last executing test programs: 13.053231253s ago: executing program 3 (id=8545): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000700)={0x1d, r1, 0x3, {0x0, 0x1, 0x2}, 0xfe}, 0x18) bind$can_j1939(r0, &(0x7f0000000480)={0x1d, r1, 0x2, {0x2, 0xf0}, 0xfe}, 0x18) 12.924035253s ago: executing program 3 (id=8547): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x1}, 0x8) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x1}], 0x1}, 0x4000) 12.680704465s ago: executing program 3 (id=8552): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000240)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110) setsockopt$inet_group_source_req(r3, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) 11.147231542s ago: executing program 3 (id=8564): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b'], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe00181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, 0x0, 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) getsockopt$inet_mreq(r4, 0x0, 0x24, &(0x7f0000000040)={@multicast2, @empty}, &(0x7f00000000c0)=0x8) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x29501}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0xc, 0x1, 'BATMAN_V'}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240408d0}, 0x0) 10.910607885s ago: executing program 0 (id=8565): prlimit64(0x0, 0x1, &(0x7f0000000140)={0x8, 0x8c}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00') r1 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0) sendfile(r1, r0, 0x0, 0xffffffff) 10.825617784s ago: executing program 0 (id=8567): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000000), 0x0) 10.681777131s ago: executing program 0 (id=8569): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x3c}}, 0x0) 10.511541372s ago: executing program 0 (id=8571): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r0, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r0, &(0x7f0000000780)}, 0x20) 10.337975705s ago: executing program 0 (id=8573): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000040)=@newsa={0x114, 0x16, 0x1, 0x2000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x14, 0x6c}, @in=@empty=0x14, {0x0, 0x0, 0x0, 0xfffffff7ffffffff, 0x0, 0x0, 0x1000000000000000}, {0x0, 0x4}, {}, 0x0, 0x0, 0x2, 0x1, 0x6}, [@lifetime_val={0x24, 0x9, {0x1, 0x9, 0x7fff, 0x8000}}]}, 0x114}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) 10.280398438s ago: executing program 1 (id=8574): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000240)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110) setsockopt$inet_group_source_req(r3, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) 10.262282693s ago: executing program 0 (id=8575): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb324, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000500)={0x2c, &(0x7f00000002c0)={0x0, 0x23, 0x2d, {0x2d, 0x26, "acf5598e8aee105b8e3f2690435840502783f6855ca6673869e6db6b2e0b86daefbf6eb2ed30a1b9cf9bf3"}}, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x0, 0xc4, 0x1, 0xff, 0x7fff, 0x9}}}, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000040)={0x28, 0x1, r3, r2, 0x0, 0x0, 0x0, 0x62, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getuid() bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSW2(r7, 0x5408, &(0x7f0000000040)={0x2000, 0x0, 0x0, 0x0, 0x0, "23f50000adb4004408020e90d1beaa82dc1ecf", 0x3}) ioctl$TIOCGPGRP(r7, 0x5437, 0x0) ioctl$EXT4_IOC_GETSTATE(r7, 0x40046629, &(0x7f0000000140)) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003540)=[{{&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0}}], 0x1, 0x0) 10.076268464s ago: executing program 3 (id=8576): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622b"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGVERSION(r1, 0x80044801, &(0x7f0000000000)) 9.850399736s ago: executing program 4 (id=8577): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000000000207900011800000000000109022400010000000009040000010300000009210000000122020009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x5, "6df20d55"}]}}, 0x0}, 0x0) 9.621676479s ago: executing program 1 (id=8578): openat$rtc(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BLKPG(0xffffffffffffffff, 0x1269, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={0xffffffffffffffff, 0x800, {0x2a00, 0x80010000, 0x0, 0x3, 0x0, 0x0, 0x6, 0x14, 0x14, "fee8a2ab78ed179f91f8a0e91ddaaca7bd6447a458e00d9683dda1af1e629de2b781e6ea53000000000000000300", "2809e8dbe10859f327875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x16, 0xfffffffffffffffc]}}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 9.353060173s ago: executing program 2 (id=8580): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000700)={0x1d, r1, 0x3, {0x0, 0x1, 0x2}, 0xfe}, 0x18) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r1, 0x2, {0x2, 0xf0}, 0xfe}, 0x18) 9.247444451s ago: executing program 2 (id=8581): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x3c}}, 0x0) 9.052020157s ago: executing program 2 (id=8582): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'bridge0\x00', 0x0}) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000000)={0x4, 0x0, 0x0, r1}, 0xc) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x0, 0x5, r1, 0xffffff8f}, 0xc) 8.8790288s ago: executing program 2 (id=8583): pipe(0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1) close(0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss, @window], 0x5) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000001c0)={'ipvlan1\x00', &(0x7f00000000c0)=@ethtool_rxnfc={0x32, 0x11, 0xf, {0x12, @ether_spec={@empty, @random="321b287033fb", 0x4aa2}, {0x0, @remote, 0x5, 0x26a, [0x0, 0x7fffffff]}, @ah_ip4_spec={@dev={0xac, 0x14, 0x14, 0x22}, @empty, 0x800, 0x2}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x5, 0xfffb, [0x7, 0x8001]}, 0x7, 0x2b9}, 0x6, [0x200, 0x0, 0x7, 0x6, 0x5, 0x5]}}) sendmmsg$inet(r1, &(0x7f0000002000)=[{{&(0x7f0000000300)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000080)="6f0883", 0xfe92}], 0x1}}], 0x1, 0x2400c040) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xfffd, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f00000006c0)) 8.588707113s ago: executing program 1 (id=8584): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) ioctl$SNDCTL_SEQ_GETINCOUNT(r0, 0x80045105, 0x0) 8.463303282s ago: executing program 1 (id=8585): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000640)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, 0x0, 0x0) 8.244469389s ago: executing program 1 (id=8586): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 8.12102985s ago: executing program 3 (id=8587): syz_open_dev$usbfs(0x0, 0x76, 0x101301) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) modify_ldt$write(0x1, &(0x7f0000004180)={0x8, 0x20000000}, 0x10) modify_ldt$write(0x1, &(0x7f0000000000)={0x2, 0xffffffffffffffff, 0x0, 0x1}, 0x10) 8.044957729s ago: executing program 1 (id=8588): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000240)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110) setsockopt$inet_group_source_req(r3, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) 7.856355478s ago: executing program 2 (id=8589): sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0) unshare(0x68040200) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=@ipv4_delrule={0x1c, 0x21, 0x1}, 0x1c}}, 0x44044) 7.818246208s ago: executing program 4 (id=8590): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000240)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) 7.525461186s ago: executing program 4 (id=8591): bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000030000000000000000000400b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000700)={0x1d, r1, 0x3, {0x0, 0x1, 0x2}, 0xfe}, 0x18) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000480)={0x1d, r1, 0x2, {0x2, 0xf0}, 0xfe}, 0x18) 7.299452273s ago: executing program 4 (id=8592): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000540)="2605", 0x2, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000740)={0x2, 0x9, 0x3, 0x7, 0x3, 0x18, 0x2, 0x6}, 0x20) 7.265738499s ago: executing program 2 (id=8593): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x2], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 7.159318742s ago: executing program 4 (id=8594): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000a80)=[{{0x0, 0x0, &(0x7f0000000580)=[{0x0}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 0s ago: executing program 4 (id=8595): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000380)='d', 0x1}], 0x1}, 0x8000) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000000)="cc3eeb2e2fff91980cd4211fb81a1dfc5f4350a64fdbb8631d813b6ab9c76cd2", 0x20}], 0x1) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1) kernel console output (not intermixed with test programs): s in process `syz.3.5613'. [ 3078.557002][ T5352] tipc: Started in network mode [ 3078.571071][ T5352] tipc: Node identity d2a7a5ee21c3, cluster identity 4711 [ 3078.578949][ T5352] tipc: Enabled bearer , priority 10 [ 3078.969935][ C0] Unknown status report in ack skb [ 3079.081555][ T5370] netlink: 52 bytes leftover after parsing attributes in process `syz.2.5628'. [ 3079.112659][ T5370] bridge0: port 2(bridge_slave_1) entered disabled state [ 3079.121746][ T5370] bridge0: port 1(bridge_slave_0) entered disabled state [ 3079.691098][T31427] tipc: Node number set to 4083459566 [ 3079.816451][ T5405] netlink: 1360 bytes leftover after parsing attributes in process `syz.1.5644'. [ 3079.867248][ T5408] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.5645'. [ 3080.415708][ T5431] !: renamed from dummy0 (while UP) [ 3080.670053][ T5436] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.5659'. [ 3080.991852][ T5444] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5663'. [ 3081.191435][ T5449] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5665'. [ 3081.541423][ T5460] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5671'. [ 3081.572477][ T5463] netlink: 1360 bytes leftover after parsing attributes in process `syz.0.5672'. [ 3083.076836][ T5526] netlink: 92 bytes leftover after parsing attributes in process `syz.2.5700'. [ 3083.303760][ T5533] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.5703'. [ 3083.577433][ T5542] Unknown status report in ack skb [ 3083.765988][ T5551] netlink: 92 bytes leftover after parsing attributes in process `syz.0.5713'. [ 3084.523242][ T5566] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.5719'. [ 3085.118399][ C0] Unknown status report in ack skb [ 3085.701922][ T5614] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5738'. [ 3086.622403][ T5653] netlink: 52 bytes leftover after parsing attributes in process `syz.2.5755'. [ 3087.366290][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 3087.372871][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 3087.644982][ T5682] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5768'. [ 3089.235116][ T5682] bridge0: port 2(bridge_slave_1) entered disabled state [ 3089.244546][ T5682] bridge0: port 1(bridge_slave_0) entered disabled state [ 3089.533889][ T5693] netlink: 'syz.4.5772': attribute type 3 has an invalid length. [ 3089.579569][ T5693] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.5772'. [ 3089.960542][ T5715] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.5783'. [ 3090.645918][ T5742] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5798'. [ 3090.886055][ T5754] netlink: 92 bytes leftover after parsing attributes in process `syz.3.5803'. [ 3090.904297][ T5752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5801'. [ 3091.110247][ T5765] netlink: 'syz.3.5805': attribute type 3 has an invalid length. [ 3091.141190][ T5765] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5805'. [ 3091.510824][ T5778] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5813'. [ 3092.861970][ T5816] netlink: 'syz.3.5829': attribute type 3 has an invalid length. [ 3092.899958][ T5816] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5829'. [ 3093.110199][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 3094.465419][ T5878] netlink: 'syz.2.5853': attribute type 3 has an invalid length. [ 3094.489157][ T5878] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.5853'. [ 3096.084455][ T5930] netlink: 'syz.4.5878': attribute type 3 has an invalid length. [ 3096.139212][ T5930] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.5878'. [ 3097.485366][ T5975] netlink: 'syz.0.5900': attribute type 3 has an invalid length. [ 3097.496100][ T5975] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.5900'. [ 3098.417489][ C1] hrtimer: interrupt took 64867041 ns [ 3098.588518][ T6009] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5917'. [ 3098.843380][ T6021] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 3099.024428][ T6031] netlink: 'syz.3.5926': attribute type 3 has an invalid length. [ 3099.033255][ T6031] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5926'. [ 3099.330314][ T6044] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.5934'. [ 3099.675371][ T3531] Bluetooth: hci0: command 0x0406 tx timeout [ 3099.911056][ T6065] Set syz1 is full, maxelem 0 reached [ 3099.974111][ T6069] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5946'. [ 3100.416404][ T6087] openvswitch: netlink: Flow key attr not present in new flow. [ 3100.578395][ T6093] tipc: Started in network mode [ 3100.589556][ T6093] tipc: Node identity cec736663417, cluster identity 4711 [ 3100.611764][ T6093] tipc: Enabled bearer , priority 10 [ 3100.670109][ T6098] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.5959'. [ 3100.824006][ T6104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5964'. [ 3101.344046][ T6127] netlink: 84 bytes leftover after parsing attributes in process `syz.3.5975'. [ 3101.538677][ T6133] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5977'. [ 3101.609179][T26174] tipc: Node number set to 4207949414 [ 3102.083702][ T6155] netlink: 84 bytes leftover after parsing attributes in process `syz.1.5988'. [ 3102.160779][ T6157] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5989'. [ 3102.336699][ T6163] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5991'. [ 3103.116956][ T6192] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6006'. [ 3104.314290][ T6219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6018'. [ 3104.608919][ T6230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6023'. [ 3105.085137][ T6246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6031'. [ 3106.327290][ T6294] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6054'. [ 3106.609663][ T6304] Set syz1 is full, maxelem 0 reached [ 3107.736276][ T6334] netlink: 'syz.2.6074': attribute type 2 has an invalid length. [ 3107.763490][ T6334] netlink: 'syz.2.6074': attribute type 2 has an invalid length. [ 3107.866596][ T6338] Set syz1 is full, maxelem 0 reached [ 3108.511534][ T6365] Set syz1 is full, maxelem 0 reached [ 3108.686734][ T6374] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6093'. [ 3108.818041][ T6379] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.6095'. [ 3109.100763][ T6392] Set syz1 is full, maxelem 0 reached [ 3109.253382][ T6400] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6105'. [ 3109.440172][ T6404] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.6108'. [ 3110.312754][ T6445] netlink: 'syz.3.6125': attribute type 3 has an invalid length. [ 3110.321066][ T6445] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.6125'. [ 3110.813175][ T6461] bridge_slave_0: left allmulticast mode [ 3110.819071][ T6461] bridge_slave_0: left promiscuous mode [ 3110.824946][ T6461] bridge0: port 1(bridge_slave_0) entered disabled state [ 3110.862958][ T6461] bridge_slave_1: left allmulticast mode [ 3110.876998][ T6461] bridge_slave_1: left promiscuous mode [ 3110.888452][ T6461] bridge0: port 2(bridge_slave_1) entered disabled state [ 3110.937693][ T6466] netlink: 'syz.4.6134': attribute type 1 has an invalid length. [ 3110.951043][ T6466] netlink: 'syz.4.6134': attribute