last executing test programs: 4m40.905588186s ago: executing program 1 (id=1515): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mount_setattr(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) 4m39.840997885s ago: executing program 1 (id=1533): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r2, @ANYRES8=r1], 0x1c}}, 0x0) 4m39.733877054s ago: executing program 1 (id=1537): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r1, 0x1, 0x4000, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000050}, 0x0) 4m39.564161338s ago: executing program 1 (id=1541): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000480), 0x10) sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x5, 0x0, 0x0, {0x0, 0xea60}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "1d0b6382972f4b8f"}}, 0x48}}, 0x0) 4m39.410570197s ago: executing program 1 (id=1544): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 4m39.245549364s ago: executing program 1 (id=1547): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000800f4000040"]) 4m24.126951288s ago: executing program 32 (id=1547): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000800f4000040"]) 3m43.280504747s ago: executing program 4 (id=2382): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x175) close(r0) r1 = fanotify_init(0x12, 0x141402) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 3m42.344718122s ago: executing program 4 (id=2401): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000740)=""/4096, 0xffe0}], 0x1) 3m42.212194392s ago: executing program 4 (id=2403): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000180)='sys_exit\x00', r0}, 0x18) fsmount(0xffffffffffffffff, 0x1, 0x0) 3m42.053177794s ago: executing program 4 (id=2407): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="04000226", @ANYRES16=0x0, @ANYBLOB="00000000000000000004e800000008000317"], 0x1c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b28, &(0x7f0000000000)={'wlan0\x00'}) 3m41.908425897s ago: executing program 4 (id=2411): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000240)={0x20000006}) 3m41.819262078s ago: executing program 4 (id=2414): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r1, 0x0, 0xf69}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0) 3m26.700473284s ago: executing program 33 (id=2414): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000240)='pmap_register\x00', r1, 0x0, 0xf69}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400448c0}, 0x0) 2m36.077975617s ago: executing program 3 (id=3490): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000240)={0x1fe, 0x5, 0x1000, 0x1000, &(0x7f000061f000/0x1000)=nil}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2m36.016292864s ago: executing program 3 (id=3492): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0xc, 0x288}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffe0b}}) io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0) 2m35.716224995s ago: executing program 3 (id=3497): creat(&(0x7f00000001c0)='./file0\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v3={0x3000000, [{0x3, 0x2}, {0x9, 0x57}], 0xee01}, 0x18, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0) 2m35.62475426s ago: executing program 3 (id=3500): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x3) ioprio_set$uid(0x3, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x1, 0x0, 0x4, 0x8) 2m35.488360057s ago: executing program 3 (id=3502): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffffc, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x4, 0x4}}}]}, 0x3c}}, 0x24000010) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 2m35.390028947s ago: executing program 3 (id=3505): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000033bc0e00000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = fsopen(&(0x7f0000000380)='nfsd\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2m20.331735969s ago: executing program 34 (id=3505): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000033bc0e00000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = fsopen(&(0x7f0000000380)='nfsd\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 57.153438019s ago: executing program 2 (id=4687): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x4c42bb4f92, 0x0) shutdown(r1, 0x0) 56.591650994s ago: executing program 2 (id=4690): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10) socket$kcm(0x2, 0x2, 0x73) 56.131532982s ago: executing program 2 (id=4694): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000700)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) close(0x3) close(0x4) 55.266811098s ago: executing program 2 (id=4699): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, 0x0}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000080)={r1}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c831, 0xffffffffffffffff, 0x0) 29.260962948s ago: executing program 2 (id=4699): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, 0x0}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000080)={r1}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c831, 0xffffffffffffffff, 0x0) 5.322433306s ago: executing program 6 (id=4908): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x52, &(0x7f0000000040)=0xc0000, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)}, 0x3}], 0x1, 0x10020, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x44000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 5.179420084s ago: executing program 7 (id=4909): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2}) sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="11", 0x1}], 0x1}}], 0x1, 0x20040001) 4.93795422s ago: executing program 0 (id=4911): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xa, 0xb, 0x42, 0x3e, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000180)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000280)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x4, 0x1005, &(0x7f00000014c0)=""/4101, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.815087001s ago: executing program 6 (id=4912): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0xfffffffc, 0xdc64}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r1, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'ip6_vti0\x00', r1, 0x0, 0x0, 0x0, 0x0, 0xd, @dev={0xfe, 0x80, '\x00', 0x8}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x0, 0xfffffffc}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'}) 4.809237075s ago: executing program 7 (id=4913): r0 = epoll_create1(0x80000) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a}) preadv(r1, &(0x7f0000000640)=[{&(0x7f0000000100)=""/115, 0x73}], 0x1, 0x80000001, 0x800000f5) ppoll(&(0x7f00000001c0)=[{r0, 0x1065}], 0x1, 0x0, 0x0, 0x0) 4.515644314s ago: executing program 0 (id=4915): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x3, 0x80001) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0xffffffffffffffff, 0x0, 0x4, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x0, 0x0, 0x1, r2}) 4.209878679s ago: executing program 6 (id=4917): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000080)=0x2) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0x400e7fe, 0x1, 0x7, 0x8}}) 4.074261508s ago: executing program 0 (id=4918): r0 = socket(0x2, 0x80805, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f00000000c0)={0x0, 0x92e1, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x0, 0x4004, @fd=r0, 0x1000, 0x0, 0x0, 0xa, 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 3.863192733s ago: executing program 6 (id=4920): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f0000000400)={'#! ', './file0', [], 0xa, "1f411d2552ad52cb07410969e814977e4f2c4a80522094786c8673fb61cf8b86bda4de504f5a3c7c04055f1f70e4064d46b2bb9e5100d446bb6a"}, 0x2) write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000080)={0xa, {0x8, 0x7f, 0x9}}, 0xa) close(r0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 3.634868688s ago: executing program 7 (id=4921): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000002c0)={0x3f}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) write$uinput_user_dev(r0, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x20], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x200000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) 3.42891369s ago: executing program 6 (id=4923): r0 = syz_io_uring_setup(0x110, &(0x7f0000001280)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000040)={0x7, 0xffffffffffffffff, 0x31, {0x8, 0x6d5}, 0x6}, 0x1) 3.238952163s ago: executing program 7 (id=4924): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="001c000d0700100000001400000060ec"], 0xffe) 3.011144818s ago: executing program 6 (id=4926): r0 = getpgid(0x0) syz_clone3(&(0x7f0000000580)={0x40000000, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_clone3(&(0x7f0000000200)={0x800000, 0x0, 0x0, 0x0, {0x19}, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[0x0], 0x1}, 0x58) r1 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r1, 0x21, 0x0, 0x4) 2.92163894s ago: executing program 0 (id=4927): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfd, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f00000004c0)='contention_begin\x00', r0, 0x0, 0x9}, 0x18) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000003680), r1) sendmsg$NFC_CMD_FW_DOWNLOAD(r1, &(0x7f0000003800)={0x0, 0x0, &(0x7f00000037c0)={&(0x7f0000000c40)={0x24, r2, 0x1, 0x170bd29, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '\''}]}, 0x24}, 0x1, 0x0, 0x0, 0xc084}, 0x40) 2.476539848s ago: executing program 0 (id=4928): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000001701"], 0x18}, 0x34000041) 2.432184065s ago: executing program 2 (id=4699): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd, 0x0, 0x0}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r0, 0xc00464b4, &(0x7f0000000080)={r1}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c831, 0xffffffffffffffff, 0x0) 1.568602846s ago: executing program 0 (id=4929): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000247000/0x1000)=nil, 0x1000, 0x0) munlockall() madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) 1.568388473s ago: executing program 5 (id=4930): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000940)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x4a, 0x0, 0x0, 0x3}}, 0x48) 1.367408107s ago: executing program 5 (id=4931): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84) 1.029266787s ago: executing program 5 (id=4932): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-256-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000003580)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000100)='d', 0x1}], 0x1, 0x0, 0x0, 0x20004001}}], 0x1, 0x8000) sendmsg$alg(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 1.019228424s ago: executing program 7 (id=4933): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000010c0)=ANY=[@ANYBLOB="0100000000000000074d564b"]) 724.06463ms ago: executing program 5 (id=4934): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c"], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804) 364.403021ms ago: executing program 5 (id=4935): writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)='9\x00\x00', 0x3}], 0x1) r0 = socket(0x11, 0xa, 0x0) add_key$fscrypt_v1(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffb) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7) sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x0) 192.92437ms ago: executing program 7 (id=4936): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 0s ago: executing program 5 (id=4937): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) kernel console output (not intermixed with test programs): b 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 305.321038][ T5873] usb 3-1: SerialNumber: syz [ 305.343635][T17142] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3478'. [ 305.352572][T17142] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3478'. [ 305.353209][ T5955] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 305.373387][ T5824] Bluetooth: hci2: command 0x0406 tx timeout [ 305.377116][ T5955] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 305.405814][T17142] gtp0: entered promiscuous mode [ 305.411051][T17142] gtp0: entered allmulticast mode [ 305.957914][ T5891] usb 6-1: USB disconnect, device number 15 [ 305.999360][ T5873] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 306.061937][T17161] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 306.077592][T17161] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 306.099135][T17161] overlayfs: failed to set uuid (340/file1, err=-13); falling back to uuid=null. [ 306.355991][ T5898] usb 3-1: USB disconnect, device number 27 [ 306.368638][ T5898] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 307.163752][ T30] audit: type=1326 audit(1750143917.016:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.185387][ C1] vkms_vblank_simulate: vblank timer overrun [ 307.206945][ T30] audit: type=1326 audit(1750143917.016:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.238257][ T30] audit: type=1326 audit(1750143917.016:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.260372][ T30] audit: type=1326 audit(1750143917.016:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.284752][ T30] audit: type=1326 audit(1750143917.016:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.307809][ T30] audit: type=1326 audit(1750143917.016:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.333670][ T30] audit: type=1326 audit(1750143917.026:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.356230][ T30] audit: type=1326 audit(1750143917.026:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.378318][ T30] audit: type=1326 audit(1750143917.036:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.457728][ T30] audit: type=1326 audit(1750143917.036:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17210 comm="syz.5.3509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 307.594366][ T5955] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 307.600494][ T5955] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 307.603329][ T5824] Bluetooth: hci5: command 0x0c1a tx timeout [ 308.672916][ T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 308.860136][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 308.890578][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 308.942033][ T10] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 308.965163][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 308.995600][ T10] usb 1-1: SerialNumber: syz [ 309.228536][ T10] usb 1-1: 0:2 : does not exist [ 309.258611][ T10] usb 1-1: USB disconnect, device number 30 [ 309.909022][T17307] netlink: 'syz.5.3554': attribute type 29 has an invalid length. [ 309.923189][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 309.923215][ T5955] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 309.972483][ T5955] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 311.388075][ T5912] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 311.411377][T17357] netlink: 'syz.2.3576': attribute type 1 has an invalid length. [ 311.419818][T17357] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.3576'. [ 311.563456][ T5912] usb 1-1: Using ep0 maxpacket: 32 [ 311.575318][ T5912] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 311.583952][ T5912] usb 1-1: config 0 has no interface number 0 [ 311.590191][ T5912] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 311.591854][T17366] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 311.602337][ T5912] usb 1-1: config 0 interface 85 has no altsetting 0 [ 311.626070][ T5912] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 311.651723][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.666214][ T5912] usb 1-1: Product: syz [ 311.670410][ T5912] usb 1-1: Manufacturer: syz [ 311.676815][ T5912] usb 1-1: SerialNumber: syz [ 311.685162][ T5912] usb 1-1: config 0 descriptor?? [ 311.748619][T17370] loop2: detected capacity change from 0 to 7 [ 311.757614][T17370] Dev loop2: unable to read RDB block 7 [ 311.763668][T17370] loop2: unable to read partition table [ 311.765988][T17372] input: syz1 as /devices/virtual/input/input38 [ 311.769609][T17370] loop2: partition table beyond EOD, truncated [ 311.782059][T17370] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 311.956321][T17378] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 312.301655][ T5912] appletouch 1-1:0.85: Geyser mode initialized. [ 312.310486][ T5912] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input37 [ 312.529518][ T24] usb 1-1: USB disconnect, device number 31 [ 312.564359][ T24] appletouch 1-1:0.85: input: appletouch disconnected [ 313.642948][ T5955] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 313.802867][ T5955] usb 6-1: Using ep0 maxpacket: 32 [ 313.817835][ T5955] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 313.826536][ T5955] usb 6-1: config 0 has no interface number 0 [ 313.844498][ T5955] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 313.854079][ T5955] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.862157][ T5955] usb 6-1: Product: syz [ 313.868168][ T5955] usb 6-1: Manufacturer: syz [ 313.872880][ T5955] usb 6-1: SerialNumber: syz [ 313.884569][ T5955] usb 6-1: config 0 descriptor?? [ 313.892101][ T5955] smsc95xx v2.0.0 [ 314.662943][ T5912] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 314.706750][ T5955] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout [ 314.833149][ T5912] usb 3-1: Using ep0 maxpacket: 8 [ 314.849758][ T5912] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.878003][ T5912] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 314.894025][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.915794][ T5912] usb 3-1: config 0 descriptor?? [ 314.918851][ T5955] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 314.934703][ T5912] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 314.959156][ T5955] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 314.980123][ T5955] usb 6-1: USB disconnect, device number 16 [ 315.535652][T17492] macvlan1: entered promiscuous mode [ 315.542094][T17492] ipvlan0: entered promiscuous mode [ 315.548575][T17492] ipvlan0: left promiscuous mode [ 315.553928][T17492] macvlan1: left promiscuous mode [ 315.565139][T17495] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3640'. [ 315.783169][ T24] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 315.942279][ T5912] gspca_vc032x: reg_r err -71 [ 315.948604][ T5912] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 315.966312][ T24] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 315.980226][ T5912] usb 3-1: USB disconnect, device number 28 [ 315.982569][T17509] xt_hashlimit: max too large, truncated to 1048576 [ 315.992759][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 316.021270][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 316.033407][ T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 316.046906][ T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 316.063102][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.083997][ T24] usb 7-1: config 0 descriptor?? [ 316.101789][T17513] syzkaller1: entered promiscuous mode [ 316.107431][T17513] syzkaller1: entered allmulticast mode [ 316.495994][ T24] plantronics 0003:047F:FFFF.0022: ignoring exceeding usage max [ 316.527916][ T24] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving [ 316.542498][ T24] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 317.037426][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.402966][T17546] sctp: [Deprecated]: syz.0.3664 (pid 17546) Use of struct sctp_assoc_value in delayed_ack socket option. [ 317.402966][T17546] Use struct sctp_sack_info instead [ 317.673151][ T5912] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 317.832875][ T5912] usb 3-1: Using ep0 maxpacket: 16 [ 317.859744][ T5912] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 317.868701][ T5912] usb 3-1: config 1 has no interface number 0 [ 317.881358][ T5912] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 317.894353][ T5912] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 317.904691][ T5912] usb 3-1: config 1 interface 105 has no altsetting 0 [ 317.913763][ T5912] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 317.923148][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.931122][ T5912] usb 3-1: Product: syz [ 317.935379][ T5912] usb 3-1: Manufacturer: syz [ 317.939976][ T5912] usb 3-1: SerialNumber: syz [ 317.948907][T17548] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 317.956454][T17548] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 318.132885][ T5834] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 318.295021][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 318.307920][ T5834] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 318.322850][ T5834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.334454][ T5834] usb 1-1: config 0 descriptor?? [ 318.340392][T17562] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 318.382358][T17548] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 318.390459][T17548] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 318.510194][ T5891] usb 7-1: USB disconnect, device number 13 [ 318.770391][T17581] loop8: detected capacity change from 0 to 8 [ 318.780324][T17581] Dev loop8: unable to read RDB block 8 [ 318.787213][T17581] loop8: unable to read partition table [ 318.787326][ T5834] elan 0003:04F3:0755.0023: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 318.794847][T17581] loop8: partition table beyond EOD, truncated [ 318.812972][T17581] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 318.830673][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 318.839333][ T5912] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 318.860569][ T5912] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 318.877933][ T5912] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 318.900498][ T5912] aqc111 3-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 0a:d9:81:9b:4f:46 [ 318.916059][ T5912] usb 3-1: USB disconnect, device number 29 [ 318.924449][ T5912] aqc111 3-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 318.984567][ T5912] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 318.996404][ T5912] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 319.008518][ T5912] aqc111 3-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 