=1326 audit(1761716644.780:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4465 comm="syz.4.57" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d7b6ebfc9 code=0x7ffc0000 [ 49.905719][ T25] usb 2-1: USB disconnect, device number 2 [ 49.923584][ T1325] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 50.012036][ T4502] tipc: Enabled bearer , priority 0 [ 50.027800][ T4502] device syzkaller0 entered promiscuous mode [ 50.074241][ T4502] Zero length message leads to an empty skb [ 50.096885][ T4502] tipc: Resetting bearer [ 50.104974][ T4500] tipc: Resetting bearer [ 50.121781][ T4500] tipc: Disabling bearer [ 50.183549][ T1325] usb 3-1: Using ep0 maxpacket: 32 [ 50.314249][ T1325] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 50.322345][ T1325] usb 3-1: config 0 has no interface number 0 [ 50.323488][ T25] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 50.794560][ T25] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 50.859065][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.022972][ T25] usb 2-1: config 0 descriptor?? [ 51.036928][ T1325] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 51.046104][ T1325] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.054123][ T1325] usb 3-1: Product: syz [ 51.058329][ T1325] usb 3-1: Manufacturer: syz [ 51.063051][ T1325] usb 3-1: SerialNumber: syz [ 51.074121][ T1325] usb 3-1: config 0 descriptor?? [ 51.134498][ T1325] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 51.540826][ T1325] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 51.583644][ T1108] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 51.599106][ T1325] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 51.873554][ T1108] usb 4-1: Using ep0 maxpacket: 16 [ 51.887294][ T4297] usb 3-1: USB disconnect, device number 3 [ 51.893457][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 51.899408][ T4297] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 51.916884][ T4297] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 51.929871][ T4297] quatech2 3-1:0.51: device disconnected [ 52.014110][ T1108] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 52.027981][ T1108] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 52.091162][ T4551] tipc: Started in network mode [ 52.100436][ T4551] tipc: Node identity 1ae6df094dc8, cluster identity 4711 [ 52.107756][ T4551] tipc: Enabled bearer , priority 0 [ 52.115287][ T4551] device syzkaller0 entered promiscuous mode [ 52.131229][ T4551] tipc: Resetting bearer [ 52.138964][ T4550] tipc: Resetting bearer [ 52.150670][ T4550] tipc: Disabling bearer [ 52.213761][ T1108] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 52.233316][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.252290][ T1108] usb 4-1: Product: syz [ 52.256742][ T1108] usb 4-1: Manufacturer: syz [ 52.261324][ T1108] usb 4-1: SerialNumber: syz [ 52.483461][ T4250] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 52.593578][ T1108] usb 4-1: 0:2 : does not exist [ 52.626314][ T1108] usb 4-1: USB disconnect, device number 2 [ 52.693637][ T1325] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 52.844189][ T4250] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 52.856251][ T4199] udevd[4199]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 52.877860][ T4250] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 52.897263][ T4250] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 52.906628][ T4250] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.933780][ T4557] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 52.940958][ T1325] usb 3-1: Using ep0 maxpacket: 16 [ 53.063957][ T1325] usb 3-1: config 5 has an invalid interface number: 168 but max is 0 [ 53.072137][ T1325] usb 3-1: config 5 has no interface number 0 [ 53.079081][ T1325] usb 3-1: config 5 interface 168 altsetting 7 has an invalid endpoint with address 0xEB, skipping [ 53.083684][ T25] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 53.092895][ T1325] usb 3-1: config 5 interface 168 altsetting 7 has an invalid endpoint with address 0x23, skipping [ 53.113496][ T25] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 53.115168][ T1325] usb 3-1: config 5 interface 168 has no altsetting 0 [ 53.139013][ T25] asix: probe of 2-1:0.0 failed with error -71 [ 53.245847][ T25] usb 2-1: USB disconnect, device number 3 [ 53.544688][ T1325] usb 3-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 53.557389][ T1325] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 53.577443][ T1325] usb 3-1: Product: syz [ 53.590166][ T1325] usb 3-1: Manufacturer: syz [ 53.598960][ T1325] usb 3-1: SerialNumber: syz [ 53.633631][ T4575] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 53.757353][ T4592] tipc: Enabled bearer , priority 0 [ 53.765190][ T4592] device syzkaller0 entered promiscuous mode [ 53.777850][ T4592] tipc: Resetting bearer [ 53.785995][ T4591] tipc: Resetting bearer [ 53.794229][ T4591] tipc: Disabling bearer [ 53.882528][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #300!!! [ 53.891531][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 53.900479][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 54.063826][ T4604] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 54.774349][ T2176] usb 5-1: USB disconnect, device number 2 [ 55.313405][ C0] sched: RT throttling activated [ 55.321807][ T1325] pn533_usb 3-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 55.334041][ T1325] usb 3-1: USB disconnect, device number 4 [ 55.545917][ T4627] tipc: Enabled bearer , priority 0 [ 55.556693][ T4627] device syzkaller0 entered promiscuous mode [ 55.584779][ T4632] netlink: 'syz.2.114': attribute type 1 has an invalid length. [ 55.586179][ T4627] tipc: Resetting bearer [ 55.607643][ T4626] tipc: Resetting bearer [ 55.626133][ T4626] tipc: Disabling bearer [ 55.787052][ T2176] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 56.573032][ T2176] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 56.591502][ T2176] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 56.606147][ T2176] usb 1-1: New USB device found, idVendor=056a, idProduct=0318, bcdDevice= 0.00 [ 56.618759][ T2176] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.628459][ T2176] usb 1-1: config 0 descriptor?? [ 56.657970][ T4669] netlink: 12 bytes leftover after parsing attributes in process `syz.4.125'. [ 56.780782][ T4676] tipc: Started in network mode [ 56.796453][ T4676] tipc: Node identity da883fa2b75b, cluster identity 4711 [ 56.847639][ T4676] tipc: Enabled bearer , priority 0 [ 56.876455][ T4680] device syzkaller0 entered promiscuous mode [ 56.886572][ T4678] netlink: 'syz.3.126': attribute type 1 has an invalid length. [ 56.906511][ T4676] tipc: Resetting bearer [ 56.916912][ T4673] tipc: Resetting bearer [ 56.977806][ T4683] process 'syz.4.129' launched '/dev/fd/8' with NULL argv: empty string added [ 57.004010][ T4673] tipc: Disabling bearer [ 57.149588][ T2176] wacom 0003:056A:0318.0001: unknown main item tag 0x5 [ 57.170267][ T2176] wacom 0003:056A:0318.0001: item fetching failed at offset 1/5 [ 57.203672][ T2176] wacom 0003:056A:0318.0001: parse failed [ 57.222571][ T2176] wacom: probe of 0003:056A:0318.0001 failed with error -22 [ 57.373212][ T1108] usb 1-1: USB disconnect, device number 4 [ 57.681745][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 57.703622][ T4228] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 57.744472][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 57.823988][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 57.893770][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 57.918864][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 57.949800][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 57.969430][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 57.991181][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.007132][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.046841][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.065298][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.081624][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.102576][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.110376][ T4228] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 58.111398][ T4712] netlink: 'syz.2.140': attribute type 1 has an invalid length. [ 58.128848][ T4228] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 58.139560][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.149378][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.159315][ T4228] usb 4-1: config 179 has no interface number 0 [ 58.166450][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.178903][ T4709] netlink: 'syz.1.137': attribute type 1 has an invalid length. [ 58.191345][ T4228] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid wMaxPacketSize 0 [ 58.206916][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.214571][ T4228] usb 4-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 58.232123][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.234178][ T4709] netlink: 12 bytes leftover after parsing attributes in process `syz.1.137'. [ 58.240256][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.259349][ T4228] usb 4-1: config 179 interface 65 has no altsetting 0 [ 58.266786][ T4228] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 58.286428][ T4297] hid-generic 00A0:0005:0003.0002: unknown main item tag 0x0 [ 58.297313][ T4228] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.315302][ T4297] hid-generic 00A0:0005:0003.0002: hidraw0: HID v0.05 Device [syz1] on syz0 [ 58.434275][ T4721] binder: 4719:4721 ioctl c0306201 0 returned -14 [ 58.479696][ T4722] tipc: Enabled bearer , priority 0 [ 58.587270][ T4722] device syzkaller0 entered promiscuous mode [ 58.664775][ T4297] usb 4-1: USB disconnect, device number 3 [ 58.876819][ T4728] fido_id[4728]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 58.899646][ T4722] tipc: Resetting bearer [ 58.941691][ T4720] tipc: Resetting bearer [ 59.011309][ T4720] tipc: Disabling bearer [ 59.416344][ T4297] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 59.701579][ T4297] usb 1-1: Using ep0 maxpacket: 8 [ 59.741737][ T4751] netlink: 'syz.3.152': attribute type 1 has an invalid length. [ 59.853659][ T4297] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 59.868577][ T4297] usb 1-1: config 0 has an invalid interface number: 10 but max is 0 [ 59.978192][ T4297] usb 1-1: config 0 has no interface number 0 [ 59.984775][ T4297] usb 1-1: too many endpoints for config 0 interface 10 altsetting 77: 80, using maximum allowed: 30 [ 59.995893][ T4297] usb 1-1: config 0 interface 10 altsetting 77 has 0 endpoint descriptors, different from the interface descriptor's value: 80 [ 60.009171][ T4297] usb 1-1: config 0 interface 10 has no altsetting 0 [ 60.234804][ T4297] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 60.297664][ T4297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.451813][ T4297] usb 1-1: Product: syz [ 60.506689][ T4297] usb 1-1: Manufacturer: syz [ 60.513692][ T4297] usb 1-1: SerialNumber: syz [ 60.519724][ T4297] usb 1-1: config 0 descriptor?? [ 60.965019][ T4778] tipc: Enabled bearer , priority 0 [ 60.987793][ T4778] device syzkaller0 entered promiscuous mode [ 61.029411][ T4774] tipc: Resetting bearer [ 61.044468][ T4297] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 61.053995][ T4297] usb 1-1: setting power ON [ 61.059462][ T4297] dvb-usb: bulk message failed: -22 (2/0) [ 61.067843][ T4297] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 61.154101][ T4774] tipc: Disabling bearer [ 61.587045][ T4297] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 61.596379][ T4297] usb 1-1: media controller created [ 61.613010][ T4297] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 61.636990][ T4297] usb 1-1: digital interface selection failed (-22) [ 61.652147][ T4297] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 61.681623][ T4794] netlink: 'syz.4.165': attribute type 1 has an invalid length. [ 61.723745][ T4297] usb 1-1: setting power OFF [ 61.728555][ T4297] dvb-usb: bulk message failed: -22 (2/0) [ 61.753193][ T4297] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 61.839142][ T4297] (NULL device *): no alternate interface [ 61.855419][ T4297] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 61.874567][ T4297] usb 1-1: USB disconnect, device number 5 [ 61.996874][ T4817] tipc: Enabled bearer , priority 0 [ 62.016041][ T4817] device syzkaller0 entered promiscuous mode [ 62.083653][ T4816] tipc: Resetting bearer [ 62.112514][ T4816] tipc: Disabling bearer [ 62.234227][ T4835] netlink: 'syz.0.184': attribute type 1 has an invalid length. [ 62.273567][ T1325] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 62.293116][ T4837] tmpfs: Unknown parameter 'grpquota' [ 62.309528][ T4837] fuseblk: Bad value for 'fd' [ 62.633677][ T1325] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 62.709048][ T1325] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 0 [ 62.725319][ T4228] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 62.789088][ T4862] tipc: Started in network mode [ 62.794826][ T4862] tipc: Node identity 82da4ed4e6c2, cluster identity 4711 [ 62.802147][ T4862] tipc: Enabled bearer , priority 0 [ 62.809022][ T1325] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 62.822504][ T4862] device syzkaller0 entered promiscuous mode [ 62.841474][ T4861] tipc: Resetting bearer [ 62.856526][ T4861] tipc: Disabling bearer [ 63.013553][ T1325] usb 4-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 63.022609][ T1325] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.094023][ T1325] usb 4-1: Product: syz [ 63.098433][ T1325] usb 4-1: Manufacturer: syz [ 63.103355][ T1325] usb 4-1: SerialNumber: syz [ 63.134746][ T1325] usb 4-1: config 0 descriptor?? [ 63.183584][ T4228] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 63.483723][ T4228] usb 1-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 63.533291][ T4228] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.662874][ T4228] usb 1-1: Product: syz [ 63.705647][ T4228] usb 1-1: Manufacturer: syz [ 63.755171][ T4228] usb 1-1: SerialNumber: syz [ 63.837193][ T4228] usb 1-1: config 0 descriptor?? [ 63.844397][ T1325] adutux 4-1:0.0: interrupt endpoints not found [ 