type 3 has an invalid length. [ 3110.952807][ T6461] bond0: (slave bond_slave_0): Releasing backup interface [ 3111.011627][ T6461] bond0: (slave bond_slave_1): Releasing backup interface [ 3111.064414][ T6461] team0: Port device team_slave_0 removed [ 3111.095902][ T6461] team0: Port device team_slave_1 removed [ 3111.137849][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3111.165633][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3111.187317][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3111.211462][ T6473] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.6139'. [ 3111.243100][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3111.699759][ T6492] netlink: 'syz.1.6148': attribute type 1 has an invalid length. [ 3111.721727][ T6492] netlink: 'syz.1.6148': attribute type 3 has an invalid length. [ 3112.025140][ T6501] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.6152'. [ 3112.188926][ T6511] Set syz1 is full, maxelem 0 reached [ 3113.520683][ T6568] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6186'. [ 3113.642443][ T6575] netlink: 'syz.1.6188': attribute type 4 has an invalid length. [ 3113.667230][ T6575] netlink: 'syz.1.6188': attribute type 4 has an invalid length. [ 3114.117494][ T6593] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6198'. [ 3114.841726][ T6627] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.6215'. [ 3115.160045][ T6639] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6221'. [ 3115.786808][ T6663] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6231'. [ 3117.097410][ T6702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6248'. [ 3119.180563][ T6778] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6283'. [ 3119.782629][ T6806] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6297'. [ 3120.703139][ T6836] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6311'. [ 3120.725791][ T6837] netlink: 'syz.2.6312': attribute type 12 has an invalid length. [ 3121.490723][ T6863] netlink: 'syz.4.6324': attribute type 72 has an invalid length. [ 3121.516954][ T6863] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6324'. [ 3122.031774][ T6889] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6336'. [ 3122.121115][ T6892] netlink: 176 bytes leftover after parsing attributes in process `syz.3.6338'. [ 3122.171323][ T6892] netlink: 72 bytes leftover after parsing attributes in process `syz.3.6338'. [ 3122.769453][ T6920] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6351'. [ 3123.081290][ T6936] Set syz1 is full, maxelem 0 reached [ 3123.639281][ T6962] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6372'. [ 3124.185047][ T6989] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6384'. [ 3124.259719][ T6991] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6386'. [ 3124.553530][ T7006] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6393'. [ 3124.883456][ T7022] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6400'. [ 3125.338756][ T7041] netlink: 1432 bytes leftover after parsing attributes in process `syz.0.6408'. [ 3125.487632][ T7048] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6413'. [ 3125.537663][ T7052] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6415'. [ 3125.600901][ T7054] Set syz1 is full, maxelem 0 reached [ 3125.970367][ T7067] xt_policy: neither incoming nor outgoing policy selected [ 3126.938859][ T7083] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6427'. [ 3127.194498][ T7090] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6430'. [ 3127.536054][ T7105] netlink: 1432 bytes leftover after parsing attributes in process `syz.0.6436'. [ 3127.714687][ T7110] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6439'. [ 3129.976492][ T7197] __nla_validate_parse: 1 callbacks suppressed [ 3129.976516][ T7197] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.6476'. [ 3130.389224][ T3531] Bluetooth: hci3: command 0x0406 tx timeout [ 3130.666235][ T7222] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 3130.666582][T26174] IPVS: starting estimator thread 0... [ 3130.757373][ T7230] netlink: 44 bytes leftover after parsing attributes in process `syz.0.6492'. [ 3130.769097][ T7227] IPVS: using max 24 ests per chain, 57600 per kthread [ 3131.059472][ T7238] netlink: 84 bytes leftover after parsing attributes in process `syz.2.6495'. [ 3132.004568][ T7265] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6507'. [ 3133.439712][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 3134.700579][ T7358] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6551'. [ 3135.326686][ T7392] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6567'. [ 3135.853251][ T7416] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6579'. [ 3136.494546][ T7444] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.6592'. [ 3137.100544][ T7475] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6608'. [ 3137.969700][ T7508] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6621'. [ 3138.306521][ T7517] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6627'. [ 3141.857386][ T7592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6660'. [ 3142.296507][ T7606] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.6666'. [ 3142.414320][ T7610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6668'. [ 3143.378088][ T7646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6685'. [ 3143.889243][ T7673] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6698'. [ 3144.148165][ T7685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6703'. [ 3144.775884][ T7703] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6711'. [ 3144.997165][ T7713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6714'. [ 3145.408183][ T7730] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6722'. [ 3145.686709][ T7748] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6731'. [ 3147.282895][ T7824] __nla_validate_parse: 3 callbacks suppressed [ 3147.282918][ T7824] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6767'. [ 3147.570994][ T7832] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6770'. [ 3148.805523][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 3148.812500][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 3149.830245][ T7932] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6817'. [ 3155.991992][ T3531] Bluetooth: hci5: command 0x0406 tx timeout [ 3156.192916][ T8195] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.6940'. [ 3160.986329][ T8354] IPVS: length: 24 != 16106127384 [ 3161.795612][ T8384] sit0: entered promiscuous mode [ 3161.853929][ T8384] netlink: 'syz.0.7022': attribute type 1 has an invalid length. [ 3161.897914][ T8384] netlink: 1 bytes leftover after parsing attributes in process `syz.0.7022'. [ 3162.204993][ T8403] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.7033'. [ 3162.965597][ T8432] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.7047'. [ 3163.676673][ T8464] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7063'. [ 3164.151907][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 3164.613390][ T8505] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7082'. [ 3165.533797][ T8540] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7097'. [ 3166.522773][ T8575] netlink: 'syz.0.7111': attribute type 4 has an invalid length. [ 3169.173607][ T8685] netlink: 52 bytes leftover after parsing attributes in process `syz.2.7164'. [ 3169.753980][ T8707] netlink: 176 bytes leftover after parsing attributes in process `syz.3.7175'. [ 3169.784114][ T8707] netlink: 72 bytes leftover after parsing attributes in process `syz.3.7175'. [ 3170.574096][ T8745] netlink: 176 bytes leftover after parsing attributes in process `syz.4.7193'. [ 3170.587001][ T8745] netlink: 72 bytes leftover after parsing attributes in process `syz.4.7193'. [ 3172.792580][ T8830] netlink: 392 bytes leftover after parsing attributes in process `syz.0.7232'. [ 3173.142362][ T8846] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7239'. [ 3173.273408][ T8852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7239'. [ 3174.697681][ T8910] netlink: 100 bytes leftover after parsing attributes in process `syz.4.7269'. [ 3175.575772][ T8952] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7289'. [ 3176.473174][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 3176.992498][ T9014] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7316'. [ 3178.621539][ T9095] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7356'. [ 3180.703515][ T9191] tipc: Enabling of bearer rejected, failed to enable media [ 3181.347337][ T9220] netlink: 22 bytes leftover after parsing attributes in process `syz.4.7411'. [ 3183.355939][ T9279] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7439'. [ 3184.720713][ T9341] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7471'. [ 3185.325831][ T9370] netlink: 22 bytes leftover after parsing attributes in process `syz.4.7485'. [ 3186.195135][ T9405] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7501'. [ 3186.208815][ T9405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7501'. [ 3186.709106][ T3531] Bluetooth: hci2: command 0x0406 tx timeout [ 3187.302109][ T9439] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7514'. [ 3187.328525][ T9439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7514'. [ 3188.010472][ T9474] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7530'. [ 3188.059092][ T9476] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7532'. [ 3188.071269][ T9474] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7530'. [ 3188.221016][ T9483] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7536'. [ 3188.252022][ T9484] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7534'. [ 3188.731452][ T9505] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7546'. [ 3188.744646][ T9504] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7545'. [ 3188.857027][ T9504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7545'. [ 3189.532569][ T9544] Dead loop on virtual device ip6_vti0, fix it urgently! [ 3193.327670][ T9699] netlink: 'syz.1.7637': attribute type 29 has an invalid length. [ 3193.374070][ T9699] netlink: 'syz.1.7637': attribute type 29 has an invalid length. [ 3193.399845][ T9699] netlink: 'syz.1.7637': attribute type 29 has an invalid length. [ 3193.419651][ T9699] netlink: 'syz.1.7637': attribute type 29 has an invalid length. [ 3193.701727][ T9717] __nla_validate_parse: 1 callbacks suppressed [ 3193.701749][ T9717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7647'. [ 3194.965662][ T9776] netlink: 160 bytes leftover after parsing attributes in process `syz.1.7664'. [ 3197.598298][ T9798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7673'. [ 3197.780541][ T9808] syz.3.7677: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 3197.798221][ T9808] CPU: 0 UID: 0 PID: 9808 Comm: syz.3.7677 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 3197.798253][ T9808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3197.798269][ T9808] Call Trace: [ 3197.798280][ T9808] [ 3197.798291][ T9808] dump_stack_lvl+0x189/0x250 [ 3197.798491][ T9808] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3197.798527][ T9808] ? __pfx__printk+0x10/0x10 [ 3197.798553][ T9808] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 3197.798600][ T9808] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 3197.798627][ T9808] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 3197.798655][ T9808] warn_alloc+0x214/0x310 [ 3197.798763][ T9808] ? stack_depot_save_flags+0x429/0x900 [ 3197.798886][ T9808] ? __pfx_warn_alloc+0x10/0x10 [ 3197.798919][ T9808] ? kasan_save_track+0x4f/0x80 [ 3197.799007][ T9808] ? xskq_create+0x56/0x170 [ 3197.799120][ T9808] ? xsk_init_queue+0xb0/0x110 [ 3197.799147][ T9808] ? xsk_setsockopt+0x4de/0x710 [ 3197.799182][ T9808] ? do_sock_setsockopt+0x257/0x3e0 [ 3197.799282][ T9808] ? __ia32_sys_setsockopt+0x18b/0x220 [ 3197.799307][ T9808] ? __do_fast_syscall_32+0xb6/0x2b0 [ 3197.799387][ T9808] ? do_fast_syscall_32+0x34/0x80 [ 3197.799430][ T9808] __vmalloc_node_range_noprof+0x125/0x12f0 [ 3197.799520][ T9808] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 3197.799549][ T9808] ? xskq_create+0x56/0x170 [ 3197.799582][ T9808] ? __kasan_kmalloc+0x93/0xb0 [ 3197.799630][ T9808] vmalloc_user_noprof+0xad/0xf0 [ 3197.799656][ T9808] ? xskq_create+0xbf/0x170 [ 3197.799687][ T9808] xskq_create+0xbf/0x170 [ 3197.799722][ T9808] xsk_init_queue+0xb0/0x110 [ 3197.799755][ T9808] xsk_setsockopt+0x4de/0x710 [ 3197.799787][ T9808] ? __pfx_xsk_setsockopt+0x10/0x10 [ 3197.799816][ T9808] ? __lock_acquire+0xab9/0xd20 [ 3197.799871][ T9808] ? aa_sock_opt_perm+0x74/0x110 [ 3197.799968][ T9808] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 3197.800045][ T9808] ? __pfx_xsk_setsockopt+0x10/0x10 [ 3197.800075][ T9808] do_sock_setsockopt+0x257/0x3e0 [ 3197.800105][ T9808] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 3197.800128][ T9808] ? __fget_files+0x2a/0x420 [ 3197.800200][ T9808] ? __fget_files+0x3a0/0x420 [ 3197.800224][ T9808] ? __fget_files+0x2a/0x420 [ 3197.800259][ T9808] __ia32_sys_setsockopt+0x18b/0x220 [ 3197.800292][ T9808] __do_fast_syscall_32+0xb6/0x2b0 [ 3197.800327][ T9808] ? lockdep_hardirqs_on+0x9c/0x150 [ 3197.800385][ T9808] do_fast_syscall_32+0x34/0x80 [ 3197.800418][ T9808] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 3197.800467][ T9808] RIP: 0023:0xf70ae539 [ 3197.800488][ T9808] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 3197.800509][ T9808] RSP: 002b:00000000f509e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 3197.800533][ T9808] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000011b [ 3197.800556][ T9808] RDX: 0000000000000002 RSI: 0000000080000900 RDI: 0000000000000004 [ 3197.800579][ T9808] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3197.800592][ T9808] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 3197.800605][ T9808] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3197.800638][ T9808] [ 3198.209395][ T9808] Mem-Info: [ 3198.212759][ T9808] active_anon:5067 inactive_anon:0 isolated_anon:0 [ 3198.212759][ T9808] active_file:11674 inactive_file:41039 isolated_file:0 [ 3198.212759][ T9808] unevictable:768 dirty:167 writeback:0 [ 3198.212759][ T9808] slab_reclaimable:6847 slab_unreclaimable:102764 [ 3198.212759][ T9808] mapped:29767 shmem:1362 pagetables:1157 [ 3198.212759][ T9808] sec_pagetables:0 bounce:0 [ 3198.212759][ T9808] kernel_misc_reclaimable:0 [ 3198.212759][ T9808] free:1301492 free_pcp:15390 free_cma:0 [ 3198.259939][ T9816] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7679'. [ 3198.286239][ T9811] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7679'. [ 3198.296638][ T9808] Node 0 active_anon:20268kB inactive_anon:0kB active_file:46696kB inactive_file:163952kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119068kB dirty:668kB writeback:0kB shmem:3912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10592kB pagetables:4460kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3198.331783][ T9808] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3198.368219][ T9808] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3198.399102][ T9808] lowmem_reserve[]: 0 2501 2502 2502 2502 [ 3198.405007][ T9808] Node 0 DMA32 free:1287408kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:20120kB inactive_anon:0kB active_file:46696kB inactive_file:162124kB unevictable:1536kB writepending:668kB present:3129332kB managed:2561144kB mlocked:0kB bounce:0kB free_pcp:41380kB local_pcp:21044kB free_cma:0kB [ 3198.437957][ T9808] lowmem_reserve[]: 0 0 1 1 1 [ 3198.443089][ T9808] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 3198.500343][ T9808] lowmem_reserve[]: 0 0 0 0 0 [ 3198.509470][ T9808] Node 1 Normal free:3903584kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20368kB local_pcp:10436kB free_cma:0kB [ 3198.594292][ T9823] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.7683'. [ 3198.603674][ T9808] lowmem_reserve[]: 0 0 0 0 0 [ 3198.608492][ T9808] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 3198.669477][ T9808] Node 0 DMA32: 712*4kB (UME) 483*8kB (UME) 687*16kB (UME) 593*32kB (UME) 293*64kB (UME) 96*128kB (UME) 40*256kB (UME) 25*512kB (UME) 23*1024kB (UM) 13*2048kB (UME) 280*4096kB (UM) = 1287816kB [ 3198.718488][ T9808] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3198.736858][ T9808] Node 1 Normal: 170*4kB (U) 55*8kB (UM) 44*16kB (UME) 166*32kB (UME) 42*64kB (UME) 14*128kB (UME) 3*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 2*2048kB (UE) 948*4096kB (M) = 3903584kB [ 3198.759830][ T9808] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3198.769969][ T9808] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 3198.779736][ T9808] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3198.781787][ T9828] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7686'. [ 3198.824353][ T9808] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3198.857276][ T9808] 54071 total pagecache pages [ 3198.871134][ T9808] 0 pages in swap cache [ 3198.885633][ T9808] Free swap = 124996kB [ 3198.897705][ T9808] Total swap = 124996kB [ 3198.908912][ T9808] 2097051 pages RAM [ 3198.915542][ T9808] 0 pages HighMem/MovableOnly [ 3198.936659][ T9808] 424659 pages reserved [ 3198.956209][ T9808] 0 pages cma reserved [ 3200.149633][ T9888] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7712'. [ 3200.203385][ T9884] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7712'. [ 3200.250647][ T9890] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7712'. [ 3200.581499][ T9909] sock: sock_set_timeout: `syz.4.7721' (pid 9909) tries to set negative timeout [ 3203.215536][ T9999] ALSA: seq fatal error: cannot create timer (-22) [ 3203.715760][T10012] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7769'. [ 3204.239443][T25775] usb 5-1: new high-speed USB device number 122 using dummy_hcd [ 3204.276323][T10035] binder: 10034:10035 ioctl c0306201 80000080 returned -22 [ 3204.412061][T25775] usb 5-1: Using ep0 maxpacket: 16 [ 3204.422770][T25775] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3204.439083][T25775] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 3204.459327][T25775] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 3204.491995][T25775] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 3204.507957][T25775] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 3204.529193][T25775] usb 5-1: Manufacturer: syz [ 3204.540112][T25775] usb 5-1: config 0 descriptor?? [ 3204.650525][ T5894] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 3204.821942][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3204.839214][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 3204.856372][T10055] netlink: 'syz.0.7788': attribute type 4 has an invalid length. [ 3204.859465][ T5894] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 3204.876329][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7788'. [ 3204.901816][ T5894] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 3204.915297][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3204.927726][ T5894] usb 3-1: Product: syz [ 3204.932697][ T5894] usb 3-1: Manufacturer: syz [ 3204.937548][ T5894] usb 3-1: SerialNumber: syz [ 3204.966421][ T5894] usb 3-1: config 0 descriptor?? [ 3207.029641][T25775] usb 5-1: USB disconnect, device number 122 [ 3207.736353][T10092] netlink: 'syz.3.7795': attribute type 1 has an invalid length. [ 3208.049530][T31427] usb 3-1: USB disconnect, device number 12 [ 3208.296426][T10096] netlink: 276 bytes leftover after parsing attributes in process `syz.4.7800'. [ 3209.302007][ T5839] Bluetooth: hci5: unexpected event for opcode 0x1004 [ 3210.245036][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 3210.251598][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 3211.839842][T10155] netlink: 'syz.4.7823': attribute type 27 has an invalid length. [ 3211.931573][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3211.952981][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3211.979392][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3212.069795][T10169] netlink: 'syz.0.7826': attribute type 2 has an invalid length. [ 3212.220019][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3212.359163][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3212.415169][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3212.862113][T10155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3212.926405][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3212.945935][T10155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3213.004040][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3213.016739][T10161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7823'. [ 3213.241944][T10155] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3213.257419][T10155] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3213.266552][T10155] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3213.278763][T10155] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3213.335998][T10155] tipc: Resetting bearer [ 3213.353507][ T5839] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 3213.365037][ T5839] Bluetooth: hci5: Injecting HCI hardware error event [ 3213.373804][ T5839] Bluetooth: hci5: hardware error 0x00 [ 3215.272114][T10248] warning: `syz.0.7842' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 3215.489007][ T5839] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 3217.339325][T10181] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 3217.350186][T10290] netlink: 'syz.4.7870': attribute type 27 has an invalid length. [ 3217.447655][T10292] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7871'. [ 3217.459430][T10292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7871'. [ 3217.510103][T10181] usb 1-1: Using ep0 maxpacket: 8 [ 3217.518158][T10181] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 3217.527348][T10181] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 3217.547632][T10181] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 3217.565019][T10181] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 3217.576436][T10181] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 3217.591169][T10181] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 3217.609139][T10181] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3217.875682][T10181] usb 1-1: GET_CAPABILITIES returned 0 [ 3217.901955][T10181] usbtmc 1-1:16.0: can't read capabilities [ 3218.165897][ T9] usb 1-1: USB disconnect, device number 8 [ 3218.174973][T10279] usbtmc 1-1:16.0: usb_control_msg returned -71 [ 3218.736579][T10181] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 3218.927644][T10181] usb 2-1: Using ep0 maxpacket: 16 [ 3218.955093][T10181] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 3218.991465][T10181] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 3219.015577][T10181] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3219.047377][T10181] usb 2-1: config 0 descriptor?? [ 3219.234818][T10317] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7880'. [ 3219.375574][T10320] sctp: [Deprecated]: syz.2.7882 (pid 10320) Use of int in max_burst socket option. [ 3219.375574][T10320] Use struct sctp_assoc_value instead [ 3219.493548][T10309] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7877'. [ 3220.043773][T10332] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551614) [ 3220.432366][T10181] usbhid 2-1:0.0: can't add hid device: -71 [ 3220.452786][T10181] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 3220.514157][T10181] usb 2-1: USB disconnect, device number 119 [ 3220.619117][T10193] usb 5-1: new high-speed USB device number 123 using dummy_hcd [ 3220.793154][T10193] usb 5-1: Using ep0 maxpacket: 32 [ 3220.824699][T10193] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 3220.834130][T10193] usb 5-1: config 0 has no interface number 0 [ 3220.845851][T10193] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 3220.865897][T10193] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3220.906306][T10193] usb 5-1: Product: syz [ 3220.922390][T10193] usb 5-1: Manufacturer: syz [ 3220.938275][T10193] usb 5-1: SerialNumber: syz [ 3221.012329][T10193] usb 5-1: config 0 descriptor?? [ 3221.041523][T10193] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 3221.073725][T10193] usb 5-1: selecting invalid altsetting 1 [ 3221.091279][T10193] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 3221.184855][T10193] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 3221.239379][T10193] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 3221.639613][T10193] usb 5-1: media controller created [ 3221.726541][T10193] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 3221.990465][T10367] netlink: 112 bytes leftover after parsing attributes in process `syz.1.7900'. [ 3222.309441][T10338] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 3222.399154][T10193] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 3222.424739][T10193] zl10353_read_register: readreg error (reg=127, ret==-71) [ 3222.439873][T10193] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 3222.647369][T10193] usb 5-1: USB disconnect, device number 123 [ 3223.119336][T10399] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7907'. [ 3223.969464][ T3531] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 3223.980889][ T3531] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 3223.989641][ T3531] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 3223.997815][ T3531] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 3224.007177][ T3531] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 3224.570391][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 3224.570411][ T30] audit: type=1326 audit(1749058987.765:33780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.3.7921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 3224.674001][ T30] audit: type=1326 audit(1749058987.765:33781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.3.7921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 3224.735216][ T30] audit: type=1326 audit(1749058987.765:33782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.3.7921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=42 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 3224.810844][ T30] audit: type=1326 audit(1749058987.765:33783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.3.7921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 3224.865129][T32560] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3224.866241][ T30] audit: type=1326 audit(1749058987.765:33784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.3.7921" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000 [ 3225.071139][T32560] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3225.196383][T32560] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3225.278794][T32560] tipc: Resetting bearer [ 3225.315495][T32560] tipc: Disabling bearer [ 3225.324620][T32560] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3225.542901][T10423] chnl_net:caif_netlink_parms(): no params data found [ 3225.573018][T32560] bridge_slave_1: left allmulticast mode [ 3225.580379][T32560] bridge_slave_1: left promiscuous mode [ 3225.586479][T32560] bridge0: port 2(bridge_slave_1) entered disabled state [ 3225.598616][T32560] bridge_slave_0: left allmulticast mode [ 3225.606584][T32560] bridge_slave_0: left promiscuous mode [ 3225.612901][T32560] bridge0: port 1(bridge_slave_0) entered disabled state [ 3226.023892][T32560] batman_adv: batadv0: Removing interface: gretap1 [ 3226.070093][ T3531] Bluetooth: hci4: command tx timeout [ 3227.063011][T10491] IPv6: Can't replace route, no match found [ 3227.113539][T32560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3227.132154][T32560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3227.161756][T32560] bond0 (unregistering): Released all slaves [ 3227.208749][T10494] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7947'. [ 3227.242423][T10494] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7947'. [ 3227.375198][T32560] tipc: Left network mode [ 3227.598325][T10423] bridge0: port 1(bridge_slave_0) entered blocking state [ 3227.619786][T10508] netlink: 100 bytes leftover after parsing attributes in process `syz.3.7950'. [ 3227.637940][T10423] bridge0: port 1(bridge_slave_0) entered disabled state [ 3227.653987][T10423] bridge_slave_0: entered allmulticast mode [ 3227.674448][T10423] bridge_slave_0: entered promiscuous mode [ 3227.930419][T10423] bridge0: port 2(bridge_slave_1) entered blocking state [ 3227.937740][T10423] bridge0: port 2(bridge_slave_1) entered disabled state [ 3228.090180][T10423] bridge_slave_1: entered allmulticast mode [ 3228.098571][T10423] bridge_slave_1: entered promiscuous mode [ 3228.150515][ T3531] Bluetooth: hci4: command tx timeout [ 3228.432374][T10423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3228.475123][T10423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3228.641293][T32560] hsr_slave_0: left promiscuous mode [ 3228.647643][T32560] hsr_slave_1: left promiscuous mode [ 3228.666115][T32560] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3228.693170][T32560] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3228.721844][T32560] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3228.736509][T10539] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7960'. [ 3228.745137][T32560] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3228.806836][T10541] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7960'. [ 3228.815446][T32560] veth1_macvtap: left promiscuous mode [ 3228.834219][T32560] veth0_macvtap: left promiscuous mode [ 3228.840619][T10163] usb 5-1: new high-speed USB device number 124 using dummy_hcd [ 3228.859939][T32560] veth1_vlan: left promiscuous mode [ 3228.874068][T32560] veth0_vlan: left promiscuous mode [ 3229.017234][T10163] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3229.021781][ T3531] Bluetooth: hci1: unexpected event for opcode 0x2002 [ 3229.063224][T10163] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3229.087845][T10163] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 3229.134904][T10163] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3229.168819][T10163] usb 5-1: config 0 descriptor?? [ 3229.611802][T10163] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 3229.631533][T10163] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 3229.640514][T10163] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 3229.648377][T10163] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 3229.666984][T10163] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 3229.693814][T10163] playstation 0003:054C:0DF2.0018: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0 [ 3229.810832][T10163] playstation 0003:054C:0DF2.0018: Invalid byte count transferred, expected 20 got 0 [ 3229.836082][T10163] playstation 0003:054C:0DF2.0018: Failed to retrieve DualSense pairing info: -22 [ 3229.862163][T10163] playstation 0003:054C:0DF2.0018: Failed to get MAC address from DualSense [ 3229.872830][T10163] playstation 0003:054C:0DF2.0018: Failed to create dualsense. [ 3229.898405][T10163] playstation 0003:054C:0DF2.0018: probe with driver playstation failed with error -22 [ 3230.017594][T10193] usb 5-1: USB disconnect, device number 124 [ 3230.233518][ T3531] Bluetooth: hci4: command tx timeout [ 3230.537532][T10423] team0: Port device team_slave_0 added [ 3230.628048][T10423] team0: Port device team_slave_1 added [ 3230.869232][T10423] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3230.876441][T10423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3231.308061][T10423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3231.331363][T10423] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3231.339492][T10423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3231.366547][T10423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3231.757433][T10423] hsr_slave_0: entered promiscuous mode [ 3231.790959][T10423] hsr_slave_1: entered promiscuous mode [ 