319.550928][T17605] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 319.591391][T17607] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3692'. [ 319.602016][T17607] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 319.642479][T17607] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 319.920160][T17621] input: syz0 as /devices/virtual/input/input39 [ 319.926962][T17621] input: failed to attach handler leds to device input39, error: -6 [ 320.552842][ T10] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 320.676209][ T1213] usb 1-1: USB disconnect, device number 32 [ 320.716726][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 320.731225][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.764095][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.787961][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 320.853348][ T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 320.863677][ T10] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 320.871786][ T10] usb 6-1: Manufacturer: syz [ 320.898843][ T10] usb 6-1: config 0 descriptor?? [ 321.328780][ T10] appleir 0003:05AC:8243.0024: unknown main item tag 0x0 [ 321.338044][T17655] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 321.345523][ T10] appleir 0003:05AC:8243.0024: No inputs registered, leaving [ 321.364147][ T10] appleir 0003:05AC:8243.0024: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 321.382794][T17655] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 321.615448][ T10] usb 6-1: USB disconnect, device number 17 [ 322.540955][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 322.550506][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 322.559138][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 322.591657][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 322.600906][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 322.615847][ T5824] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 322.624165][ T5824] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 322.631514][ T5824] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 322.668587][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 322.676614][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 322.999103][T17683] chnl_net:caif_netlink_parms(): no params data found [ 323.248342][T17683] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.256704][T17683] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.264921][T17683] bridge_slave_0: entered allmulticast mode [ 323.272006][T17683] bridge_slave_0: entered promiscuous mode [ 323.281359][T17715] syzkaller1: entered promiscuous mode [ 323.292781][T17715] syzkaller1: entered allmulticast mode [ 323.300636][T17683] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.309203][T17683] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.316797][T17683] bridge_slave_1: entered allmulticast mode [ 323.329944][T17683] bridge_slave_1: entered promiscuous mode [ 323.465330][T17683] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.488134][T17683] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.497354][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 323.497370][ T30] audit: type=1400 audit(1750143933.336:220): lsm=SMACK fn=smack_file_fcntl action=denied subject="w" object="_" requested=w pid=17718 comm="syz.0.3737" path="/785" dev="tmpfs" ino=4013 [ 323.649173][T17683] team0: Port device team_slave_0 added [ 323.669527][T17683] team0: Port device team_slave_1 added [ 323.778678][T17683] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 323.799190][T17683] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 323.849258][T17683] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 323.863992][T17683] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 323.870973][T17683] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 323.898423][T17683] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.000441][T17683] hsr_slave_0: entered promiscuous mode [ 324.015229][T17683] hsr_slave_1: entered promiscuous mode [ 324.024071][T17683] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 324.031797][T17683] Cannot create hsr debugfs directory [ 324.425342][T17683] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 324.443630][T17683] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 324.457155][T17683] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 324.495576][T17683] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 324.661971][T17683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.698833][T17683] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.713091][ T5824] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 324.713891][ T5831] Bluetooth: hci3: command tx timeout [ 324.719679][ T51] Bluetooth: hci6: command 0x1003 tx timeout [ 324.731397][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.739076][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.818966][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.826203][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 325.364430][T17683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 325.562841][ T5898] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 325.636894][T17792] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3765'. [ 325.746922][ T5898] usb 3-1: Using ep0 maxpacket: 32 [ 325.768766][ T5898] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 325.788317][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.045049][ T5898] usb 3-1: config 0 descriptor?? [ 326.097574][T17683] veth0_vlan: entered promiscuous mode [ 326.118169][T17683] veth1_vlan: entered promiscuous mode [ 326.190906][T17683] veth0_macvtap: entered promiscuous mode [ 326.211074][T17683] veth1_macvtap: entered promiscuous mode [ 326.241785][T17683] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 326.260216][T17781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 326.273421][T17781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 326.283088][T17683] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 326.302554][ T5898] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 326.306653][T17683] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.321566][T17683] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.327337][ T5898] usb 3-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 326.334061][T17683] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.348574][T17683] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.368962][ T5898] usb 3-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 326.509476][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 326.531122][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 326.597063][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 326.611230][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 326.762793][ T10] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 326.792990][ T5831] Bluetooth: hci3: command tx timeout [ 326.925208][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 326.955444][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.969183][ T10] usb 6-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 326.989299][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.005456][ T10] usb 6-1: config 0 descriptor?? [ 327.250080][ T10] usbhid 6-1:0.0: can't add hid device: -71 [ 327.302958][ T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 327.323203][ T10] usb 6-1: USB disconnect, device number 18 [ 327.943053][T17870] openvswitch: netlink: IPv4 tun info is not correct [ 328.201811][T17883] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3805'. [ 328.210893][T17883] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3805'. [ 328.294555][T17888] loop2: detected capacity change from 0 to 7 [ 328.307770][T17888] Dev loop2: unable to read RDB block 7 [ 328.316504][T17888] loop2: AHDI p1 p2 [ 328.320459][T17888] loop2: partition table partially beyond EOD, truncated [ 328.332211][T17888] loop2: p1 size 4244635647 extends beyond EOD, truncated [ 328.872919][ T5831] Bluetooth: hci3: command tx timeout [ 329.673039][ T1213] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 329.846079][ T1213] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 329.861833][ T1213] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.882183][ T1213] usb 1-1: config 0 descriptor?? [ 329.897000][ T1213] cp210x 1-1:0.0: cp210x converter detected [ 330.303311][ T1213] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 330.347305][ T1213] usb 1-1: cp210x converter now attached to ttyUSB0 [ 330.558277][ T10] usb 1-1: USB disconnect, device number 33 [ 330.583502][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 330.602597][ T10] cp210x 1-1:0.0: device disconnected [ 330.687607][T17958] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 330.954014][ T5831] Bluetooth: hci3: command tx timeout [ 331.158425][T17983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3846'. [ 331.177738][T17983] ipvlan2: entered promiscuous mode [ 331.652908][ T5891] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 331.820688][ T5891] usb 1-1: Using ep0 maxpacket: 8 [ 331.840123][ T5891] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 331.861785][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.890492][ T5891] usb 1-1: Product: syz [ 331.900634][ T5891] usb 1-1: Manufacturer: syz [ 331.905353][ T5891] usb 1-1: SerialNumber: syz [ 331.915842][ T5891] usb 1-1: config 0 descriptor?? [ 331.934233][ T5891] gspca_main: sq930x-2.14.0 probing 2770:930c [ 332.004641][T18017] overlayfs: failed to clone upperpath [ 332.744750][ T5891] gspca_sq930x: ucbus_write failed -71 [ 332.972940][ T5891] gspca_sq930x: Sensor ov9630 not yet treated [ 332.983623][ T5891] sq930x 1-1:0.0: probe with driver sq930x failed with error -22 [ 333.008772][ T5891] usb 1-1: USB disconnect, device number 34 [ 333.072565][T18041] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 333.090063][T18041] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 333.123479][T18041] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 334.633877][T18104] loop3: detected capacity change from 0 to 7 [ 334.660999][T18104] Dev loop3: unable to read RDB block 7 [ 334.669993][T18104] loop3: unable to read partition table [ 334.676830][T18104] loop3: partition table beyond EOD, truncated [ 334.683806][T18104] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 334.703411][ T5955] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 335.004682][ T5955] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 335.013135][ T5955] usb 1-1: config 0 has no interface number 0 [ 335.033254][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 335.069910][ T5955] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 335.092346][ T5955] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.118464][ T5955] usb 1-1: Product: syz [ 335.144330][ T5955] usb 1-1: Manufacturer: syz [ 335.478257][ T5955] usb 1-1: SerialNumber: syz [ 335.486620][ T5955] usb 1-1: config 0 descriptor?? [ 335.703205][ T5955] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 335.740824][ T5955] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 335.767927][ T5955] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 335.788786][ T5955] usb 1-1: media controller created [ 335.900267][ T5955] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 335.966314][ T5955] i2c i2c-2: ec100: i2c rd failed=-32 reg=33 [ 336.049443][ T5955] usb 1-1: USB disconnect, device number 35 [ 336.863764][T18150] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3915'. [ 337.112832][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 337.834365][ T30] audit: type=1326 audit(1750143947.676:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f50c7b2ab19 code=0x7ffc0000 [ 337.856577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 337.952767][ T30] audit: type=1326 audit(1750143947.676:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 338.022869][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 338.065812][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 338.088904][ T30] audit: type=1326 audit(1750143947.676:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 338.169413][ T30] audit: type=1326 audit(1750143947.676:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f50c7b2ab19 code=0x7ffc0000 [ 338.259530][ T30] audit: type=1326 audit(1750143947.676:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 338.388686][ T30] audit: type=1326 audit(1750143947.676:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f50c7b2ab19 code=0x7ffc0000 [ 338.492111][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 338.513269][ T30] audit: type=1326 audit(1750143947.676:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 338.638368][ T30] audit: type=1326 audit(1750143947.676:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f50c7b2ab19 code=0x7ffc0000 [ 338.670887][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 338.703295][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 338.744474][ T30] audit: type=1326 audit(1750143947.676:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 338.821409][ T30] audit: type=1326 audit(1750143947.676:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18165 comm="syz.7.3923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 338.973149][ T1213] usb 7-1: new full-speed USB device number 14 using dummy_hcd [ 339.134586][ T1213] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 339.145007][ T1213] usb 7-1: config 0 has no interface number 0 [ 339.151164][ T1213] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 339.163472][ T1213] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.174469][ T1213] usb 7-1: config 0 descriptor?? [ 339.183852][ T1213] usb 7-1: selecting invalid altsetting 1 [ 339.190961][ T1213] dvb_ttusb_budget: ttusb_init_controller: error [ 339.193270][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 339.197512][ T1213] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 339.278637][ T1213] DVB: Unable to find symbol cx22700_attach() [ 339.385947][ T1213] DVB: Unable to find symbol tda10046_attach() [ 339.394010][ T1213] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 339.411788][ T1213] usb 7-1: USB disconnect, device number 14 [ 339.691766][ T5891] kernel read not supported for file /dsp (pid: 5891 comm: kworker/1:4) [ 339.850653][T18227] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 340.257356][T18251] netlink: 'syz.7.3961': attribute type 1 has an invalid length. [ 340.311204][T18251] netlink: 16150 bytes leftover after parsing attributes in process `syz.7.3961'. [ 340.553111][T18261] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3965'. [ 340.562029][T18261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3965'. [ 340.593654][T18261] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.602420][T18261] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.611331][T18261] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.622005][T18261] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 341.370880][T18302] syzkaller1: entered promiscuous mode [ 341.376603][T18302] syzkaller1: entered allmulticast mode [ 341.414640][ T5955] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 341.604794][ T5955] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 341.613842][ T5955] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 341.625409][ T5955] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 341.636916][ T5955] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 341.645107][ T5955] usb 7-1: Manufacturer: syz [ 341.655548][ T5955] usb 7-1: config 0 descriptor?? [ 341.735664][ T5955] rc_core: IR keymap rc-hauppauge not found [ 341.749495][ T5955] Registered IR keymap rc-empty [ 341.767441][ T5955] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 341.800848][ T5955] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input40 [ 341.876274][ C0] igorplugusb 7-1:0.0: Error: urb status = -32 [ 341.889589][ T5955] usb 7-1: USB disconnect, device number 15 [ 342.304322][T18344] netlink: 'syz.0.4001': attribute type 3 has an invalid length. [ 342.312109][T18344] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4001'. [ 342.998352][T18362] team0 (unregistering): Port device team_slave_0 removed [ 343.010499][T18362] team0 (unregistering): Port device team_slave_1 removed [ 343.031214][T18362] team0 (unregistering): Port device geneve1 removed [ 344.134764][ T10] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 344.181567][T18415] syzkaller1: entered promiscuous mode [ 344.187269][T18415] syzkaller1: entered allmulticast mode [ 344.209285][ T5891] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 344.292827][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 344.299904][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 344.311155][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 344.321092][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 344.334973][ T10] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 344.345849][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.357571][ T10] usb 7-1: config 0 descriptor?? [ 344.374944][ T5891] usb 1-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 344.393111][ T5891] usb 1-1: config 0 interface 0 has no altsetting 0 [ 344.399848][ T5891] usb 1-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00 [ 344.409186][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.419367][ T5891] usb 1-1: config 0 descriptor?? [ 344.425550][T18407] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 344.777739][ T10] microsoft 0003:045E:07DA.0025: unknown main item tag 0x2 [ 344.786396][ T10] microsoft 0003:045E:07DA.0025: unknown main item tag 0x6 [ 344.794471][ T10] microsoft 0003:045E:07DA.0025: unknown main item tag 0x6 [ 344.802405][ T10] microsoft 0003:045E:07DA.0025: unknown main item tag 0x6 [ 344.809909][ T10] microsoft 0003:045E:07DA.0025: unknown main item tag 0x6 [ 344.821739][ T10] microsoft 0003:045E:07DA.0025: No inputs registered, leaving [ 344.831130][ T10] microsoft 0003:045E:07DA.0025: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0 [ 344.842943][ T10] microsoft 0003:045E:07DA.0025: no inputs found [ 344.849299][ T10] microsoft 0003:045E:07DA.0025: could not initialize ff, continuing anyway [ 344.870427][ T5891] uclogic 0003:5543:0042.0026: item fetching failed at offset 0/3 [ 344.879669][ T5891] uclogic 0003:5543:0042.0026: parse failed [ 344.887285][ T5891] uclogic 0003:5543:0042.0026: probe with driver uclogic failed with error -22 [ 344.974822][ T10] usb 7-1: USB disconnect, device number 16 [ 345.078212][ T5891] usb 1-1: USB disconnect, device number 36 [ 346.032860][ T5955] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 346.194628][ T5955] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 346.225802][ T5955] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 346.238499][ T5955] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 346.267327][ T5955] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 346.281100][ T5955] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.290754][ T5955] usb 7-1: Product: syz [ 346.306384][ T5955] usb 7-1: Manufacturer: syz [ 346.311331][ T5955] usb 7-1: SerialNumber: syz [ 346.332424][ T5955] usb 7-1: config 0 descriptor?? [ 346.342448][T18435] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 346.349969][T18435] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 346.359424][ T5955] usb 7-1: ucan: probing device on interface #0 [ 347.054845][ T5955] ucan 7-1:0.0 can0: registered device [ 347.220676][ T5955] ucan 7-1:0.0 can0: firmware string: unknown [ 347.230325][ T5955] usb 7-1: USB disconnect, device number 17 [ 347.307659][T18485] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 347.761017][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 347.916032][T18499] kernel read not supported for file /file1 (pid: 18499 comm: syz.0.4072) [ 347.935571][ T30] kauditd_printk_skb: 93 callbacks suppressed [ 347.935589][ T30] audit: type=1800 audit(1750143957.786:324): pid=18499 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.4072" name="file1" dev="mqueue" ino=54366 res=0 errno=0 [ 348.040625][T18501] netlink: 277 bytes leftover after parsing attributes in process `syz.6.4073'. [ 348.186175][T18506] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 348.215825][T18506] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 348.662662][T18533] 9p: Unknown uid 00000000004294967295 [ 348.690117][T18536] batadv_slave_1: entered promiscuous mode [ 348.704123][T18535] batadv_slave_1: left promiscuous mode [ 348.929979][T18547] netlink: 'syz.0.4095': attribute type 12 has an invalid length. [ 348.944922][T18547] netlink: 'syz.0.4095': attribute type 1 has an invalid length. [ 348.958827][T18547] netlink: 140 bytes leftover after parsing attributes in process `syz.0.4095'. [ 349.052919][ T10] usb 6-1: new full-speed USB device number 19 using dummy_hcd [ 349.063036][ T30] audit: type=1800 audit(1750143958.906:325): pid=18551 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.4097" name="nullb0" dev="devtmpfs" ino=2854 res=0 errno=0 [ 349.103320][T18556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4099'. [ 349.215952][ T10] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 349.255428][ T10] usb 6-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 349.272430][ T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 349.289445][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.566212][ T10] usb 6-1: USB disconnect, device number 19 [ 349.870835][T18593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4116'. [ 349.880109][T18593] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4116'. [ 349.889454][T18593] netlink: 'syz.0.4116': attribute type 19 has an invalid length. [ 350.202479][T18603] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4121'. [ 350.218269][T18570] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 350.292877][ T1213] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 350.454930][ T1213] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 350.474401][T18618] program syz.6.4128 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 350.487614][ T1213] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.518125][ T1213] usb 1-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 350.531737][ T1213] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.551007][ T1213] usb 1-1: config 0 descriptor?? [ 350.979427][ T1213] kye 