63.863528][ T1325] usb 4-1: USB disconnect, device number 4 [ 63.863862][ T4851] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 63.905287][ T4228] powermate: probe of 1-1:0.0 failed with error -22 [ 64.130120][ T4228] usb 1-1: USB disconnect, device number 6 [ 64.179923][ T4888] tipc: Enabled bearer , priority 0 [ 64.197313][ T4888] device syzkaller0 entered promiscuous mode [ 64.268810][ T4887] tipc: Resetting bearer [ 64.324622][ T4887] tipc: Disabling bearer [ 65.720575][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 65.727371][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.758399][ T4917] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 66.184353][ T4944] tipc: Enabled bearer , priority 0 [ 66.204250][ T4944] device syzkaller0 entered promiscuous mode [ 66.229217][ T4943] tipc: Resetting bearer [ 66.253708][ T4250] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 66.275623][ T4943] tipc: Disabling bearer [ 66.362790][ T4948] netlink: 'syz.2.226': attribute type 7 has an invalid length. [ 66.386981][ T4948] netlink: 32 bytes leftover after parsing attributes in process `syz.2.226'. [ 66.517142][ T4250] usb 5-1: Using ep0 maxpacket: 16 [ 66.547016][ T4953] device veth3 entered promiscuous mode [ 66.633611][ T4250] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 66.847723][ T4250] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 66.860266][ T4250] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 66.868854][ T4250] usb 5-1: Product: syz [ 66.873043][ T4250] usb 5-1: Manufacturer: syz [ 66.877866][ T4250] usb 5-1: SerialNumber: syz [ 66.890854][ T4250] usb 5-1: config 0 descriptor?? [ 67.057329][ T4968] mmap: syz.0.234 (4968) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 67.136676][ T4964] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.144621][ T4964] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.440016][ T4964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 67.485802][ T4964] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 67.676173][ T4964] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.685425][ T4964] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.694315][ T4964] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.703157][ T4964] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.788642][ T4976] tipc: Enabled bearer , priority 0 [ 67.859691][ T4976] tipc: Disabling bearer [ 68.303578][ T4228] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 68.538473][ T5008] usb 5-1: USB disconnect, device number 3 [ 69.783672][ T4228] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 69.838652][ T4228] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 69.879319][ T4228] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.923126][ T4228] usb 2-1: config 0 descriptor?? [ 70.051231][ T5047] overlayfs: failed to clone upperpath [ 70.072868][ T5051] device veth0 entered promiscuous mode [ 70.086383][ T4228] pwc: Askey VC010 type 2 USB webcam detected. [ 70.256809][ T5051] device veth0 left promiscuous mode [ 70.383752][ T5008] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 70.553781][ T4228] pwc: recv_control_msg error -32 req 02 val 2b00 [ 70.613642][ T4228] pwc: recv_control_msg error -32 req 02 val 2700 [ 70.656573][ T4228] pwc: recv_control_msg error -32 req 02 val 2c00 [ 70.673594][ T5008] usb 3-1: Using ep0 maxpacket: 32 [ 70.725531][ T7] cfg80211: failed to load regulatory.db [ 70.733886][ T4228] pwc: recv_control_msg error -32 req 04 val 1000 [ 71.253820][ T4228] pwc: recv_control_msg error -32 req 04 val 1300 [ 71.260406][ T5008] usb 3-1: config 0 has an invalid interface number: 182 but max is 0 [ 71.270403][ T5008] usb 3-1: config 0 has no interface number 0 [ 71.276814][ T5008] usb 3-1: config 0 interface 182 has no altsetting 0 [ 71.293502][ T4228] pwc: recv_control_msg error -32 req 04 val 1400 [ 71.353732][ T4228] pwc: recv_control_msg error -32 req 02 val 2000 [ 71.403764][ T4228] pwc: recv_control_msg error -32 req 02 val 2100 [ 71.514398][ T4228] pwc: recv_control_msg error -32 req 04 val 1500 [ 71.521408][ T5008] usb 3-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db [ 71.532864][ T5008] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.544049][ T5008] usb 3-1: Product: syz [ 71.548277][ T5008] usb 3-1: Manufacturer: syz [ 71.553328][ T5008] usb 3-1: SerialNumber: syz [ 71.566955][ T5008] usb 3-1: config 0 descriptor?? [ 71.617138][ T5008] hub 3-1:0.182: bad descriptor, ignoring hub [ 71.623348][ T5008] hub: probe of 3-1:0.182 failed with error -5 [ 71.783545][ T4228] pwc: recv_control_msg error -71 req 02 val 2400 [ 71.810488][ T4228] pwc: recv_control_msg error -71 req 02 val 2600 [ 71.843687][ T5008] kaweth 3-1:0.182: Firmware present in device. [ 71.853617][ T4228] pwc: recv_control_msg error -71 req 02 val 2900 [ 71.893489][ T4228] pwc: recv_control_msg error -71 req 02 val 2800 [ 71.923515][ T4228] pwc: recv_control_msg error -71 req 04 val 1100 [ 71.943494][ T4228] pwc: recv_control_msg error -71 req 04 val 1200 [ 71.953680][ T4228] pwc: Registered as video103. [ 71.959681][ T4228] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 71.985160][ T4228] usb 2-1: USB disconnect, device number 4 [ 72.043673][ T5008] kaweth 3-1:0.182: Statistics collection: 0 [ 72.049755][ T5008] kaweth 3-1:0.182: Multicast filter limit: 0 [ 72.055932][ T5008] kaweth 3-1:0.182: MTU: 0 [ 72.060362][ T5008] kaweth 3-1:0.182: Read MAC address 00:00:00:00:00:00 [ 72.163740][ T4981] usb 1-1: new low-speed USB device number 7 using dummy_hcd [ 72.533781][ T4981] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 72.606248][ T4981] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 72.610949][ T5008] kaweth: probe of 3-1:0.182 failed with error -5 [ 72.633325][ T4981] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 72.650006][ T4981] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 72.659494][ T4981] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 72.664330][ T5008] usb 3-1: USB disconnect, device number 5 [ 72.670667][ T4981] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 246 [ 72.775004][ T4376] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 72.934707][ T4981] usb 1-1: string descriptor 0 read error: -22 [ 72.942122][ T4981] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 72.979372][ T4981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.012802][ T4981] usb 1-1: config 0 descriptor?? [ 73.031681][ T5100] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 73.063962][ T4981] hub 1-1:0.0: bad descriptor, ignoring hub [ 73.065568][ T5100] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 73.069891][ T4981] hub: probe of 1-1:0.0 failed with error -5 [ 73.113491][ T4376] usb 5-1: Using ep0 maxpacket: 8 [ 73.424222][ T4376] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 73.434266][ T4376] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.449685][ T4376] usb 5-1: Product: syz [ 73.463789][ T4376] usb 5-1: Manufacturer: syz [ 73.473565][ T4376] usb 5-1: SerialNumber: syz [ 73.506559][ T4376] usb 5-1: config 0 descriptor?? [ 73.753600][ T4376] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 73.766267][ T4251] usb 1-1: USB disconnect, device number 7 [ 74.303565][ T4376] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 74.323646][ T4376] usb 5-1: USB disconnect, device number 4 [ 74.393550][ T5008] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 74.639910][ T5008] usb 2-1: Using ep0 maxpacket: 32 [ 74.943621][ T5008] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 75.041172][ T5008] usb 2-1: config 0 has no interface number 0 [ 75.180640][ T5008] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 75.303628][ T5008] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 75.329556][ T5008] usb 2-1: config 0 interface 85 has no altsetting 0 [ 75.410880][ T26] audit: type=1326 audit(1761716671.090:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.433019][ T26] audit: type=1326 audit(1761716671.100:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.456065][ T26] audit: type=1326 audit(1761716671.100:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.498124][ T26] audit: type=1326 audit(1761716671.100:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.539098][ T5008] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 75.550746][ T5008] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.559857][ T5008] usb 2-1: Product: syz [ 75.564118][ T5008] usb 2-1: Manufacturer: syz [ 75.573455][ T5008] usb 2-1: SerialNumber: syz [ 75.584721][ T5008] usb 2-1: config 0 descriptor?? [ 75.597624][ T26] audit: type=1326 audit(1761716671.100:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.626827][ T26] audit: type=1326 audit(1761716671.100:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.658166][ T26] audit: type=1326 audit(1761716671.100:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.684859][ T26] audit: type=1326 audit(1761716671.100:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.729961][ T26] audit: type=1326 audit(1761716671.100:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.761041][ T26] audit: type=1326 audit(1761716671.100:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5179 comm="syz.0.306" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1b08674fc9 code=0x7ffc0000 [ 75.843721][ T5008] appletouch 2-1:0.85: Failed to read mode from device. [ 75.850826][ T5008] appletouch: probe of 2-1:0.85 failed with error -5 [ 76.096220][ T5008] usb 2-1: USB disconnect, device number 5 [ 77.505470][ T5237] netlink: 12 bytes leftover after parsing attributes in process `syz.2.327'. [ 78.012908][ T5272] netlink: 12 bytes leftover after parsing attributes in process `syz.2.341'. [ 78.145948][ T1108] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 78.506740][ T4297] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 78.623526][ T1108] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 78.632578][ T1108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.642034][ T1108] usb 1-1: config 0 descriptor?? [ 78.763596][ T4376] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 78.813569][ T4250] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 79.003504][ T4376] usb 5-1: Using ep0 maxpacket: 16 [ 79.014401][ T7] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 79.043636][ T4297] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 79.052818][ T4297] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.060828][ T4297] usb 3-1: Product: syz [ 79.065281][ T4297] usb 3-1: Manufacturer: syz [ 79.069856][ T4297] usb 3-1: SerialNumber: syz [ 79.073430][ T4250] usb 2-1: Using ep0 maxpacket: 32 [ 79.080245][ T4297] usb 3-1: config 0 descriptor?? [ 79.125404][ T4297] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 79.163733][ T4376] usb 5-1: unable to get BOS descriptor or descriptor too short [ 79.263656][ T4376] usb 5-1: config 8 has an invalid interface number: 34 but max is 0 [ 79.271725][ T4376] usb 5-1: config 8 has no interface number 0 [ 79.278341][ T4376] usb 5-1: config 8 interface 34 altsetting 2 has an invalid endpoint with address 0x0, skipping [ 79.288898][ T4376] usb 5-1: config 8 interface 34 altsetting 2 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 79.299659][ T4376] usb 5-1: config 8 interface 34 has no altsetting 0 [ 79.363524][ T4250] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 79.372633][ T4250] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.383665][ T7] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 79.392695][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.403349][ T4250] usb 2-1: Product: syz [ 79.407555][ T4250] usb 2-1: Manufacturer: syz [ 79.412124][ T4250] usb 2-1: SerialNumber: syz [ 79.417825][ T7] usb 4-1: config 0 descriptor?? [ 79.425484][ T4250] usb 2-1: config 0 descriptor?? [ 79.454839][ T7] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 79.464571][ T4250] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 79.503585][ T4376] usb 5-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=e2.0c [ 79.512681][ T4376] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.520711][ T4376] usb 5-1: Product: syz [ 79.524893][ T4376] usb 5-1: Manufacturer: syz [ 79.529477][ T4376] usb 5-1: SerialNumber: syz [ 79.893488][ T7] gspca_cpia1: usb_control_msg 03, error -71 [ 79.913534][ T7] gspca_cpia1: usb_control_msg 01, error -71 [ 79.919540][ T7] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 79.930050][ T7] usb 4-1: USB disconnect, device number 5 [ 80.876891][ T4268] usb 3-1: USB disconnect, device number 6 [ 80.957719][ T1108] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 81.077204][ T1108] asix: probe of 1-1:0.0 failed with error -32 [ 81.157559][ T1108] usb 1-1: USB disconnect, device number 8 [ 81.448256][ T4376] usb 5-1: USB disconnect, device number 5 [ 81.473540][ T5008] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 81.483037][ T4376] ================================================================== [ 81.491300][ T4376] BUG: KASAN: use-after-free in hdm_disconnect+0x109/0x1c0 [ 81.498490][ T4376] Read of size 8 at addr ffff88805b451960 by task kworker/1:8/4376 [ 81.506376][ T4376] [ 81.508690][ T4376] CPU: 1 PID: 4376 Comm: kworker/1:8 Not tainted syzkaller #0 [ 81.516131][ T4376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 81.526173][ T4376] Workqueue: usb_hub_wq hub_event [ 81.531201][ T4376] Call Trace: [ 81.534467][ T4376] [ 81.537390][ T4376] dump_stack_lvl+0x168/0x230 [ 81.542072][ T4376] ? show_regs_print_info+0x20/0x20 [ 81.547703][ T4376] ? load_image+0x3b0/0x3b0 [ 81.552198][ T4376] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 81.557568][ T4376] print_address_description+0x60/0x2d0 [ 81.563107][ T4376] ? hdm_disconnect+0x109/0x1c0 [ 81.567945][ T4376] kasan_report+0xdf/0x130 [ 81.572349][ T4376] ? hdm_disconnect+0x109/0x1c0 [ 81.577200][ T4376] hdm_disconnect+0x109/0x1c0 [ 81.581868][ T4376] usb_unbind_interface+0x1ee/0x860 [ 81.587057][ T4376] ? usb_driver_release_interface+0x1b0/0x1b0 [ 81.593114][ T4376] device_release_driver_internal+0x4b4/0x750 [ 81.599175][ T4376] bus_remove_device+0x2e2/0x400 [ 81.604103][ T4376] device_del+0x628/0xa70 [ 81.608426][ T4376] ? kill_device+0x160/0x160 [ 81.613000][ T4376] ? kobject_put+0x424/0x460 [ 81.617583][ T4376] usb_disable_device+0x3e2/0x890 [ 81.622590][ T4376] usb_disconnect+0x348/0x8a0 [ 81.627244][ T4376] hub_event+0x1e9f/0x5560 [ 81.631660][ T4376] ? hub_post_resume+0x120/0x120 [ 81.636574][ T4376] ? read_lock_is_recursive+0x10/0x10 [ 81.641926][ T4376] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 81.647795][ T4376] ? _raw_spin_unlock+0x40/0x40 [ 81.652623][ T4376] ? _raw_spin_unlock_irq+0x1f/0x40 [ 81.657799][ T4376] process_one_work+0x863/0x1000 [ 81.662723][ T4376] ? worker_detach_from_pool+0x240/0x240 [ 81.668327][ T4376] ? lockdep_hardirqs_off+0x70/0x100 [ 81.673594][ T4376] ? _raw_spin_lock_irq+0xab/0xe0 [ 81.678591][ T4376] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 81.683939][ T4376] ? wq_worker_running+0x97/0x170 [ 81.688937][ T4376] worker_thread+0xdca/0x12a0 [ 81.693587][ T4376] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 81.699452][ T4376] ? lockdep_hardirqs_on+0x94/0x140 [ 81.704624][ T4376] ? lockdep_hardirqs_on+0x94/0x140 [ 81.709795][ T4376] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 81.715663][ T4376] kthread+0x436/0x520 [ 81.719705][ T4376] ? rcu_lock_release+0x20/0x20 [ 81.724526][ T4376] ? kthread_blkcg+0xd0/0xd0 [ 81.729089][ T4376] ret_from_fork+0x1f/0x30 [ 81.733491][ T4376] [ 81.736502][ T4376] [ 81.738804][ T4376] Allocated by task 4376: [ 81.743099][ T4376] __kasan_kmalloc+0xb5/0xf0 [ 81.747661][ T4376] hdm_probe+0x8f/0x13d0 [ 81.751878][ T4376] usb_probe_interface+0x5a0/0xaf0 [ 81.756960][ T4376] really_probe+0x284/0xc80 [ 81.761435][ T4376] __driver_probe_device+0x18c/0x330 [ 81.766690][ T4376] driver_probe_device+0x4f/0x420 [ 81.771684][ T4376] __device_attach_driver+0x2b0/0x500 [ 81.777027][ T4376] bus_for_each_drv+0x175/0x200 [ 81.781850][ T4376] __device_attach+0x29b/0x460 [ 81.786582][ T4376] bus_probe_device+0xbc/0x1e0 [ 81.791316][ T4376] device_add+0xa00/0xfb0 [ 81.795625][ T4376] usb_set_configuration+0x1991/0x1fd0 [ 81.801056][ T4376] usb_generic_driver_probe+0x89/0x150 [ 81.806484][ T4376] usb_probe_device+0x139/0x270 [ 81.811304][ T4376] really_probe+0x284/0xc80 [ 81.815778][ T4376] __driver_probe_device+0x18c/0x330 [ 81.821034][ T4376] driver_probe_device+0x4f/0x420 [ 81.826028][ T4376] __device_attach_driver+0x2b0/0x500 [ 81.831368][ T4376] bus_for_each_drv+0x175/0x200 [ 81.836188][ T4376] __device_attach+0x29b/0x460 [ 81.840921][ T4376] bus_probe_device+0xbc/0x1e0 [ 81.845655][ T4376] device_add+0xa00/0xfb0 [ 81.849956][ T4376] usb_new_device+0xd53/0x1640 [ 81.854692][ T4376] hub_event+0x2dd9/0x5560 [ 81.859079][ T4376] process_one_work+0x863/0x1000 [ 81.863986][ T4376] worker_thread+0xaa8/0x12a0 [ 81.868635][ T4376] kthread+0x436/0x520 [ 81.872679][ T4376] ret_from_fork+0x1f/0x30 [ 81.877088][ T4376] [ 81.879387][ T4376] Freed by task 4376: [ 81.883335][ T4376] kasan_set_track+0x4b/0x70 [ 81.887905][ T4376] kasan_set_free_info+0x1f/0x40 [ 81.892817][ T4376] ____kasan_slab_free+0xd5/0x110 [ 81.897811][ T4376] slab_free_freelist_hook+0xea/0x170 [ 81.903153][ T4376] kfree+0xef/0x2a0 [ 81.906932][ T4376] device_release+0x92/0x1c0 [ 81.911491][ T4376] kobject_put+0x21d/0x460 [ 81.915878][ T4376] hdm_disconnect+0xef/0x1c0 [ 81.920436][ T4376] usb_unbind_interface+0x1ee/0x860 [ 81.925605][ T4376] device_release_driver_internal+0x4b4/0x750 [ 81.931641][ T4376] bus_remove_device+0x2e2/0x400 [ 81.936546][ T4376] device_del+0x628/0xa70 [ 81.940846][ T4376] usb_disable_device+0x3e2/0x890 [ 81.945840][ T4376] usb_disconnect+0x348/0x8a0 [ 81.950491][ T4376] hub_event+0x1e9f/0x5560 [ 81.954886][ T4376] process_one_work+0x863/0x1000 [ 81.959799][ T4376] worker_thread+0xdca/0x12a0 [ 81.964459][ T4376] kthread+0x436/0x520 [ 81.968503][ T4376] ret_from_fork+0x1f/0x30 [ 81.972894][ T4376] [ 81.975194][ T4376] The buggy address belongs to the object at ffff88805b450000 [ 81.975194][ T4376] which belongs to the cache kmalloc-8k of size 8192 [ 81.989220][ T4376] The buggy address is located 6496 bytes inside of [ 81.989220][ T4376] 8192-byte region [ffff88805b450000, ffff88805b452000) [ 82.002641][ T4376] The buggy address belongs to the page: [ 82.008243][ T4376] page:ffffea00016d1400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b450 [ 82.018371][ T4376] head:ffffea00016d1400 order:3 compound_mapcount:0 compound_pincount:0 [ 82.026673][ T4376] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 82.034671][ T4376] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888016842280 [ 82.043259][ T4376] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 82.051840][ T4376] page dumped because: kasan: bad access detected [ 82.058248][ T4376] page_owner tracks the page as allocated [ 82.063957][ T4376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4380, ts 45487996747, free_ts 8089540267 [ 82.084369][ T4376] get_page_from_freelist+0x1b77/0x1c60 [ 82.089928][ T4376] __alloc_pages+0x1e1/0x470 [ 82.094527][ T4376] new_slab+0xc0/0x4b0 [ 82.098603][ T4376] ___slab_alloc+0x81e/0xdf0 [ 82.103195][ T4376] __kmalloc_node+0x200/0x3b0 [ 82.107869][ T4376] kvmalloc_node+0x84/0x130 [ 82.112377][ T4376] snd_pcm_plugin_alloc+0x19c/0x780 [ 82.117580][ T4376] snd_pcm_plug_alloc+0x1c7/0x270 [ 82.122612][ T4376] snd_pcm_oss_change_params_locked+0x281c/0x3e00 [ 82.129038][ T4376] snd_pcm_oss_get_active_substream+0x1dd/0x270 [ 82.135282][ T4376] snd_pcm_oss_set_channels+0x1b7/0x4d0 [ 82.140831][ T4376] snd_pcm_oss_ioctl+0xac9/0xc60 [ 82.145766][ T4376] __se_sys_ioctl+0xfa/0x170 [ 82.150365][ T4376] do_syscall_64+0x4c/0xa0 [ 82.154786][ T4376] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 82.160694][ T4376] page last free stack trace: [ 82.165369][ T4376] free_unref_page_prepare+0x637/0x6c0 [ 82.170835][ T4376] free_unref_page+0x94/0x280 [ 82.175517][ T4376] free_contig_range+0x96/0xf0 [ 82.180378][ T4376] destroy_args+0x100/0xa20 [ 82.184906][ T4376] debug_vm_pgtable+0x318/0x370 [ 82.189766][ T4376] do_one_initcall+0x1ee/0x680 [ 82.194537][ T4376] do_initcall_level+0x137/0x1f0 [ 82.199478][ T4376] do_initcalls+0x4b/0x90 [ 82.203810][ T4376] kernel_init_freeable+0x3ce/0x560 [ 82.209006][ T4376] kernel_init+0x19/0x1b0 [ 82.213342][ T4376] ret_from_fork+0x1f/0x30 [ 82.217757][ T4376] [ 82.220077][ T4376] Memory state around the buggy address: [ 82.225699][ T4376] ffff88805b451800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.233758][ T4376] ffff88805b451880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.241813][ T4376] >ffff88805b451900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.249863][ T4376] ^ [ 82.257049][ T4376] ffff88805b451980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.265101][ T4376] ffff88805b451a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.273152][ T4376] ================================================================== [ 82.281198][ T4376] Disabling lock debugging due to kernel taint [ 82.472953][ T4376] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 82.480195][ T4376] CPU: 1 PID: 4376 Comm: kworker/1:8 Tainted: G B syzkaller #0 [ 82.489058][ T4376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 82.499127][ T4376] Workqueue: usb_hub_wq hub_event [ 82.504172][ T4376] Call Trace: [ 82.507459][ T4376] [ 82.510398][ T4376] dump_stack_lvl+0x168/0x230 [ 82.515090][ T4376] ? show_regs_print_info+0x20/0x20 [ 82.520303][ T4376] ? load_image+0x3b0/0x3b0 [ 82.524828][ T4376] panic+0x2c9/0x7f0 [ 82.528735][ T4376] ? bpf_jit_dump+0xd0/0xd0 [ 82.533255][ T4376] ? _raw_spin_unlock_irqrestore+0xf6/0x100 [ 82.539160][ T4376] ? _raw_spin_unlock+0x40/0x40 [ 82.544024][ T4376] ? hdm_disconnect+0x109/0x1c0 [ 82.548884][ T4376] check_panic_on_warn+0x80/0xa0 [ 82.553835][ T4376] ? hdm_disconnect+0x109/0x1c0 [ 82.558695][ T4376] end_report+0x6d/0xf0 [ 82.562872][ T4376] kasan_report+0x102/0x130 [ 82.567403][ T4376] ? hdm_disconnect+0x109/0x1c0 [ 82.572268][ T4376] hdm_disconnect+0x109/0x1c0 [ 82.576963][ T4376] usb_unbind_interface+0x1ee/0x860 [ 82.582186][ T4376] ? usb_driver_release_interface+0x1b0/0x1b0 [ 82.588278][ T4376] device_release_driver_internal+0x4b4/0x750 [ 82.594368][ T4376] bus_remove_device+0x2e2/0x400 [ 82.599326][ T4376] device_del+0x628/0xa70 [ 82.603685][ T4376] ? kill_device+0x160/0x160 [ 82.608287][ T4376] ? kobject_put+0x424/0x460 [ 82.612899][ T4376] usb_disable_device+0x3e2/0x890 [ 82.617946][ T4376] usb_disconnect+0x348/0x8a0 [ 82.622643][ T4376] hub_event+0x1e9f/0x5560 [ 82.627098][ T4376] ? hub_post_resume+0x120/0x120 [ 82.632048][ T4376] ? read_lock_is_recursive+0x10/0x10 [ 82.637440][ T4376] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 82.643343][ T4376] ? _raw_spin_unlock+0x40/0x40 [ 82.648212][ T4376] ? _raw_spin_unlock_irq+0x1f/0x40 [ 82.653433][ T4376] process_one_work+0x863/0x1000 [ 82.658399][ T4376] ? worker_detach_from_pool+0x240/0x240 [ 82.664046][ T4376] ? lockdep_hardirqs_off+0x70/0x100 [ 82.669339][ T4376] ? _raw_spin_lock_irq+0xab/0xe0 [ 82.674355][ T4376] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 82.679738][ T4376] ? wq_worker_running+0x97/0x170 [ 82.684737][ T4376] worker_thread+0xdca/0x12a0 [ 82.689389][ T4376] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 82.695252][ T4376] ? lockdep_hardirqs_on+0x94/0x140 [ 82.700430][ T4376] ? lockdep_hardirqs_on+0x94/0x140 [ 82.705601][ T4376] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 82.711484][ T4376] kthread+0x436/0x520 [ 82.715525][ T4376] ? rcu_lock_release+0x20/0x20 [ 82.720346][ T4376] ? kthread_blkcg+0xd0/0xd0 [ 82.724917][ T4376] ret_from_fork+0x1f/0x30 [ 82.729321][ T4376] [ 82.732418][ T4376] Kernel Offset: disabled [ 82.736720][ T4376] Rebooting in 86400 seconds..