3231.991513][T10589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7977'. [ 3232.047943][T10591] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7977'. [ 3232.088615][T32560] IPVS: stop unused estimator thread 0... [ 3232.309415][ T3531] Bluetooth: hci4: command tx timeout [ 3233.039023][ T3531] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 3233.048698][ T3531] Bluetooth: hci1: Injecting HCI hardware error event [ 3233.066511][ T5839] Bluetooth: hci1: hardware error 0x00 [ 3233.707491][T10423] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 3233.728039][T10423] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 3233.783054][T10423] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 3233.834073][T10423] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 3234.108158][T10423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3234.185393][T10423] 8021q: adding VLAN 0 to HW filter on device team0 [ 3234.221848][T15965] bridge0: port 1(bridge_slave_0) entered blocking state [ 3234.229130][T15965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3234.273949][T15965] bridge0: port 2(bridge_slave_1) entered blocking state [ 3234.281245][T15965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3234.727795][T10423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3234.913436][T10423] veth0_vlan: entered promiscuous mode [ 3234.977985][T10423] veth1_vlan: entered promiscuous mode [ 3235.094895][T10423] veth0_macvtap: entered promiscuous mode [ 3235.139676][T10423] veth1_macvtap: entered promiscuous mode [ 3235.198171][T10423] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3235.247603][T10423] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3235.270897][ T5839] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 3235.295460][T10423] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3235.324117][T10423] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3235.335558][T10423] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3235.351349][T10423] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3235.674848][ T9134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3235.711055][ T9134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3235.841328][T10660] syzkaller0: entered promiscuous mode [ 3235.847394][T10660] syzkaller0: entered allmulticast mode [ 3236.192590][T10672] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7997'. [ 3237.122361][T10183] usb 5-1: new high-speed USB device number 125 using dummy_hcd [ 3237.299263][T10183] usb 5-1: Using ep0 maxpacket: 16 [ 3237.312715][T10183] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 3237.341679][T10183] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 3237.356112][T10183] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3237.374241][T10183] usb 5-1: config 0 descriptor?? [ 3237.820005][T10684] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7999'. [ 3240.765779][T15965] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3240.789070][T15965] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3240.939248][T10183] usbhid 5-1:0.0: can't add hid device: -71 [ 3240.945473][T10183] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 3240.982787][T10183] usb 5-1: USB disconnect, device number 125 [ 3241.509085][T10183] usb 5-1: new high-speed USB device number 126 using dummy_hcd [ 3241.553541][T10729] bridge0: port 2(bridge_slave_1) entered disabled state [ 3241.561796][T10729] bridge0: port 1(bridge_slave_0) entered disabled state [ 3241.720822][T10183] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 3241.746673][T10183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3241.769161][T10183] usb 5-1: Product: syz [ 3241.778046][T10183] usb 5-1: Manufacturer: syz [ 3241.785416][T10183] usb 5-1: SerialNumber: syz [ 3241.805375][T10183] usb 5-1: config 0 descriptor?? [ 3242.087513][T10729] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3242.115867][T10729] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3242.239199][T10183] usb 5-1: Firmware: major: 155, minor: 54, hardware type: UNKNOWN (117) [ 3242.290260][T10729] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.299411][T10729] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.308325][T10729] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.319206][T10729] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3242.440043][T10183] usb 5-1: failed to fetch extended address, random address set [ 3242.474476][T10183] usb 5-1: atusb_probe: initialization failed, error = -524 [ 3242.497724][T10183] atusb 5-1:0.0: probe with driver atusb failed with error -524 [ 3242.522985][T10183] usb 5-1: USB disconnect, device number 126 [ 3242.859163][ T1581] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 3243.039095][ T1581] usb 4-1: Using ep0 maxpacket: 16 [ 3243.083053][ T1581] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 3243.142651][ T1581] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 3243.202012][ T1581] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3243.249755][ T1581] usb 4-1: config 0 descriptor?? [ 3243.360677][T10766] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8023'. [ 3243.686521][T10749] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8014'. [ 3244.225602][ T1581] usbhid 4-1:0.0: can't add hid device: -71 [ 3244.249903][ T1581] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 3244.261746][T10793] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8034'. [ 3244.279398][ T1581] usb 4-1: USB disconnect, device number 7 [ 3244.332925][T10793] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8034'. [ 3245.269929][T10833] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8053'. [ 3245.986027][T10862] geneve2: entered promiscuous mode [ 3248.959036][T10193] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 3249.121512][T10193] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 3249.145021][T10193] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3249.186435][T10193] usb 4-1: config 0 descriptor?? [ 3249.648250][T10193] ath6kl: Unsupported hardware version: 0x0 [ 3249.673476][T10193] ath6kl: Failed to init ath6kl core: -22 [ 3250.106174][T10193] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 3250.125653][T10193] usb 4-1: USB disconnect, device number 8 [ 3250.324910][T10946] netlink: 'syz.1.8101': attribute type 27 has an invalid length. [ 3250.336768][T10946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8101'. [ 3250.347347][T10946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8101'. [ 3250.368011][T10946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8101'. [ 3250.638252][T10946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8101'. [ 3250.668702][T10946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8101'. [ 3250.689299][T10946] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8101'. [ 3251.629395][T10976] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 3252.389119][T14862] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 3252.419208][T10181] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 3252.569117][T14862] usb 2-1: Using ep0 maxpacket: 8 [ 3252.587436][T14862] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3252.591789][T10181] usb 1-1: config 1 interface 0 has no altsetting 0 [ 3252.633290][T10181] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 3252.635486][T14862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 3252.649053][T10181] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3252.687706][T10181] usb 1-1: Product: syz [ 3252.693396][T14862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 3252.693429][T14862] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 3252.752395][T10181] usb 1-1: Manufacturer: syz [ 3252.763088][T10181] usb 1-1: SerialNumber: syz [ 3252.782720][T14862] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 3252.821802][T14862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3252.853380][T14862] usb 2-1: config 0 descriptor?? [ 3253.109631][ T1581] usb 2-1: USB disconnect, device number 120 [ 3253.205097][T10181] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 3255.111636][ C1] usblp0: nonzero write bulk status received: -71 [ 3255.120489][T10163] usb 1-1: USB disconnect, device number 9 [ 3255.164797][T10988] usblp0: removed [ 3255.303191][ T3531] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 3255.314570][ T3531] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 3255.325272][ T3531] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 3255.335369][ T3531] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 3255.359228][ T3531] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 3256.012526][T11075] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8149'. [ 3256.064452][T11075] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8149'. [ 3256.104161][T11061] chnl_net:caif_netlink_parms(): no params data found [ 3256.447757][T11061] bridge0: port 1(bridge_slave_0) entered blocking state [ 3256.462409][T11061] bridge0: port 1(bridge_slave_0) entered disabled state [ 3256.473726][T11061] bridge_slave_0: entered allmulticast mode [ 3256.485880][T11061] bridge_slave_0: entered promiscuous mode [ 3256.495580][T11061] bridge0: port 2(bridge_slave_1) entered blocking state [ 3256.503522][T11061] bridge0: port 2(bridge_slave_1) entered disabled state [ 3256.511775][T11061] bridge_slave_1: entered allmulticast mode [ 3256.520419][T11061] bridge_slave_1: entered promiscuous mode [ 3256.576484][T11061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3256.597144][T11061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3256.670050][T11061] team0: Port device team_slave_0 added [ 3256.684600][T11061] team0: Port device team_slave_1 added [ 3256.817256][T11061] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3256.877139][T11061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3256.970274][T11061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3257.007009][T11061] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3257.015912][T11061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3257.043721][T11061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3257.203471][T11061] hsr_slave_0: entered promiscuous mode [ 3257.230683][T11061] hsr_slave_1: entered promiscuous mode [ 3257.238232][T11061] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3257.261702][T11061] Cannot create hsr debugfs directory [ 3257.431230][ T3531] Bluetooth: hci0: command tx timeout [ 3257.469047][T10181] usb 5-1: new high-speed USB device number 127 using dummy_hcd [ 3257.645507][T10181] usb 5-1: Using ep0 maxpacket: 16 [ 3257.665192][T10181] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3257.694453][T10181] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 3257.732765][T10181] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3257.760177][T10181] usb 5-1: config 0 descriptor?? [ 3257.819451][T11061] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3258.014380][T11061] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3258.147199][T11061] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3258.187955][T10181] pantherlord 0003:0E8F:0003.0019: hidraw0: USB HID v0.03 Device [HID 0e8f:0003] on usb-dummy_hcd.4-1/input0 [ 3258.237448][T10181] pantherlord 0003:0E8F:0003.0019: no output reports found [ 3258.312093][T11061] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3258.381703][T10181] usb 5-1: USB disconnect, device number 127 [ 3258.444339][T11114] fido_id[11114]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 3258.697129][T11061] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 3258.735084][T11061] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 3258.759980][T11061] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 3258.787842][T11061] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 3259.020831][T11061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3259.090930][T11061] 8021q: adding VLAN 0 to HW filter on device team0 [ 3259.125123][T15965] bridge0: port 1(bridge_slave_0) entered blocking state [ 3259.132428][T15965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3259.201183][T15965] bridge0: port 2(bridge_slave_1) entered blocking state [ 3259.208590][T15965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3259.311661][T11061] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3259.423806][T11061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3259.509066][ T3531] Bluetooth: hci0: command tx timeout [ 3259.537175][T11061] veth0_vlan: entered promiscuous mode [ 3259.554733][T11061] veth1_vlan: entered promiscuous mode [ 3259.605233][T11061] veth0_macvtap: entered promiscuous mode [ 3259.625851][T11061] veth1_macvtap: entered promiscuous mode [ 3259.668664][T11061] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3259.696360][T11061] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3259.717074][T11061] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3259.728600][T11061] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3259.746954][T11061] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3259.758097][T11061] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3259.946183][T32560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3260.007082][T32560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3260.164954][T32560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3260.175721][T32560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3261.589257][ T3531] Bluetooth: hci0: command tx timeout [ 3261.769219][T10181] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 3261.929302][T10181] usb 4-1: Using ep0 maxpacket: 32 [ 3261.947211][T10181] usb 4-1: config 0 has an invalid interface number: 219 but max is 0 [ 3261.960446][T10193] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 3261.972686][T10181] usb 4-1: config 0 has no interface number 0 [ 3261.980066][T10181] usb 4-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 3261.992918][T10181] usb 4-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 3262.005757][T10181] usb 4-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 3262.017889][T10181] usb 4-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 3262.028419][T10181] usb 4-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023 [ 3262.040229][T10181] usb 4-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 3262.065680][T10181] usb 4-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 3262.076343][T10181] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3262.084857][T11185] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8189'. [ 3262.094547][T10181] usb 4-1: Product: syz [ 3262.098767][T10181] usb 4-1: Manufacturer: syz [ 3262.104517][T10181] usb 4-1: SerialNumber: syz [ 3262.114919][T10181] usb 4-1: config 0 descriptor?? [ 3262.129865][T11170] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 3262.137712][T11170] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 3262.176162][T10193] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 3262.184748][T10193] usb 2-1: config 0 has no interface number 0 [ 3262.198022][T10193] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3262.229297][T10193] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3262.239405][T10193] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 3262.248597][T10193] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3262.263407][T10193] usb 2-1: config 0 descriptor?? [ 3262.357044][T10181] etas_es58x 4-1:0.219: Starting syz syz (Serial Number syz) [ 3262.730052][T10193] prodikeys 0003:041E:2801.001A: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input1 [ 3262.769005][T11170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3262.788786][T10193] hid_prodikeys: hid-prodikeys: failed to find output report [ 3262.788786][T10193] [ 3262.842534][T11170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3262.876741][T10181] etas_es58x 4-1:0.219: could not retrieve the product info string [ 3262.909251][T10163] usb 2-1: USB disconnect, device number 121 [ 3263.448871][T10181] usb 4-1: USB disconnect, device number 9 [ 3263.457276][T10181] etas_es58x 