0003:0458:0153.0027: unknown main item tag 0x3 [ 350.998087][ T1213] kye 0003:0458:0153.0027: hidraw0: USB HID v0.00 Device [HID 0458:0153] on usb-dummy_hcd.0-1/input0 [ 351.026002][T18642] veth0: entered promiscuous mode [ 351.039941][T18641] veth0: left promiscuous mode [ 351.184161][ T24] usb 1-1: USB disconnect, device number 37 [ 351.208792][T18649] vivid-000: disconnect [ 351.213924][T18647] vivid-000: reconnect [ 351.255237][ T5834] kernel read not supported for file /dsp1 (pid: 5834 comm: kworker/1:3) [ 351.883084][ T24] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 352.038514][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 352.066819][ T24] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 352.103619][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.141089][ T24] usb 6-1: config 0 descriptor?? [ 352.160922][ T24] pwc: Askey VC010 type 2 USB webcam detected. [ 352.252148][ T30] audit: type=1326 audit(1750143962.096:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18694 comm="syz.2.4164" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7681f8e929 code=0x0 [ 352.562965][ T24] pwc: recv_control_msg error -32 req 02 val 2b00 [ 352.574758][ T24] pwc: recv_control_msg error -32 req 02 val 2700 [ 352.786884][ T24] pwc: recv_control_msg error -71 req 04 val 1000 [ 352.799738][ T24] pwc: recv_control_msg error -71 req 04 val 1300 [ 352.810957][ T24] pwc: recv_control_msg error -71 req 04 val 1400 [ 352.821056][ T24] pwc: recv_control_msg error -71 req 02 val 2000 [ 352.828756][ T24] pwc: recv_control_msg error -71 req 02 val 2100 [ 352.839150][ T24] pwc: recv_control_msg error -71 req 04 val 1500 [ 352.846603][ T24] pwc: recv_control_msg error -71 req 02 val 2500 [ 352.859471][ T24] pwc: recv_control_msg error -71 req 02 val 2400 [ 352.868063][ T24] pwc: recv_control_msg error -71 req 02 val 2600 [ 352.884553][ T24] pwc: recv_control_msg error -71 req 02 val 2900 [ 352.905572][ T24] pwc: recv_control_msg error -71 req 02 val 2800 [ 352.920019][ T24] pwc: recv_control_msg error -71 req 04 val 1100 [ 352.927187][ T24] pwc: recv_control_msg error -71 req 04 val 1200 [ 352.936983][ T24] pwc: Registered as video103. [ 352.945547][ T24] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input43 [ 352.964266][ T24] usb 6-1: USB disconnect, device number 20 [ 353.303064][ T1213] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 353.452850][ T24] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 353.464801][ T1213] usb 1-1: Using ep0 maxpacket: 8 [ 353.482102][ T1213] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 353.498566][ T1213] usb 1-1: config 179 has no interface number 0 [ 353.505338][ T1213] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 353.518771][ T1213] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 353.530365][ T1213] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 353.547095][ T1213] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 353.559033][ T1213] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 353.587990][ T1213] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 353.609638][ T1213] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.628538][T18716] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 353.632069][ T24] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 353.655762][ T24] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 353.676422][ T24] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 353.713405][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.732095][T18726] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 353.758597][ T24] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 353.862619][T18716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.884391][T18716] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.997706][ T1213] usb 7-1: USB disconnect, device number 18 [ 354.311074][ T24] usb 1-1: USB disconnect, device number 38 [ 354.311178][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 354.325934][ C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 354.392912][ T1213] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 354.598938][ T1213] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 354.610283][ T1213] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 354.620249][ T1213] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 354.633024][ T1213] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.654970][T18726] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 354.665621][ T1213] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 354.916858][ T1213] usb 7-1: USB disconnect, device number 19 [ 355.062002][T18775] vlan2: entered promiscuous mode [ 355.082042][T18775] hsr0: entered promiscuous mode [ 355.547929][T18785] 9pnet: p9_errstr2errno: server reported unknown error @ [ 356.062968][ T30] audit: type=1326 audit(1750143965.906:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18800 comm="syz.7.4209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 356.063023][ T30] audit: type=1326 audit(1750143965.906:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18800 comm="syz.7.4209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 356.063067][ T30] audit: type=1326 audit(1750143965.906:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18800 comm="syz.7.4209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 356.063110][ T30] audit: type=1326 audit(1750143965.906:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18800 comm="syz.7.4209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 356.063152][ T30] audit: type=1326 audit(1750143965.906:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18800 comm="syz.7.4209" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 356.165440][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.509759][ T30] audit: type=1800 audit(1750143966.356:332): pid=18808 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.4212" name="bus" dev="tmpfs" ino=4589 res=0 errno=0 [ 356.716130][T18819] bridge0: port 3(veth0_to_bridge) entered blocking state [ 356.717142][T18819] bridge0: port 3(veth0_to_bridge) entered disabled state [ 356.717371][T18819] veth0_to_bridge: entered allmulticast mode [ 356.796350][T18819] veth0_to_bridge: entered promiscuous mode [ 356.796515][T18819] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 356.797256][T18819] bridge0: port 3(veth0_to_bridge) entered blocking state [ 356.797369][T18819] bridge0: port 3(veth0_to_bridge) entered forwarding state [ 356.961849][T18822] input: syz0 as /devices/virtual/input/input44 [ 357.202835][ T5834] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 357.368819][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 357.387987][ T5834] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 357.397858][ T5834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.411327][ T5834] usb 1-1: config 0 descriptor?? [ 357.420474][T18824] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 357.461281][T18847] input: syz1 as /devices/virtual/input/input45 [ 357.612258][T18850] 9pnet: p9_errstr2errno: server reported unknown error @ [ 357.853210][ T5834] elan 0003:04F3:0755.0028: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 358.151863][T18872] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.4239'. [ 359.714456][ T24] usb 1-1: USB disconnect, device number 39 [ 359.880003][T18942] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 359.892964][ T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 360.053106][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 360.403166][ T5834] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 360.574572][ T5834] usb 1-1: Using ep0 maxpacket: 32 [ 360.587722][ T5834] usb 1-1: config 0 has an invalid interface number: 235 but max is 0 [ 360.600208][ T5834] usb 1-1: config 0 has no interface number 0 [ 360.609979][T18960] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 360.613352][ T5834] usb 1-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47 [ 360.628880][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.637673][ T5834] usb 1-1: Product: syz [ 360.642047][ T5834] usb 1-1: Manufacturer: syz [ 360.646835][ T5834] usb 1-1: SerialNumber: syz [ 360.655214][ T5834] usb 1-1: config 0 descriptor?? [ 360.658785][ T10] usb 6-1: unable to get BOS descriptor or descriptor too short [ 360.688218][ T10] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 360.699985][ T10] usb 6-1: can't read configurations, error -71 [ 360.877130][ T5834] kaweth 1-1:0.235: Firmware present in device. [ 361.065521][ T5834] kaweth 1-1:0.235: Statistics collection: 0 [ 361.071538][ T5834] kaweth 1-1:0.235: Multicast filter limit: 0 [ 361.077656][ T5834] kaweth 1-1:0.235: MTU: 0 [ 361.082083][ T5834] kaweth 1-1:0.235: Read MAC address 00:00:00:00:00:00 [ 361.517975][T18974] can0: slcan on ttyS3. [ 361.584518][T18974] can0 (unregistered): slcan off ttyS3. [ 361.667775][ T5834] kaweth 1-1:0.235: Error setting receive filter [ 361.696211][ T5834] kaweth 1-1:0.235: probe with driver kaweth failed with error -5 [ 361.733538][ T5834] usb 1-1: USB disconnect, device number 40 [ 361.844926][ T30] audit: type=1326 audit(1750143971.696:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18977 comm="syz.6.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 361.891292][ T30] audit: type=1326 audit(1750143971.696:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18977 comm="syz.6.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 361.921041][ T30] audit: type=1326 audit(1750143971.696:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18977 comm="syz.6.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 361.964299][ T30] audit: type=1326 audit(1750143971.696:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18977 comm="syz.6.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 361.986153][ T30] audit: type=1326 audit(1750143971.696:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18977 comm="syz.6.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 362.009302][ T30] audit: type=1326 audit(1750143971.696:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18977 comm="syz.6.