4-1:0.219: Disconnecting syz syz [ 3263.594462][T11199] fido_id[11199]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 3263.669019][ T3531] Bluetooth: hci0: command tx timeout [ 3263.989424][T10193] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 3264.201414][T10193] usb 2-1: Using ep0 maxpacket: 32 [ 3264.243476][T10193] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 3264.260060][T10193] usb 2-1: config 0 has no interface number 0 [ 3264.286703][T10193] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 3264.314586][T10193] usb 2-1: config 0 interface 85 has no altsetting 0 [ 3264.336639][T10193] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 3264.356863][T10193] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3264.387553][T10193] usb 2-1: Product: syz [ 3264.397732][T10193] usb 2-1: Manufacturer: syz [ 3264.441904][T10193] usb 2-1: SerialNumber: syz [ 3264.463464][T10193] usb 2-1: config 0 descriptor?? [ 3264.541411][T11218] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8200'. [ 3265.114550][T10193] appletouch 2-1:0.85: Geyser mode initialized. [ 3265.146051][T10193] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input92 [ 3265.327618][T10184] usb 2-1: USB disconnect, device number 122 [ 3265.350953][T11235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8208'. [ 3265.383462][T10184] appletouch 2-1:0.85: input: appletouch disconnected [ 3265.906697][T11248] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8213'. [ 3266.470918][T11262] syz_tun: entered allmulticast mode [ 3266.482015][T11261] syz_tun: left allmulticast mode [ 3266.519940][T11264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8221'. [ 3266.911282][T11277] netlink: 44 bytes leftover after parsing attributes in process `syz.4.8226'. [ 3267.169410][T14862] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 3267.339150][T14862] usb 3-1: Using ep0 maxpacket: 8 [ 3267.360695][T14862] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 3267.391256][T14862] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 3267.410722][T14862] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 3267.428074][T14862] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 3267.446878][T14862] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 3267.456807][T14862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3267.689639][T14862] usb 3-1: GET_CAPABILITIES returned 0 [ 3267.739307][T14862] usbtmc 3-1:16.0: can't read capabilities [ 3267.905559][T10193] usb 3-1: USB disconnect, device number 13 [ 3268.459084][T10193] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 3268.530436][T11310] netlink: 44 bytes leftover after parsing attributes in process `syz.1.8237'. [ 3268.998136][T10193] usb 1-1: Using ep0 maxpacket: 32 [ 3269.135472][T10193] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 3269.148993][T10193] usb 1-1: config 0 has no interface number 0 [ 3269.178030][T10193] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 3269.197361][T10193] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3269.208947][T10193] usb 1-1: Product: syz [ 3269.213189][T10193] usb 1-1: Manufacturer: syz [ 3269.237143][T10193] usb 1-1: SerialNumber: syz [ 3269.250055][T10193] usb 1-1: config 0 descriptor?? [ 3269.271793][T10193] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 3269.288978][T10193] usb 1-1: selecting invalid altsetting 1 [ 3269.305037][T10193] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 3269.328550][T10193] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 3269.355593][T10193] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 3269.379229][T10193] usb 1-1: media controller created [ 3269.431115][T10193] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 3269.500697][T10193] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 3269.520465][T10193] zl10353_read_register: readreg error (reg=127, ret==-71) [ 3269.538061][T10193] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 3269.637788][T10193] usb 1-1: USB disconnect, device number 10 [ 3271.206034][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3271.217755][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3271.229118][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3271.248813][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3271.258686][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3271.687319][ T30] audit: type=1326 audit(1749059034.875:33785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11380 comm="syz.1.8266" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 3271.711230][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 3271.717584][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 3271.731456][ T30] audit: type=1326 audit(1749059034.875:33786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11380 comm="syz.1.8266" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 3271.764231][ T30] audit: type=1326 audit(1749059034.925:33787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11380 comm="syz.1.8266" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 3271.797748][ T30] audit: type=1326 audit(1749059034.925:33788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11380 comm="syz.1.8266" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 3271.869511][ T30] audit: type=1326 audit(1749059034.925:33789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11380 comm="syz.1.8266" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x7ffc0000 [ 3271.874955][ T9134] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3271.921851][ T30] audit: type=1326 audit(1749059035.115:33790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.4.8267" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 3271.969004][T10193] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 3271.989253][ T30] audit: type=1326 audit(1749059035.145:33791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.4.8267" exe="/root/syz-executor" sig=0 arch=40000003 syscall=45 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 3272.079077][ T30] audit: type=1326 audit(1749059035.145:33792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.4.8267" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 3272.140189][T10193] usb 3-1: Using ep0 maxpacket: 32 [ 3272.148177][ T30] audit: type=1326 audit(1749059035.145:33793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11382 comm="syz.4.8267" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc7539 code=0x7ffc0000 [ 3272.153887][T10193] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 3272.183241][T10193] usb 3-1: config 0 has no interface number 0 [ 3272.194390][T10193] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 3272.220309][T10193] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3272.228564][T10193] usb 3-1: Product: syz [ 3272.248994][T10193] usb 3-1: Manufacturer: syz [ 3272.253679][T10193] usb 3-1: SerialNumber: syz [ 3272.262153][T10193] usb 3-1: config 0 descriptor?? [ 3272.265050][ T9134] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3272.286518][T10193] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 3272.299266][T10193] usb 3-1: selecting invalid altsetting 1 [ 3272.305062][T10193] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 3272.331793][T10193] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 3272.403166][T10193] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 3272.419020][T10193] usb 3-1: media controller created [ 3272.493642][T10193] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 3272.539433][T10193] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 3272.547085][T10193] zl10353_read_register: readreg error (reg=127, ret==-71) [ 3272.560815][T10193] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 3272.606559][ T9134] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3272.635846][T10193] usb 3-1: USB disconnect, device number 14 [ 3272.743576][ T9134] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3272.988024][T11368] chnl_net:caif_netlink_parms(): no params data found [ 3273.075358][T11403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8274'. [ 3273.349615][ T3531] Bluetooth: hci1: command tx timeout [ 3273.997895][ T9134] bond0 (unregistering): Released all slaves [ 3274.015736][ T9134] bond1 (unregistering): Released all slaves [ 3274.071767][T11415] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 3274.439269][T11429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8281'. [ 3274.749017][T10163] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 3274.780522][T11368] bridge0: port 1(bridge_slave_0) entered blocking state [ 3274.790396][T11368] bridge0: port 1(bridge_slave_0) entered disabled state [ 3274.823659][T11368] bridge_slave_0: entered allmulticast mode [ 3274.921100][T11368] bridge_slave_0: entered promiscuous mode [ 3274.999026][T10163] usb 2-1: Using ep0 maxpacket: 32 [ 3275.087290][T10163] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 3275.127892][T10163] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 3275.218720][T11368] bridge0: port 2(bridge_slave_1) entered blocking state [ 3275.306649][T10163] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 3275.309423][T11368] bridge0: port 2(bridge_slave_1) entered disabled state [ 3275.438776][T10163] usb 2-1: Product: syz [ 3275.447956][T10163] usb 2-1: Manufacturer: syz [ 3275.448989][ T3531] Bluetooth: hci1: command tx timeout [ 3275.460396][T10163] usb 2-1: SerialNumber: syz [ 3275.469413][T11368] bridge_slave_1: entered allmulticast mode [ 3275.481058][T10163] usb 2-1: config 0 descriptor?? [ 3275.494615][T11424] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 3275.511572][T11368] bridge_slave_1: entered promiscuous mode [ 3275.588517][T10163] hub 2-1:0.0: bad descriptor, ignoring hub [ 3275.626361][T10163] hub 2-1:0.0: probe with driver hub failed with error -5 [ 3275.759221][T10196] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 3275.877778][T11446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3275.944921][T11446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3275.969367][ T9134] hsr_slave_0: left promiscuous mode [ 3275.975042][T10196] usb 5-1: Using ep0 maxpacket: 32 [ 3276.029824][T10196] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 3276.042890][ T9134] hsr_slave_1: left promiscuous mode [ 3276.085068][T10196] usb 5-1: config 0 has no interface number 0 [ 3276.122012][T10196] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 3276.149233][T10196] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3276.165946][ T9134] veth1_vlan: left promiscuous mode [ 3276.181501][T10196] usb 5-1: Product: syz [ 3276.185744][T10196] usb 5-1: Manufacturer: syz [ 3276.191113][ T9134] veth0_vlan: left promiscuous mode [ 3276.231275][T10196] usb 5-1: SerialNumber: syz [ 3276.231359][T11446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3276.282659][T10196] usb 5-1: config 0 descriptor?? [ 3276.299769][T11446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3276.331382][T10196] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 3276.516481][T10196] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 3276.562147][T11446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3276.591133][T11446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3276.599581][T10196] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 3276.929697][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 3276.931411][T10184] usb 5-1: USB disconnect, device number 2 [ 3277.005046][T10184] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 3277.149791][T10184] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 3277.172906][T10184] quatech2 5-1:0.51: device disconnected [ 3277.517903][ T3531] Bluetooth: hci1: command tx timeout [ 3277.546817][T10163] usb 2-1: USB disconnect, device number 123 [ 3277.596667][T11457] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8290'. [ 3278.222955][T11473] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8292'. [ 3278.618044][ T30] audit: type=1326 audit(1749059041.805:33794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.680525][ T30] audit: type=1326 audit(1749059041.805:33795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.723272][ T30] audit: type=1326 audit(1749059041.805:33796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.782309][ T30] audit: type=1326 audit(1749059041.805:33797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.814877][ T30] audit: type=1326 audit(1749059041.815:33798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.843409][ T30] audit: type=1326 audit(1749059041.815:33799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.872595][ T30] audit: type=1326 audit(1749059041.815:33800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.900755][ T30] audit: type=1326 audit(1749059041.815:33801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.931326][ T30] audit: type=1326 audit(1749059041.815:33802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3278.959530][ T30] audit: type=1326 audit(1749059041.815:33803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11465 comm="syz.3.8292" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f72539 code=0x7fc00000 [ 3279.365026][T11368] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3279.377885][T11368] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3279.589165][ T3531] Bluetooth: hci1: command tx timeout [ 3279.688194][T11368] team0: Port device team_slave_0 added [ 3279.716524][T11368] team0: Port device team_slave_1 added [ 3279.885278][T11368] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3279.926993][T11368] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3280.045137][T11368] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3280.088408][T11368] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3280.127637][T11368] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3280.241264][T11368] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3280.751213][T11368] hsr_slave_0: entered promiscuous mode [ 3280.825945][T11368] hsr_slave_1: entered promiscuous mode [ 3280.871431][T11368] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3280.918061][T11368] Cannot create hsr debugfs directory [ 3283.040241][T11527] netlink: 'syz.1.8302': attribute type 10 has an invalid length. [ 3283.074575][T11527] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 3283.115157][T11368] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 3283.163848][T11368] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 3283.195420][T11368] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 3283.230312][T11368] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 3283.466488][T11368] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3283.556520][T11368] 8021q: adding VLAN 0 to HW filter on device team0 [ 3283.596463][ T9134] bridge0: port 1(bridge_slave_0) entered blocking state [ 3283.603759][ T9134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3283.654909][T15965] bridge0: port 2(bridge_slave_1) entered blocking state [ 3283.662232][T15965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3283.728531][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 3283.728552][ T30] audit: type=1326 audit(1749059046.915:33821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11542 comm="syz.2.8307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8539 code=0x7ffc0000 [ 3283.803776][ T30] audit: type=1326 audit(1749059046.915:33822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11542 comm="syz.2.8307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8539 code=0x7ffc0000 [ 3283.880453][ T30] audit: type=1326 audit(1749059046.935:33823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11542 comm="syz.2.8307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=49 compat=1 ip=0xf7fe8539 code=0x7ffc0000 [ 3283.943701][ T30] audit: type=1326 audit(1749059046.935:33824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11542 comm="syz.2.8307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8539 code=0x7ffc0000 [ 3284.008222][T11368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3284.032721][ T30] audit: type=1326 audit(1749059046.935:33825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11542 comm="syz.2.8307" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8539 code=0x7ffc0000 [ 3284.199878][T11552] syzkaller1: entered promiscuous mode [ 3284.205432][T11552] syzkaller1: entered allmulticast mode [ 3284.253814][T11368] veth0_vlan: entered promiscuous mode [ 3284.327107][T11368] veth1_vlan: entered promiscuous mode [ 3284.334459][T11558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8313'. [ 3284.633524][T11368] veth0_macvtap: entered promiscuous mode [ 3284.769980][T11569] netlink: 'syz.3.8314': attribute type 10 has an invalid length. [ 3284.873792][T11569] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 3284.910611][T11368] veth1_macvtap: entered promiscuous mode [ 3284.975646][T11368] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3285.054335][T11368] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3285.103539][T11368] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3285.134656][T11368] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3285.167967][T11368] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3285.187103][T11368] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3285.390529][ T3617] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3285.399059][T10181] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 3285.420065][ T3617] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3285.474983][ T9142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3285.504202][ T9142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3285.600777][T10181] usb 4-1: Using ep0 maxpacket: 8 [ 3285.626188][T10181] usb 4-1: config 0 interface 0 altsetting 238 endpoint 0x81 has an invalid bInterval 126, changing to 10 [ 3285.678366][T10181] usb 4-1: config 0 interface 0 has no altsetting 0 [ 3285.695381][T10181] usb 4-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 3285.730708][T10181] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3285.768091][T10181] usb 4-1: config 0 descriptor?? [ 3285.975753][T11596] syz_tun: entered allmulticast mode [ 3286.023867][T11595] syz_tun: left allmulticast mode [ 3286.271313][T11600] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8324'. [ 3287.079894][T10181] usbhid 4-1:0.0: can't add hid device: -71 [ 3287.101109][T10181] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 3287.193934][T10181] usb 4-1: USB disconnect, device number 10 [ 3287.552447][ T30] audit: type=1326 audit(1749059050.745:33826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11609 comm="syz.2.8326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe8539 code=0x7fc00000 [ 3289.779220][T10193] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 3289.908272][T11691] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 3290.006579][T10193] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3290.033431][T10193] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 3290.418840][T10193] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 3290.449194][T10193] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3290.495131][T10193] usb 5-1: config 0 descriptor?? [ 3290.989673][T10193] kovaplus 0003:1E7D:2D50.001B: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.4-1/input0 [ 3291.033176][T11706] netlink: 'syz.2.8348': attribute type 10 has an invalid length. [ 3291.178320][T11706] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 3291.597851][T11720] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8352'. [ 3291.791310][T11715] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3291.809366][T11715] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3291.968298][T11715] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3291.981831][T10193] kovaplus 0003:1E7D:2D50.001B: couldn't init struct kovaplus_device [ 3291.993664][T10193] kovaplus 0003:1E7D:2D50.001B: couldn't install mouse [ 3292.002822][T11715] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3292.013918][T10193] kovaplus 0003:1E7D:2D50.001B: probe with driver kovaplus failed with error -71 [ 3292.036822][T10193] usb 5-1: USB disconnect, device number 3 [ 3292.048484][T11715] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3292.058994][T11715] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3293.956176][T11764] bridge_slave_0: left allmulticast mode [ 3293.962306][T11764] bridge_slave_0: left promiscuous mode [ 3293.968213][T11764] bridge0: port 1(bridge_slave_0) entered disabled state [ 3294.160574][T11764] bridge_slave_1: left allmulticast mode [ 3294.166601][T11764] bridge_slave_1: left promiscuous mode [ 3294.188990][T11764] bridge0: port 2(bridge_slave_1) entered disabled state [ 3294.273631][T11764] bond0: (slave bond_slave_0): Releasing backup interface [ 3294.358450][T11764] bond0: (slave bond_slave_1): Releasing backup interface [ 3294.447652][T11764] team0: Port device team_slave_0 removed [ 3294.468674][T11764] team0: Port device team_slave_1 removed [ 3294.521708][T11764] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3294.544818][T11764] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3294.594831][T11767] bridge0: entered allmulticast mode [ 3295.509161][T10193] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 3295.959295][T10193] usb 2-1: Using ep0 maxpacket: 16 [ 3295.991678][T10193] usb 2-1: config 0 has an invalid interface number: 119 but max is 0 [ 3296.012370][T10193] usb 2-1: config 0 has no interface number 0 [ 3296.172240][T10193] usb 2-1: config 0 interface 119 has no altsetting 0 [ 3296.192096][T10193] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=26.35 [ 3296.220704][T10193] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3296.374069][T10193] usb 2-1: Product: syz [ 3296.378684][T10193] usb 2-1: Manufacturer: syz [ 3296.398826][T10193] usb 2-1: SerialNumber: syz [ 3296.528544][T10193] usb 2-1: config 0 descriptor?? [ 3296.778691][T10193] usb 2-1: USB disconnect, device number 124 [ 3297.270390][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 3297.565380][ T59] bridge_slave_1: left allmulticast mode [ 3297.580075][T11807] loop6: detected capacity change from 0 to 524287999 [ 3297.597400][ T59] bridge_slave_1: left promiscuous mode [ 3297.617268][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 3297.657442][T11818] sctp: [Deprecated]: syz.4.8389 (pid 11818) Use of int in max_burst socket option. [ 3297.657442][T11818] Use struct sctp_assoc_value instead [ 3297.673704][ T59] bridge_slave_0: left allmulticast mode [ 3297.697481][ T59] bridge_slave_0: left promiscuous mode [ 3297.718234][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 3297.870213][T11807] Dev loop6: unable to read RDB block 8 [ 3297.899738][T11807] loop6: unable to read partition table [ 3297.936653][T11807] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 3297.947660][T11204] Buffer I/O error on dev loop6, logical block 65535999, async page read [ 3298.593024][ T59] batman_adv: batadv0: Removing interface: gretap1 [ 3298.846091][ T59] batman_adv: batadv0: Removing interface: vxlan0 [ 3299.338144][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3299.354483][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3299.366157][ T59] bond0 (unregistering): Released all slaves [ 3299.398202][ T59] bond1 (unregistering): Released all slaves [ 3299.841742][T11847] syzkaller1: entered promiscuous mode [ 3299.848689][T11847] syzkaller1: entered allmulticast mode [ 3300.261098][ T59] hsr_slave_0: left promiscuous mode [ 3300.277455][ T59] hsr_slave_1: left promiscuous mode [ 3300.291656][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3300.327493][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3300.361663][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3300.395656][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3300.853009][ T59] veth1_macvtap: left promiscuous mode [ 3300.861063][ T59] veth0_macvtap: left promiscuous mode [ 3300.877164][ T59] veth1_vlan: left promiscuous mode [ 3300.888323][ T59] veth0_vlan: left promiscuous mode [ 3301.959104][T10184] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 3302.174185][T10184] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3302.212060][T10184] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3302.289577][T10184] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 3302.314961][T10184] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 3302.337722][T10184] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3302.367884][T10184] usb 1-1: config 0 descriptor?? [ 3302.805916][T10184] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 3302.836413][T10184] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 3303.018173][ T59] team0 (unregistering): Port device team_slave_1 removed [ 3303.099798][ T59] team0 (unregistering): Port device team_slave_0 removed [ 3303.344384][ T9] usb 1-1: USB disconnect, device number 11 [ 3304.366304][T11913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8426'. [ 3304.409570][T11897] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8420'. [ 3304.424550][T11914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8426'. [ 3305.648441][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3305.659226][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3305.679309][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3305.692911][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3305.701210][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 3306.095271][T11946] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8438'. [ 3306.846025][T11943] chnl_net:caif_netlink_parms(): no params data found [ 3307.253179][T11943] bridge0: port 1(bridge_slave_0) entered blocking state [ 3307.273197][T11943] bridge0: port 1(bridge_slave_0) entered disabled state [ 3307.299583][T11943] bridge_slave_0: entered allmulticast mode [ 3307.324330][T11943] bridge_slave_0: entered promiscuous mode [ 3307.324644][T11966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8444'. [ 3307.334018][T11943] bridge0: port 2(bridge_slave_1) entered blocking state [ 3307.369458][T11943] bridge0: port 2(bridge_slave_1) entered disabled state [ 3307.377012][T11943] bridge_slave_1: entered allmulticast mode [ 3307.395504][T11943] bridge_slave_1: entered promiscuous mode [ 3307.545921][T11943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3307.586020][T11943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3307.717821][T11943] team0: Port device team_slave_0 added [ 3307.752374][T11943] team0: Port device team_slave_1 added [ 3307.798671][T11982] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8450'. [ 3307.829415][ T3531] Bluetooth: hci3: command tx timeout [ 3307.854494][T11985] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8450'. [ 3307.915518][T11943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3307.944250][T11943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3308.024052][T11943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3308.064088][T11943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3308.078827][T11943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3308.121944][T11943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3308.243966][T11943] hsr_slave_0: entered promiscuous mode [ 3308.260479][T11943] hsr_slave_1: entered promiscuous mode [ 3308.276609][T11943] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3308.289277][T11943] Cannot create hsr debugfs directory [ 3308.654802][T10163] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 3308.837580][T10163] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 3308.864693][T10163] usb 5-1: config 0 has no interface number 0 [ 3308.889137][T10163] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 3308.922370][T10163] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 3308.949196][T10163] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 3308.971912][T10163] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3309.006689][T10163] usb 5-1: config 0 descriptor?? [ 3309.028691][T11993] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 3309.069296][T10163] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 3309.291466][T10163] usb 5-1: USB disconnect, device number 4 [ 3309.909738][ T3531] Bluetooth: hci3: command tx timeout [ 3310.121841][T11943] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 3310.178523][T11943] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 3310.257613][T11943] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 3310.319109][T11943] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 3310.786908][T12010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8462'. [ 3310.941111][T11943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3311.001553][T11943] 8021q: adding VLAN 0 to HW filter on device team0 [ 3311.026108][T15965] bridge0: port 1(bridge_slave_0) entered blocking state [ 3311.033858][T15965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3311.075787][T15965] bridge0: port 2(bridge_slave_1) entered blocking state [ 3311.083063][T15965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3311.324882][T10163] usb 2-1: new full-speed USB device number 125 using dummy_hcd [ 3311.495724][T11943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3311.510824][T10163] usb 2-1: config 0 has an invalid interface number: 20 but max is 0 [ 3311.522254][T10163] usb 2-1: config 0 has no interface number 0 [ 3311.528446][T10163] usb 2-1: config 0 interface 20 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 3311.581724][T10163] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 3311.591487][T10163] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3311.611801][T10163] usb 2-1: Product: syz [ 3311.616126][T10163] usb 2-1: Manufacturer: syz [ 3311.638975][T10163] usb 2-1: SerialNumber: syz [ 3311.651965][T11943] veth0_vlan: entered promiscuous mode [ 3311.657223][T10163] usb 2-1: config 0 descriptor?? [ 3311.685099][T12012] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 3311.695656][T10163] usb-storage 2-1:0.20: USB Mass Storage device detected [ 3311.704701][T11943] veth1_vlan: entered promiscuous mode [ 3311.733878][T10163] usb-storage 2-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 3311.874170][T11943] veth0_macvtap: entered promiscuous mode [ 3311.915866][T10163] scsi host1: usb-storage 2-1:0.20 [ 3311.956437][T10163] usb 2-1: USB disconnect, device number 125 [ 3311.961325][T11943] veth1_macvtap: entered promiscuous mode [ 3311.999103][ T3531] Bluetooth: hci3: command tx timeout [ 3312.093457][T11999] syz.3.8457: vmalloc error: size 1075838976, failed to allocated page array size 2101248, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 3312.115168][T11943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3312.123075][T11999] CPU: 1 UID: 0 PID: 11999 Comm: syz.3.8457 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 3312.123108][T11999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3312.123124][T11999] Call Trace: [ 3312.123135][T11999] [ 3312.123145][T11999] dump_stack_lvl+0x189/0x250 [ 3312.123194][T11999] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3312.123230][T11999] ? __pfx__printk+0x10/0x10 [ 3312.123255][T11999] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 3312.123284][T11999] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 3312.123311][T11999] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 3312.123340][T11999] warn_alloc+0x214/0x310 [ 3312.123377][T11999] ? __pfx_warn_alloc+0x10/0x10 [ 3312.123445][T11999] ? __get_vm_area_node+0x28f/0x300 [ 3312.123471][T11999] ? hash_netiface_create+0x358/0xfe0 [ 3312.123631][T11999] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 3312.123657][T11999] ? __do_fast_syscall_32+0xb6/0x2b0 [ 3312.123727][T11999] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 3312.123753][T11999] ? __kasan_kmalloc_large+0x1c/0xa0 [ 3312.123783][T11999] ? rcu_is_watching+0x15/0xb0 [ 3312.123812][T11999] ? hash_netiface_create+0x358/0xfe0 [ 3312.123843][T11999] ? hash_netiface_create+0x358/0xfe0 [ 3312.123873][T11999] __kvmalloc_node_noprof+0x3bf/0x600 [ 3312.123927][T11999] ? hash_netiface_create+0x358/0xfe0 [ 3312.123960][T11999] ? hash_netiface_create+0x2fe/0xfe0 [ 3312.123997][T11999] hash_netiface_create+0x358/0xfe0 [ 3312.124039][T11999] ? __nla_parse+0x40/0x60 [ 3312.124077][T11999] ? __pfx_hash_netiface_create+0x10/0x10 [ 3312.124112][T11999] ip_set_create+0xa97/0x1940 [ 3312.124189][T11999] ? ip_set_create+0x4a2/0x1940 [ 3312.124236][T11999] ? __pfx_ip_set_create+0x10/0x10 [ 3312.124309][T11999] nfnetlink_rcv_msg+0xb4a/0x1130 [ 3312.124371][T11999] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 3312.124436][T11999] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 3312.124468][T11999] ? kasan_save_free_info+0x46/0x50 [ 3312.124553][T11999] netlink_rcv_skb+0x208/0x470 [ 3312.124608][T11999] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 3312.124645][T11999] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 3312.124683][T11999] ? bpf_lsm_capable+0x9/0x20 [ 3312.124725][T11999] ? security_capable+0x7e/0x2e0 [ 3312.124800][T11999] nfnetlink_rcv+0x26a/0x2520 [ 3312.124839][T11999] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 3312.124915][T11999] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 3312.124942][T11999] ? __dev_queue_xmit+0x27e/0x3a70 [ 3312.124973][T11999] ? do_fast_syscall_32+0x34/0x80 [ 3312.125018][T11999] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 3312.125050][T11999] ? __pfx___dev_queue_xmit+0x10/0x10 [ 3312.125096][T11999] ? ref_tracker_free+0x63a/0x7d0 [ 3312.125118][T11999] ? __copy_skb_header+0xa7/0x550 [ 3312.125169][T11999] ? __pfx_ref_tracker_free+0x10/0x10 [ 3312.125211][T11999] ? skb_clone+0x246/0x3a0 [ 3312.125244][T11999] ? __netlink_deliver_tap+0x807/0x850 [ 3312.125268][T11999] ? netlink_deliver_tap+0x2e/0x1b0 [ 3312.125302][T11999] ? netlink_deliver_tap+0x2e/0x1b0 [ 3312.125326][T11999] ? netlink_deliver_tap+0x2e/0x1b0 [ 3312.125358][T11999] netlink_unicast+0x75b/0x8d0 [ 3312.125393][T11999] netlink_sendmsg+0x805/0xb30 [ 3312.125437][T11999] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3312.125464][T11999] ? __import_iovec+0x5d4/0x7f0 [ 3312.125512][T11999] ? aa_sock_msg_perm+0x94/0x160 [ 3312.125550][T11999] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 3312.125581][T11999] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3312.125608][T11999] __sock_sendmsg+0x219/0x270 [ 3312.125647][T11999] ____sys_sendmsg+0x505/0x830 [ 3312.125682][T11999] ? __pfx_____sys_sendmsg+0x10/0x10 [ 3312.125718][T11999] ? __pfx_futex_wake_mark+0x10/0x10 [ 3312.125758][T11999] ___sys_sendmsg+0x21f/0x2a0 [ 3312.125789][T11999] ? __pfx____sys_sendmsg+0x10/0x10 [ 3312.125855][T11999] ? __fget_files+0x2a/0x420 [ 3312.125879][T11999] ? __fget_files+0x3a0/0x420 [ 3312.125916][T11999] __sys_sendmsg+0x164/0x220 [ 3312.125946][T11999] ? __pfx___sys_sendmsg+0x10/0x10 [ 3312.125983][T11999] ? rcu_is_watching+0x15/0xb0 [ 3312.126009][T11999] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 3312.126045][T11999] ? lockdep_hardirqs_on+0x9c/0x150 [ 3312.126080][T11999] __do_fast_syscall_32+0xb6/0x2b0 [ 3312.126124][T11999] do_fast_syscall_32+0x34/0x80 [ 3312.126159][T11999] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 3312.126188][T11999] RIP: 0023:0xf7f72539 [ 3312.126210][T11999] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 3312.126230][T11999] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 3312.126256][T11999] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 3312.126273][T11999] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 3312.126287][T11999] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3312.126300][T11999] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 3312.126314][T11999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3312.126347][T11999] [ 3312.126357][T11999] Mem-Info: [ 3312.673434][T11943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3312.686420][T11943] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3312.727516][T11999] active_anon:7933 inactive_anon:0 isolated_anon:0 [ 3312.727516][T11999] active_file:13583 inactive_file:41097 isolated_file:0 [ 3312.727516][T11999] unevictable:768 dirty:181 writeback:0 [ 3312.727516][T11999] slab_reclaimable:6814 slab_unreclaimable:100502 [ 3312.727516][T11999] mapped:30536 shmem:3833 pagetables:1306 [ 3312.727516][T11999] sec_pagetables:0 bounce:0 [ 3312.727516][T11999] kernel_misc_reclaimable:0 [ 3312.727516][T11999] free:1249096 free_pcp:30962 free_cma:0 [ 3312.749055][T11943] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3312.838963][T11943] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3312.845216][T11999] Node 0 active_anon:29432kB inactive_anon:0kB active_file:54332kB inactive_file:164184kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:122244kB dirty:724kB writeback:0kB shmem:11396kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11468kB pagetables:5156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3312.868176][T11943] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3312.894456][T11999] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3312.948774][T11999] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3312.982540][T11999] lowmem_reserve[]: 0 2501 2502 2502 2502 [ 3312.989132][T11999] Node 0 DMA32 free:1076908kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24984kB inactive_anon:0kB active_file:54332kB inactive_file:162356kB unevictable:1536kB writepending:720kB present:3129332kB managed:2561144kB mlocked:0kB bounce:0kB free_pcp:109896kB local_pcp:53432kB free_cma:0kB [ 3313.061269][T11999] lowmem_reserve[]: 0 0 1 1 1 [ 3313.149672][T11999] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 3313.232107][T11999] lowmem_reserve[]: 0 0 0 0 0 [ 3313.237215][T11999] Node 1 Normal free:3904100kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19856kB local_pcp:9920kB free_cma:0kB [ 3313.328303][T11999] lowmem_reserve[]: 0 0 0 0 0 [ 3313.349849][T32560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3313.357950][T32560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3313.370647][T11999] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 3313.401057][T11999] Node 0 DMA32: 833*4kB (UME) 261*8kB (ME) 297*16kB (ME) 163*32kB (UME) 146*64kB (ME) 31*128kB (ME) 6*256kB (E) 1*512kB (E) 0*1024kB 2*2048kB (ME) 255*4096kB (M) = 1079324kB [ 3313.435701][T11999] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 3313.440144][T32560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3313.451439][T11999] Node 1 Normal: 171*4kB (U) 55*8kB (UM) 44*16kB (UME) 178*32kB (UME) 44*64kB (UME) 14*128kB (UME) 3*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 2*2048kB (UE) 948*4096kB (M) = 3904100kB [ 3313.507862][T32560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3313.507953][T11999] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3313.571237][T11999] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 3313.598078][T11999] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3313.647905][T11999] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3313.670559][T11999] 56645 total pagecache pages [ 3313.687610][T11999] 0 pages in swap cache [ 3313.699376][T11999] Free swap = 124996kB [ 3313.709222][T11999] Total swap = 124996kB [ 3313.722810][T11999] 2097051 pages RAM [ 3313.737870][T11999] 0 pages HighMem/MovableOnly [ 3313.757760][T11999] 424659 pages reserved [ 3313.808835][T11999] 0 pages cma reserved [ 3314.073981][ T3531] Bluetooth: hci3: command tx timeout [ 3316.344009][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 3316.355631][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 3316.365408][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 3316.374902][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 3316.385567][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 3317.067910][T12071] chnl_net:caif_netlink_parms(): no params data found [ 3317.376045][T12071] bridge0: port 1(bridge_slave_0) entered blocking state [ 3317.389112][T12071] bridge0: port 1(bridge_slave_0) entered disabled state [ 3317.397159][T12071] bridge_slave_0: entered allmulticast mode [ 3317.405850][T12071] bridge_slave_0: entered promiscuous mode [ 3317.415752][T12071] bridge0: port 2(bridge_slave_1) entered blocking state [ 3317.423585][T12071] bridge0: port 2(bridge_slave_1) entered disabled state [ 3317.431063][T12071] bridge_slave_1: entered allmulticast mode [ 3317.439320][T12071] bridge_slave_1: entered promiscuous mode [ 3317.514642][T12071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3317.543450][T12071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3317.664973][T12071] team0: Port device team_slave_0 added [ 3317.693809][T12071] team0: Port device team_slave_1 added [ 3317.873843][T12071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3317.902194][T12071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3317.995420][T12071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3318.036914][T12071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3318.054400][T12071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3318.129002][T12071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3318.335584][T12071] hsr_slave_0: entered promiscuous mode [ 3318.350246][T12071] hsr_slave_1: entered promiscuous mode [ 3318.356962][T12071] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3318.370092][T12071] Cannot create hsr debugfs directory [ 3318.470014][ T3531] Bluetooth: hci2: command tx timeout [ 3318.618380][ T9134] tipc: Disabling bearer [ 3319.419074][T12109] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 3319.504280][T12119] netlink: 'syz.3.8500': attribute type 10 has an invalid length. [ 3320.549977][ T3531] Bluetooth: hci2: command tx timeout [ 3320.725515][ T9134] bond0 (unregistering): Released all slaves [ 3320.743315][ T9134] bond1 (unregistering): Released all slaves [ 3321.191979][T10163] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 3321.285641][ T9134] tipc: Left network mode [ 3321.389900][T10163] usb 3-1: Using ep0 maxpacket: 16 [ 3321.406388][T10163] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024 [ 3321.443101][T10163] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 3321.499881][T10163] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 12592, setting to 1024 [ 3321.548466][T10163] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 3321.617052][T10163] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 3321.657236][T10163] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3321.709933][T10163] usb 3-1: Product: syz [ 3321.723974][T10163] usb 3-1: Manufacturer: syz [ 3321.755721][T10163] usb 3-1: SerialNumber: syz [ 3321.777538][T10163] usb 3-1: config 0 descriptor?? [ 3321.805109][T12147] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 3321.814757][T12147] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 3321.949256][ C1] port100 3-1:0.0: NFC: Urb failure (status -71) [ 3321.956465][ C1] port100 3-1:0.0: NFC: Urb failure (status -71) [ 3321.964645][T10163] port100 3-1:0.0: NFC: Could not get supported command types [ 3322.190977][ T9134] hsr_slave_0: left promiscuous mode [ 3322.226995][ T9134] hsr_slave_1: left promiscuous mode [ 3322.328408][T12170] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8512'. [ 3322.600463][T12178] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8515'. [ 3322.629289][ T3531] Bluetooth: hci2: command tx timeout [ 3323.283149][ T9] usb 3-1: USB disconnect, device number 15 [ 3323.598996][T10163] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 3323.839288][T10163] usb 4-1: not running at top speed; connect to a high speed hub [ 3323.879944][T10163] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 3323.890342][T10163] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 3323.929654][T10163] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 3323.939489][T10163] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3323.947513][T10163] usb 4-1: Product: syz [ 3323.980311][T10163] usb 4-1: Manufacturer: syz [ 3323.989104][T10163] usb 4-1: SerialNumber: syz [ 3324.709074][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 3324.709331][ T3531] Bluetooth: hci2: command tx timeout [ 3324.915698][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 3324.925214][ T9] usb 3-1: config 0 has an invalid interface number: 75 but max is 0 [ 3324.941336][ T9] usb 3-1: config 0 has no interface number 0 [ 3324.947822][ T9] usb 3-1: config 0 interface 75 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 16 [ 3324.990847][ T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=6f.9b [ 3325.008974][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3325.026011][ T9] usb 3-1: Product: syz [ 3325.048974][ T9] usb 3-1: Manufacturer: syz [ 3325.053948][ T9] usb 3-1: SerialNumber: syz [ 3325.090167][ T9] usb 3-1: config 0 descriptor?? [ 3325.120328][T12200] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 3325.357939][ T9] pvrusb2: Hardware description: Terratec Grabster AV400 [ 3325.376238][ T9] pvrusb2: ********** [ 3325.384999][ T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 3325.402273][ T9] pvrusb2: Important functionality might not be entirely working. [ 3325.412911][ T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 3325.429067][ T9] pvrusb2: ********** [ 3325.467777][ T2345] pvrusb2: Invalid write control endpoint [ 3325.473096][ T9] usb 3-1: USB disconnect, device number 16 [ 3325.683929][ T2345] pvrusb2: Invalid write control endpoint [ 3325.697344][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 3325.714722][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 3325.722784][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 3325.733327][ T2345] pvrusb2: Device being rendered inoperable [ 3325.751993][ T2345] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 3325.767274][ T2345] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 3325.812367][ T2345] pvrusb2: Attached sub-driver cx25840 [ 3325.818239][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 3325.840735][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 3325.866312][T12170] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 3325.875915][T12170] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 3325.885157][T12170] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 3325.894127][T12170] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 3325.931189][T12170] vxlan0: entered promiscuous mode [ 3326.062071][T10163] usb 4-1: 0:2 : does not exist [ 3326.119066][T10163] usb 4-1: USB disconnect, device number 11 [ 3326.275847][T11204] udevd[11204]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 3326.279512][T12071] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 3326.426102][T12071] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 3326.477032][T12071] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 3326.543098][T12071] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 3326.801895][ T9134] IPVS: stop unused estimator thread 0... [ 3326.876442][T12071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3327.015430][T12071] 8021q: adding VLAN 0 to HW filter on device team0 [ 3327.063815][ T9134] bridge0: port 1(bridge_slave_0) entered blocking state [ 3327.071107][ T9134] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3327.143791][ T3617] bridge0: port 2(bridge_slave_1) entered blocking state [ 3327.151240][ T3617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3327.556061][T12071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3328.606858][T12071] veth0_vlan: entered promiscuous mode [ 3328.655955][T12071] veth1_vlan: entered promiscuous mode [ 3328.725647][T12071] veth0_macvtap: entered promiscuous mode [ 3328.770872][T12071] veth1_macvtap: entered promiscuous mode [ 3329.043627][T12071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3329.060384][T12071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3329.079258][T12071] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3329.094022][T12071] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3329.103329][T12071] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3329.113726][T12071] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3329.350951][T15965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3329.364570][T15965] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3329.418618][ T3617] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3329.446909][ T3617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3330.739154][T14862] usb 2-1: new full-speed USB device number 126 using dummy_hcd [ 3330.913575][T14862] usb 2-1: config 0 has an invalid interface number: 176 but max is 0 [ 3330.942695][T14862] usb 2-1: config 0 has no interface number 0 [ 3330.973257][T14862] usb 2-1: config 0 interface 176 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 3331.023903][T14862] usb 2-1: New USB device found, idVendor=0499, idProduct=1039, bcdDevice= c.76 [ 3331.038971][T14862] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3331.058416][T14862] usb 2-1: Product: syz [ 3331.070537][T14862] usb 2-1: Manufacturer: syz [ 3331.083007][T14862] usb 2-1: SerialNumber: syz [ 3331.113171][T14862] usb 2-1: config 0 descriptor?? [ 3331.127000][T12291] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 3331.191003][T12304] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8560'. [ 3331.363813][T14862] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 3331.372480][T12306] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8561'. [ 3331.384269][T14862] usb 2-1: invalid MIDI in EP 0 [ 3331.495381][T14862] snd-usb-audio 2-1:0.176: probe with driver snd-usb-audio failed with error -22 [ 3331.536934][T14862] usb 2-1: USB disconnect, device number 126 [ 3331.621207][T10923] udevd[10923]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.176/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 3331.869051][T10163] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 3332.039150][T10163] usb 3-1: Using ep0 maxpacket: 16 [ 3332.052767][T10163] usb 3-1: config 0 has an invalid interface number: 119 but max is 0 [ 3332.074961][T10163] usb 3-1: config 0 has no interface number 0 [ 3332.099441][T10163] usb 3-1: config 0 interface 119 has no altsetting 0 [ 3332.125913][T10163] usb 3-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=26.35 [ 3332.154452][T10163] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3332.165783][T10163] usb 3-1: Product: syz [ 3332.170822][T10163] usb 3-1: Manufacturer: syz [ 3332.185404][T10163] usb 3-1: SerialNumber: syz [ 3332.204617][T10163] usb 3-1: config 0 descriptor?? [ 3332.353238][T12334] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8573'. [ 3332.461291][T10163] usb 3-1: USB disconnect, device number 17 [ 3332.729094][T10193] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 3332.889200][T14862] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 3332.891498][T10193] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 3332.918947][T10193] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3332.938708][T10193] usb 1-1: New USB device found, idVendor=044f, idProduct=b324, bcdDevice= 0.00 [ 3332.949431][T10193] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3332.965449][T10193] usb 1-1: config 0 descriptor?? [ 3333.051475][T14862] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 3333.077897][T14862] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 3333.101245][T10196] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 3333.113480][T14862] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 3333.113516][T14862] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 3333.113569][T14862] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 3333.113593][T14862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3333.123420][T14862] usb 4-1: config 0 descriptor?? [ 3333.127823][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 3333.168685][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 3333.329036][T10196] usb 5-1: Using ep0 maxpacket: 32 [ 3333.337605][T10196] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3333.357963][T10196] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3333.368552][T10196] usb 5-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00 [ 3333.383112][T10196] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3333.413478][T10193] thrustmaster 0003:044F:B324.001D: item fetching failed at offset 3/5 [ 3333.430910][T10193] thrustmaster 0003:044F:B324.001D: parse failed [ 3333.438631][T10196] usb 5-1: config 0 descriptor?? [ 3333.455458][T10193] thrustmaster 0003:044F:B324.001D: probe with driver thrustmaster failed with error -22 [ 3333.510170][T10181] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 3333.612508][T14862] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 3333.627078][T14862] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 3333.634986][T14862] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 3333.643133][T14862] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 3333.674635][T14862] plantronics 0003:047F:FFFF.001E: unknown main item tag 0x0 [ 3333.690027][T14862] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 3333.718159][T14862] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 3333.872858][T10196] hid_mf 0003:0079:1801.001F: item fetching failed at offset 0/2 [ 3333.893212][T10196] hid_mf 0003:0079:1801.001F: HID parse failed. [ 3333.894917][T14862] usb 4-1: USB disconnect, device number 12 [ 3333.915848][T10196] hid_mf 0003:0079:1801.001F: probe with driver hid_mf failed with error -22 [ 3334.099226][T10196] usb 5-1: USB disconnect, device number 5 [ 3447.678888][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 3447.685931][ C0] rcu: 1-...!: (1 GPs behind) idle=4a34/1/0x4000000000000000 softirq=255957/255959 fqs=0 [ 3447.696936][ C0] rcu: (detected by 0, t=10506 jiffies, g=296601, q=415 ncpus=2) [ 3447.704794][ C0] Sending NMI from CPU 0 to CPUs 1: [ 3447.704838][ C1] NMI backtrace for cpu 1 [ 3447.704868][ C1] CPU: 1 UID: 0 PID: 12373 Comm: syz.1.8588 Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 3447.704890][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3447.704903][ C1] RIP: 0010:taprio_set_budgets+0x1/0x3b0 [ 3447.705019][ C1] Code: f7 e8 63 5c 9f f8 e9 0a f8 ff ff 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 38 49 89 d7 49 89 f6 48 89 fb [ 3447.705036][ C1] RSP: 0018:ffffc90000a08c60 EFLAGS: 00000046 [ 3447.705052][ C1] RAX: 1ffff11008bf03aa RBX: ffff888053c8c2c0 RCX: dffffc0000000000 [ 3447.705066][ C1] RDX: ffff888045f81c00 RSI: ffff88804b56fc00 RDI: ffff888053c8c2c0 [ 3447.705080][ C1] RBP: ffff888045f81d50 R08: 0000000000000003 R09: 0000000000000004 [ 3447.705092][ C1] R10: dffffc0000000000 R11: fffff5200014117c R12: ffff888053c8c340 [ 3447.705106][ C1] R13: ffff888053c8c000 R14: 1845e80538954c00 R15: ffff88804b56fc00 [ 3447.705119][ C1] FS: 0000000000000000(0000) GS:ffff888125d5c000(0063) knlGS:00000000f508eb40 [ 3447.705135][ C1] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 3447.705147][ C1] CR2: 00000000801fd018 CR3: 000000007ccba000 CR4: 00000000003526f0 [ 3447.705163][ C1] Call Trace: [ 3447.705172][ C1] [ 3447.705182][ C1] advance_sched+0x963/0xc90 [ 3447.705214][ C1] ? __pfx_advance_sched+0x10/0x10 [ 3447.705235][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 3447.705282][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 3447.705309][ C1] ? read_tsc+0x9/0x20 [ 3447.705350][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 3447.705392][ C1] __sysvec_apic_timer_interrupt+0x108/0x410 [ 3447.705412][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 3447.705442][ C1] [ 3447.705448][ C1] [ 3447.705455][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 3447.705477][ C1] RIP: 0010:sock_recvmsg_nosec+0x28/0x1c0 [ 3447.705507][ C1] Code: 90 90 55 41 57 41 56 41 55 41 54 53 50 89 54 24 04 49 89 f7 49 89 fe 48 bb 00 00 00 00 00 fc ff df e8 8c 32 7f f8 4d 8d 66 20 <4c> 89 e5 48 c1 ed 03 80 7c 1d 00 00 74 08 4c 89 e7 e8 42 a4 e2 f8 [ 3447.705522][ C1] RSP: 0018:ffffc9000b0cf840 EFLAGS: 00000246 [ 3447.705538][ C1] RAX: ffffffff894129e4 RBX: dffffc0000000000 RCX: 0000000000080000 [ 3447.705551][ C1] RDX: ffffc9001682f000 RSI: 000000000007ffff RDI: 0000000000080000 [ 3447.705564][ C1] RBP: ffffc9000b0cf9f0 R08: ffffc9000b0cf97f R09: 0000000000000000 [ 3447.705577][ C1] R10: ffffc9000b0cf900 R11: fffff52001619f30 R12: ffff888058233020 [ 3447.705591][ C1] R13: 1ffff92001619f95 R14: ffff888058233000 R15: ffffc9000b0cfca0 [ 3447.705609][ C1] ? sock_recvmsg_nosec+0x24/0x1c0 [ 3447.705643][ C1] ____sys_recvmsg+0x3aa/0x460 [ 3447.705671][ C1] ? __pfx_____sys_recvmsg+0x10/0x10 [ 3447.705691][ C1] ? get_compat_msghdr+0x37e/0x4a0 [ 3447.705745][ C1] ? rcu_is_watching+0x15/0xb0 [ 3447.705760][ C1] ? ___sys_recvmsg+0x1c4/0x510 [ 3447.705785][ C1] ___sys_recvmsg+0x1b5/0x510 [ 3447.705811][ C1] ? __pfx____sys_recvmsg+0x10/0x10 [ 3447.705852][ C1] ? do_recvmmsg+0x4c1/0x770 [ 3447.705875][ C1] ? __might_resched+0xa/0x610 [ 3447.705899][ C1] do_recvmmsg+0x36a/0x770 [ 3447.705926][ C1] ? __pfx_do_recvmmsg+0x10/0x10 [ 3447.705947][ C1] ? __sys_sendmmsg+0x400/0x430 [ 3447.705990][ C1] __sys_recvmmsg+0x19d/0x280 [ 3447.706014][ C1] ? __pfx___sys_recvmmsg+0x10/0x10 [ 3447.706038][ C1] ? rcu_is_watching+0x15/0xb0 [ 3447.706057][ C1] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 3447.706084][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 3447.706117][ C1] do_fast_syscall_32+0x34/0x80 [ 3447.706145][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 3447.706166][ C1] RIP: 0023:0xf709e539 [ 3447.706183][ C1] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 3447.706199][ C1] RSP: 002b:00000000f508e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 3447.706217][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 3447.706230][ C1] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000 [ 3447.706241][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 3447.706252][ C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 3447.706263][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3447.706282][ C1] [ 3447.706821][ C0] rcu: rcu_preempt kthread starved for 10506 jiffies! g296601 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 3448.151870][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 3448.161964][ C0] rcu: RCU grace-period kthread stack dump: [ 3448.167874][ C0] task:rcu_preempt state:R running task stack:26216 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 3448.181436][ C0] Call Trace: [ 3448.184736][ C0] [ 3448.187700][ C0] __schedule+0x16f5/0x4d00 [ 3448.192310][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 3448.197558][ C0] ? schedule+0x165/0x360 [ 3448.201924][ C0] ? __lock_acquire+0xab9/0xd20 [ 3448.206813][ C0] ? __pfx___schedule+0x10/0x10 [ 3448.211722][ C0] ? schedule+0x91/0x360 [ 3448.216009][ C0] schedule+0x165/0x360 [ 3448.220203][ C0] schedule_timeout+0x12b/0x270 [ 3448.225153][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 3448.230567][ C0] ? __pfx_process_timeout+0x10/0x10 [ 3448.235890][ C0] ? prepare_to_swait_event+0x341/0x380 [ 3448.241498][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 3448.246419][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 3448.251428][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 3448.256709][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 3448.262045][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 3448.267295][ C0] ? finish_swait+0xcd/0x1f0 [ 3448.271929][ C0] rcu_gp_kthread+0x99/0x390 [ 3448.276565][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 3448.281827][ C0] ? __kthread_parkme+0x7b/0x200 [ 3448.286827][ C0] ? __kthread_parkme+0x1a1/0x200 [ 3448.291892][ C0] kthread+0x711/0x8a0 [ 3448.295996][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 3448.301237][ C0] ? __pfx_kthread+0x10/0x10 [ 3448.305866][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 3448.311103][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 3448.316341][ C0] ? __pfx_kthread+0x10/0x10 [ 3448.320968][ C0] ret_from_fork+0x3f9/0x770 [ 3448.326038][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 3448.331197][ C0] ? __switch_to_asm+0x39/0x70 [ 3448.335997][ C0] ? __switch_to_asm+0x33/0x70 [ 3448.340788][ C0] ? __pfx_kthread+0x10/0x10 [ 3448.345414][ C0] ret_from_fork_asm+0x1a/0x30 [ 3448.350232][ C0] [ 3448.353302][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 3448.359653][ C0] CPU: 0 UID: 0 PID: 11061 Comm: syz-executor Not tainted 6.15.0-syzkaller-11796-g5abc7438f1e9 #0 PREEMPT(full) [ 3448.371570][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 3448.382035][ C0] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 3448.388764][ C0] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 60 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 0b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 f0 73 0b [ 3448.408407][ C0] RSP: 0000:ffffc90004a5f720 EFLAGS: 00000293 [ 3448.414523][ C0] RAX: ffffffff81b4e880 RBX: ffff8880b863cb40 RCX: ffff888025658000 [ 3448.422645][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 3448.430659][ C0] RBP: ffffc90004a5f880 R08: ffffffff8fa0f5f7 R09: 1ffffffff1f41ebe [ 3448.438668][ C0] R10: dffffc0000000000 R11: fffffbfff1f41ebf R12: 1ffff110170e828d [ 3448.446668][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b8741468 [ 3448.454665][ C0] FS: 0000000000000000(0000) GS:ffff888125c5c000(0063) knlGS:000000005667f440 [ 3448.463624][ C0] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 3448.470236][ C0] CR2: 000000005668c99c CR3: 0000000032b2e000 CR4: 00000000003526f0 [ 3448.478238][ C0] Call Trace: [ 3448.481566][ C0] [ 3448.484544][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 3448.489999][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 3448.496384][ C0] ? try_charge_memcg+0x22a/0x1290 [ 3448.501598][ C0] ? rcu_is_watching+0x15/0xb0 [ 3448.506390][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 3448.511804][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 3448.517039][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 3448.522196][ C0] flush_tlb_mm_range+0x6b1/0x12c0 [ 3448.527342][ C0] ? page_table_check_clear+0x187/0x700 [ 3448.532980][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 3448.538558][ C0] ? page_table_check_clear+0x187/0x700 [ 3448.544219][ C0] ? page_table_check_clear+0x4f3/0x700 [ 3448.549791][ C0] ? page_table_check_clear+0x187/0x700 [ 3448.555376][ C0] ptep_clear_flush+0x120/0x170 [ 3448.560284][ C0] do_wp_page+0x1bc2/0x5800 [ 3448.564902][ C0] ? do_wp_page+0x161d/0x5800 [ 3448.569638][ C0] ? __pfx_do_wp_page+0x10/0x10 [ 3448.574553][ C0] ? do_raw_spin_lock+0x121/0x290 [ 3448.579612][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 3448.585026][ C0] __handle_mm_fault+0x1144/0x5620 [ 3448.590168][ C0] ? __lock_acquire+0xab9/0xd20 [ 3448.595079][ C0] ? __pfx___handle_mm_fault+0x10/0x10 [ 3448.600566][ C0] ? lock_vma_under_rcu+0xf8/0x710 [ 3448.605719][ C0] ? lock_vma_under_rcu+0xf8/0x710 [ 3448.610880][ C0] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 3448.616483][ C0] handle_mm_fault+0x40a/0x8e0 [ 3448.621294][ C0] do_user_addr_fault+0xa81/0x1390 [ 3448.626452][ C0] ? rcu_is_watching+0x15/0xb0 [ 3448.631248][ C0] ? trace_page_fault_user+0x84/0x1e0 [ 3448.636661][ C0] exc_page_fault+0x76/0xf0 [ 3448.641203][ C0] asm_exc_page_fault+0x26/0x30 [ 3448.646080][ C0] RIP: 0023:0xf71cd156 [ 3448.650181][ C0] Code: 24 04 8b 7c 24 10 8d 89 ac 66 00 00 8d 04 3e 39 cd 89 45 38 0f 95 c1 29 fa 0f b6 c9 83 ca 01 c1 e1 02 09 f9 83 c9 01 89 4e 04 <89> 50 04 83 c6 08 8b 54 24 0c 89 f0 e8 a9 c9 ff ff e9 a9 f7 ff ff [ 3448.670687][ C0] RSP: 002b:00000000f755fc60 EFLAGS: 00010206 [ 3448.676815][ C0] RAX: 000000005668c998 RBX: 0000000000000000 RCX: 0000000000008021 [ 3448.684837][ C0] RDX: 0000000000014669 RSI: 0000000056684978 RDI: 0000000000008020 [ 3448.693122][ C0] RBP: 00000000f74096a0 R08: 0000000000000000 R09: 0000000000000000 [ 3448.701142][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 3448.709150][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 3448.717182][ C0]