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=8 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 362.062981][ T30] audit: type=1326 audit(1750143971.696:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18977 comm="syz.6.4284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 362.859778][T19020] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4301'. [ 363.677613][T19043] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 363.703038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 363.851492][ T30] audit: type=1326 audit(1750143973.696:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19045 comm="syz.7.4315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 363.942100][ T30] audit: type=1326 audit(1750143973.696:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19045 comm="syz.7.4315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50c7b8e929 code=0x7ffc0000 [ 364.026741][ T30] audit: type=1326 audit(1750143973.726:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19045 comm="syz.7.4315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f50c7b2ab19 code=0x7ffc0000 [ 364.048238][ C1] vkms_vblank_simulate: vblank timer overrun [ 364.230647][T19062] program syz.6.4320 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 364.486898][T19075] 9pnet: p9_errstr2errno: server reported unknown error [ 365.126138][T19105] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4339'. [ 365.457774][T19118] sctp: [Deprecated]: syz.6.4346 (pid 19118) Use of struct sctp_assoc_value in delayed_ack socket option. [ 365.457774][T19118] Use struct sctp_sack_info instead [ 365.699539][T19129] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4351'. [ 365.708760][ T10] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 365.758558][ T1213] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0 [ 365.773481][ T1213] hid-generic 0000:0000:0000.0029: hidraw0: HID v0.00 Device [syz1] on syz0 [ 365.892827][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 365.904255][ T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 365.922550][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 365.938458][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 365.948586][ T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 365.968469][ T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 366.003113][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.081607][T19142] bond0: entered promiscuous mode [ 366.089760][T19142] bond_slave_0: entered promiscuous mode [ 366.097222][T19142] bond_slave_1: entered promiscuous mode [ 366.223124][ T10] usb 6-1: GET_CAPABILITIES returned 0 [ 366.228822][ T10] usbtmc 6-1:16.0: can't read capabilities [ 366.442489][ T10] usb 6-1: USB disconnect, device number 23 [ 366.458138][T19156] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.4364'. [ 366.551072][T19161] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4366'. [ 366.766204][T19171] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4371'. [ 367.133119][ T24] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 367.193199][ T5955] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 367.283337][ T24] usb 7-1: Using ep0 maxpacket: 8 [ 367.294935][ T24] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 367.304494][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.312603][ T24] usb 7-1: Product: syz [ 367.316942][ T24] usb 7-1: Manufacturer: syz [ 367.321525][ T24] usb 7-1: SerialNumber: syz [ 367.329204][ T24] usb 7-1: config 0 descriptor?? [ 367.337618][ T24] gspca_main: se401-2.14.0 probing 047d:5003 [ 367.368160][ T5955] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 367.379994][ T5955] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 367.389301][ T5955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.399798][ T5955] usb 1-1: config 0 descriptor?? [ 367.815474][ T5955] keytouch 0003:0926:3333.002A: fixing up Keytouch IEC report descriptor [ 367.828737][ T5955] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.002A/input/input46 [ 367.923314][ T5955] keytouch 0003:0926:3333.002A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 367.945395][ T24] input: se401 as /devices/platform/dummy_hcd.6/usb7/7-1/input/input47 [ 368.164326][ T24] usb 7-1: USB disconnect, device number 20 [ 368.273681][ T5955] usb 1-1: USB disconnect, device number 41 [ 368.471035][T19198] tipc: Started in network mode [ 368.479064][T19198] tipc: Node identity fe800000000000000000000000000013, cluster identity 4711 [ 368.500837][T19198] tipc: Enabled bearer , priority 10 [ 369.617019][ T24] tipc: Node number set to 4269801491 [ 369.997757][T19256] syzkaller1: entered promiscuous mode [ 370.030021][T19256] syzkaller1: entered allmulticast mode [ 370.073122][ T5873] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 370.233154][ T5873] usb 7-1: Using ep0 maxpacket: 32 [ 370.240256][ T5873] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.289182][ T5873] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.312987][ T5873] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 370.322491][ T5873] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.336251][ T5873] usb 7-1: config 0 descriptor?? [ 370.422901][ T5891] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 370.491551][T19276] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4417'. [ 370.593378][ T5891] usb 6-1: Using ep0 maxpacket: 8 [ 370.610203][ T5891] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 370.631009][ T5891] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.649506][ T5891] usb 6-1: Product: syz [ 370.654309][ T5891] usb 6-1: Manufacturer: syz [ 370.658936][ T5891] usb 6-1: SerialNumber: syz [ 370.693650][ T5891] usb 6-1: config 0 descriptor?? [ 370.721899][ T5891] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 370.735121][ T5891] usb 6-1: setting power ON [ 370.741841][ T5891] dvb-usb: bulk message failed: -22 (2/0) [ 370.775623][ T5873] savu 0003:1E7D:2D5A.002B: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0 [ 370.775926][ T5891] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 370.851605][ T5891] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 370.879911][ T5891] usb 6-1: media controller created [ 370.936277][ T5891] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 370.993151][ T5891] usb 6-1: selecting invalid altsetting 6 [ 371.010928][ T5891] usb 6-1: digital interface selection failed (-22) [ 371.031435][ T5891] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 371.045251][ T10] usb 7-1: USB disconnect, device number 21 [ 371.057260][ T5891] usb 6-1: setting power OFF [ 371.062453][ T5891] dvb-usb: bulk message failed: -22 (2/0) [ 371.071333][ T5891] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 371.086281][ T5891] (NULL device *): no alternate interface [ 371.167092][ T5891] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 371.217800][ T5891] usb 6-1: USB disconnect, device number 24 [ 371.829902][T19315] netlink: 'syz.5.4435': attribute type 1 has an invalid length. [ 372.192791][ T10] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 372.352800][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 372.364564][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 372.379233][T19337] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4445'. [ 372.400053][ T10] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 372.531076][ T10] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 372.592775][ T10] usb 1-1: Product: syz [ 372.596997][ T10] usb 1-1: Manufacturer: syz [ 372.601607][ T10] usb 1-1: SerialNumber: syz [ 372.635616][ T10] usb 1-1: config 0 descriptor?? [ 372.643819][T19321] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 372.663872][ T10] hub 1-1:0.0: bad descriptor, ignoring hub [ 372.669840][ T10] hub 1-1:0.0: probe with driver hub failed with error -5 [ 372.717557][T19339] netlink: 'syz.6.4446': attribute type 4 has an invalid length. [ 372.732441][T19339] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4446'. [ 373.041940][T19350] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 373.333125][ T5834] usb 1-1: USB disconnect, device number 42 [ 373.922140][T19390] veth0_to_bond: entered promiscuous mode [ 373.931097][T19390] veth0_to_bond: left promiscuous mode [ 374.605050][T19419] netlink: 'syz.5.4478': attribute type 1 has an invalid length. [ 374.623080][T19419] netlink: 'syz.5.4478': attribute type 10 has an invalid length. [ 374.630968][T19419] netlink: 'syz.5.4478': attribute type 4 has an invalid length. [ 374.653362][T19419] netlink: 136 bytes leftover after parsing attributes in process `syz.5.4478'. [ 375.223246][ T5834] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 375.373485][ T5834] usb 1-1: Using ep0 maxpacket: 16 [ 375.386104][ T5834] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 375.408544][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.430978][ T5834] usb 1-1: Product: syz [ 375.435473][ T5834] usb 1-1: Manufacturer: syz [ 375.450085][ T5834] usb 1-1: SerialNumber: syz [ 375.457775][ T5834] usb 1-1: config 0 descriptor?? [ 375.875549][ T5834] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 375.893762][ T5834] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 375.907824][ T30] kauditd_printk_skb: 136 callbacks suppressed [ 375.907848][ T30] audit: type=1326 audit(1750143985.756:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 375.937385][ T5834] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 375.947975][ T5834] usb 1-1: media controller created [ 375.968219][ T30] audit: type=1326 audit(1750143985.756:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 375.995410][ T5834] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 376.012791][ T30] audit: type=1326 audit(1750143985.756:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 376.045419][ T30] audit: type=1326 audit(1750143985.756:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 376.069554][ T30] audit: type=1326 audit(1750143985.756:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 376.095498][ T5834] zl10353_read_register: readreg error (reg=127, ret==0) [ 376.102610][ T5834] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 376.120870][ T5834] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 376.130076][ T30] audit: type=1326 audit(1750143985.756:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 376.153132][ T10] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 376.165470][ T5834] usb 1-1: USB disconnect, device number 43 [ 376.191636][ T30] audit: type=1326 audit(1750143985.756:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 376.213255][ C1] vkms_vblank_simulate: vblank timer overrun [ 376.232432][ T30] audit: type=1326 audit(1750143985.756:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 376.264078][ T30] audit: type=1326 audit(1750143985.756:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19462 comm="syz.6.4498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc96358e929 code=0x7ffc0000 [ 376.291083][ T5834] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 376.353003][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 376.362152][ T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 376.380588][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 376.390993][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 376.422841][ T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 376.436396][ T1213] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 376.461483][ T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 376.479728][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.625252][ T1213] usb 7-1: Using ep0 maxpacket: 8 [ 376.655827][ T1213] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 376.666143][ T1213] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.674322][ T1213] usb 7-1: Product: syz [ 376.678998][ T1213] usb 7-1: Manufacturer: syz [ 376.683894][ T1213] usb 7-1: SerialNumber: syz [ 376.709475][ T10] usb 6-1: GET_CAPABILITIES returned 0 [ 376.743582][ T1213] usb 7-1: config 0 descriptor?? [ 376.756992][ T1213] gspca_main: se401-2.14.0 probing 047d:5003 [ 376.763246][ T10] usbtmc 6-1:16.0: can't read capabilities [ 376.923037][ T10] usb 6-1: USB disconnect, device number 25 [ 377.028925][T19492] 9pnet: p9_errstr2errno: server reported unknown error [ 377.158460][ T1213] gspca_se401: Frame size: 0x0 1/16th janggu [ 377.362138][ T1213] input: se401 as /devices/platform/dummy_hcd.6/usb7/7-1/input/input48 [ 377.406568][ T1213] usb 7-1: USB disconnect, device number 22 [ 377.562546][T19507] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4517'. [ 378.467189][T19540] netlink: 'syz.0.4532': attribute type 1 has an invalid length. [ 378.481336][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.491703][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.504201][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.516617][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.523401][ T10] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 378.529077][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.548651][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.561155][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.573606][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.582156][T19540] netlink: 144 bytes leftover after parsing attributes in process `syz.0.4532'. [ 378.586030][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.595020][T19540] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4532'. [ 378.607119][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.628487][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 378.704947][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 378.768674][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.804479][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.834875][ T10] usb 7-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 1.00 [ 378.886736][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.943832][ T10] usb 7-1: config 0 descriptor?? [ 379.383399][ T10] appleir 0003:05AC:8241.002C: unknown main item tag 0x0 [ 379.431260][ T10] appleir 0003:05AC:8241.002C: unknown main item tag 0x0 [ 379.478213][ T10] appleir 0003:05AC:8241.002C: unknown main item tag 0x0 [ 379.522838][ T10] appleir 0003:05AC:8241.002C: unknown main item tag 0x0 [ 379.571506][ T10] appleir 0003:05AC:8241.002C: unknown main item tag 0x0 [ 379.623866][ T10] appleir 0003:05AC:8241.002C: No inputs registered, leaving [ 379.700279][ T10] appleir 0003:05AC:8241.002C: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.6-1/input0 [ 379.766426][ T10] usb 7-1: USB disconnect, device number 23 [ 380.901609][ T1213] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 381.119243][ T1213] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 381.152908][ T1213] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.183197][ T1213] usb 1-1: Product: syz [ 381.187414][ T1213] usb 1-1: Manufacturer: syz [ 381.192028][ T1213] usb 1-1: SerialNumber: syz [ 381.270992][ T1213] usb 1-1: config 0 descriptor?? [ 381.716293][ T1213] usb 1-1: Firmware version (0.0) predates our first public release. [ 381.759251][ T1213] usb 1-1: Please update to version 0.2 or newer [ 381.794684][ T1213] usb 1-1: Firmware: build [ 381.842641][T19604] fuse: Invalid gid '00000000000037777777777' [ 381.862542][T19603] unknown channel width for channel at 909000KHz? [ 382.024257][ T1213] usb 1-1: USB disconnect, device number 44 [ 382.096591][T19611] Invalid source name [ 382.233895][T19614] could not open pipe file descriptor [ 383.493040][ C1] net_ratelimit: 9583 callbacks suppressed [ 383.493060][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.512223][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.528189][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.541645][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.555232][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.568694][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.582061][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.595508][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.608966][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 383.622464][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 384.017853][T19651] gretap0: entered promiscuous mode [ 388.067100][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 388.503066][ C1] net_ratelimit: 4963 callbacks suppressed [ 388.503087][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 388.521856][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 388.534784][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 388.547699][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 388.560600][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 388.573464][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 388.586452][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 388.599351][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 388.612424][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 388.624953][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 388.899887][ T5898] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 389.150490][ T5898] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 389.213118][ T5898] usb 3-1: USB disconnect, device number 30 [ 390.898928][ T5898] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 391.082798][ T5898] usb 1-1: Using ep0 maxpacket: 32 [ 391.102502][ T5898] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 391.155268][ T5898] usb 1-1: config 0 has no interface number 0 [ 391.219150][ T5898] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 391.250144][ T30] audit: type=1804 audit(1750144001.086:488): pid=19786 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.4637" name="/" dev="pidfs" ino=19785 res=1 errno=0 [ 391.285924][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.334277][ T5898] usb 1-1: Product: syz [ 391.365239][ T5898] usb 1-1: Manufacturer: syz [ 391.400413][ T5898] usb 1-1: SerialNumber: syz [ 391.409541][T19789] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 391.432133][ T5898] usb 1-1: config 0 descriptor?? [ 391.486851][ T5898] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 391.712253][ T5898] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 391.781659][ T5898] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 392.218464][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 392.227606][ T5898] usb 1-1: USB disconnect, device number 45 [ 392.274753][ T5898] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 392.362279][ T5898] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 392.467459][ T5898] quatech2 1-1:0.51: device disconnected [ 393.493596][ T5898] kernel write not supported for file /1287/loginuid (pid: 5898 comm: kworker/0:4) [ 393.512731][ C1] net_ratelimit: 8603 callbacks suppressed [ 393.512749][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 393.531774][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 393.544211][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 393.556704][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 393.569582][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 393.582464][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 393.594885][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 393.607335][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 393.620244][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 393.633111][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 394.013292][ T5955] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 394.241668][ T5955] usb 3-1: config 1 interface 0 has no altsetting 0 [ 394.299475][ T5955] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 394.329231][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.369193][ T5955] usb 3-1: Product: syz [ 394.396497][ T5955] usb 3-1: Manufacturer: syz [ 394.401161][ T5955] usb 3-1: SerialNumber: syz [ 394.777357][ T5955] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 394.864634][ T5955] usb 3-1: USB disconnect, device number 31 [ 394.914940][ T5955] usblp0: removed [ 396.782086][ T5955] IPVS: starting estimator thread 0... [ 396.887488][T19861] IPVS: using max 26 ests per chain, 62400 per kthread [ 397.617212][T19866] PM: Enabling pm_trace changes system date and time during resume. [ 397.617212][T19866] PM: Correct system time has to be restored manually after resume. [ 398.523275][ C1] net_ratelimit: 8135 callbacks suppressed [ 398.523296][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 398.542346][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 398.554832][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 398.567331][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 398.580301][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 398.593210][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 398.605668][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 398.618179][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 398.631137][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 398.644010][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 403.532820][ C1] net_ratelimit: 8657 callbacks suppressed [ 403.532842][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 403.551549][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 403.564456][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 403.576927][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 403.589409][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 403.602279][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 403.615123][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 403.627615][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 403.640122][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 403.653005][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 404.193000][ T5955] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 404.412801][ T5955] usb 1-1: Using ep0 maxpacket: 32 [ 404.452136][ T5955] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9 [ 404.493052][ T5955] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 404.537184][ T5955] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.549583][ T5955] usb 1-1: Product: syz [ 404.569483][ T5955] usb 1-1: Manufacturer: syz [ 404.601404][ T5955] usb 1-1: SerialNumber: syz [ 404.658883][ T5955] usb 1-1: config 0 descriptor?? [ 404.703092][T19888] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 404.761592][ T5955] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input49 [ 404.922914][T19901] tipc: Started in network mode [ 404.927921][T19901] tipc: Node identity 7f000001, cluster identity 4711 [ 405.133950][T19901] tipc: Enabled bearer , priority 10 [ 405.199804][ T5955] usb 1-1: USB disconnect, device number 46 [ 405.205953][ C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 406.207440][T19923] netlink: 100 bytes leftover after parsing attributes in process `syz.7.4691'. [ 406.257479][ T5834] tipc: Node number set to 2130706433 [ 406.872968][ T5898] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 407.065438][ T5898] usb 7-1: Using ep0 maxpacket: 32 [ 407.134825][T19931] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.4696'. [ 407.188437][ T5898] usb 7-1: unable to get BOS descriptor or descriptor too short [ 407.217144][ T5898] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 407.249709][ T5898] usb 7-1: can't read configurations, error -71 [ 407.598585][ T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 407.663056][ T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.368009][ T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 408.435143][ T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.543398][ C1] net_ratelimit: 7771 callbacks suppressed [ 408.543420][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 408.562085][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 408.574514][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 408.586975][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 408.599826][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 408.612714][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 408.625173][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 408.638368][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 408.651242][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 408.664043][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 409.065679][ T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 409.123569][ T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.348191][T19963] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4708'. [ 409.467325][ T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 409.511787][ T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.631575][T19953] syzkaller1: entered promiscuous mode [ 409.650585][T19953] syzkaller1: entered allmulticast mode [ 409.815743][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 409.826879][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 409.836689][ T5824] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 409.851176][ T5824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 409.862033][ T5824] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 410.671955][ T59] bridge_slave_1: left allmulticast mode [ 410.713761][ T59] bridge_slave_1: left promiscuous mode [ 410.719591][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.852229][ T59] : left allmulticast mode [ 410.861056][ T59] : left promiscuous mode [ 410.884501][ T59] bridge0: port 1() entered disabled state [ 411.913506][ T5831] Bluetooth: hci2: command tx timeout [ 413.151488][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.173659][ T59] bond_slave_0: left promiscuous mode [ 413.195130][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.257689][ T59] bond_slave_1: left promiscuous mode [ 413.276836][ T59] bond0 (unregistering): Released all slaves [ 413.553010][ C1] net_ratelimit: 8304 callbacks suppressed [ 413.553032][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 413.571182][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 413.583683][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 413.596541][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 413.608781][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 413.621002][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 413.633537][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 413.651193][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 413.663629][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 413.676034][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 413.732812][ T10] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 413.741103][ T59] bond1 (unregistering): (slave bond2): Releasing backup interface [ 413.755058][ T59] bond2 (unregistering): left promiscuous mode [ 413.770855][ T59] bond1 (unregistering): Released all slaves [ 413.902975][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 413.911619][ T10] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 413.935980][ T10] usb 6-1: config 0 has no interface number 0 [ 413.946958][ T10] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 413.980395][ T10] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 413.993008][ T5831] Bluetooth: hci2: command tx timeout [ 414.016645][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.025516][ T10] usb 6-1: Product: syz [ 414.029778][ T10] usb 6-1: Manufacturer: syz [ 414.044980][ T10] usb 6-1: SerialNumber: syz [ 414.054259][ T10] usb 6-1: config 0 descriptor?? [ 414.065054][ T10] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 414.083636][ T10] em28xx 6-1:0.132: Video interface 132 found: [ 414.148817][ T59] bond2 (unregistering): Released all slaves [ 414.519334][ T10] em28xx 6-1:0.132: chip ID is em28178 [ 415.122141][ T10] em28xx 6-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 415.178013][ T10] em28xx 6-1:0.132: board has no eeprom [ 415.186504][T20034] 9pnet: p9_errstr2errno: server reported unknown error @00000000000000000004 [ 415.229856][ T59] mac80211_hwsim hwsim3 wlan0 (unregistering): left allmulticast mode [ 415.262941][ T10] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 415.272107][ T10] em28xx 6-1:0.132: analog set to bulk mode. [ 415.326113][ T5898] em28xx 6-1:0.132: Registering V4L2 extension [ 415.348298][ T10] usb 6-1: USB disconnect, device number 26 [ 415.390181][ T10] em28xx 6-1:0.132: Disconnecting em28xx [ 415.736217][ T59] hsr_slave_0: left promiscuous mode [ 415.899134][T20041] vxcan0: tx drop: invalid sa for name 0x0000001000000000 [ 415.916589][ T59] hsr_slave_1: left promiscuous mode [ 415.994047][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 416.001535][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 416.073280][ T5831] Bluetooth: hci2: command tx timeout [ 416.161804][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 416.193056][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 416.274465][ T5898] usb 6-1: Decoder not found [ 416.279389][ T5898] em28xx 6-1:0.132: failed to create media graph [ 416.360805][ T5898] em28xx 6-1:0.132: V4L2 device video103 deregistered [ 416.406666][ T59] veth1_macvtap: left promiscuous mode [ 416.442044][ T5898] em28xx 6-1:0.132: Remote control support is not available for this card. [ 416.472332][ T59] veth0_macvtap: left promiscuous mode [ 416.494906][ T59] veth1_vlan: left promiscuous mode [ 416.525127][ T10] em28xx 6-1:0.132: Closing input extension [ 416.557867][ T59] veth0_vlan: left promiscuous mode [ 416.626004][ T10] em28xx 6-1:0.132: Freeing device [ 417.568224][T20055] netlink: 264 bytes leftover after parsing attributes in process `syz.0.4741'. [ 417.580879][T20055] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4741'. [ 418.154802][ T5831] Bluetooth: hci2: command tx timeout [ 418.562912][ C1] net_ratelimit: 8867 callbacks suppressed [ 418.562931][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 418.581227][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 418.593619][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 418.606034][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 418.618308][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 418.630739][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 418.643518][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 418.655724][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 418.667961][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 418.680720][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 419.214230][T19969] chnl_net:caif_netlink_parms(): no params data found [ 419.958384][ T30] audit: type=1400 audit(1750144029.806:489): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=20067 comm="syz.5.4745" src=1 dest=20000 [ 420.439007][T19969] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.451751][T19969] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.468289][T19969] bridge_slave_0: entered allmulticast mode [ 420.495112][T19969] bridge_slave_0: entered promiscuous mode [ 420.548517][ T59] IPVS: stop unused estimator thread 0... [ 420.566246][T19969] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.584243][T19969] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.608318][T19969] bridge_slave_1: entered allmulticast mode [ 420.635844][T19969] bridge_slave_1: entered promiscuous mode [ 420.805796][T19969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 420.838664][ T24] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 420.851313][T19969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.080906][T19969] team0: Port device team_slave_0 added [ 421.146156][T19969] team0: Port device team_slave_1 added [ 421.577135][ T24] usb 7-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 421.601522][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.681017][ T24] usb 7-1: config 0 descriptor?? [ 421.729409][T19969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 421.760577][T19969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.802454][ T24] gspca_main: spca508-2.14.0 probing 8086:0110 [ 421.896816][T19969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 421.973316][ T30] audit: type=1326 audit(1750144031.826:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20096 comm="syz.5.4757" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x0 [ 422.056285][ T24] gspca_spca508: reg_read err -32 [ 422.130115][T19969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.151073][T19969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.196770][ T24] gspca_spca508: reg_read err -32 [ 422.226850][T19969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.298669][ T24] gspca_spca508: reg_read err -32 [ 422.451999][T19969] hsr_slave_0: entered promiscuous mode [ 422.463387][T19969] hsr_slave_1: entered promiscuous mode [ 422.471519][T19969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 422.490945][T19969] Cannot create hsr debugfs directory [ 422.592402][ T24] gspca_spca508: reg_read err -71 [ 422.622210][ T24] gspca_spca508: reg write: error -71 [ 422.646661][ T24] spca508 7-1:0.0: probe with driver spca508 failed with error -71 [ 422.851241][ T24] usb 7-1: USB disconnect, device number 26 [ 422.943122][T20109] program syz.5.4762 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 423.182922][ T30] audit: type=1400 audit(1750144033.026:491): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="?" object="_" requested=w pid=20111 comm="syz.5.4764" dest=20000 [ 423.573463][ C1] net_ratelimit: 8212 callbacks suppressed [ 423.573483][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 423.591932][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 423.604274][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 423.617188][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 423.630309][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 423.642758][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 423.655214][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 423.667998][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 423.680832][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 423.693260][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 423.835714][ T10] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 423.869465][T20124] netlink: 'syz.6.4769': attribute type 12 has an invalid length. [ 423.888938][T20124] netlink: 'syz.6.4769': attribute type 29 has an invalid length. [ 423.906405][T20124] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4769'. [ 424.007060][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.048111][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 424.090755][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 424.159836][ T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 424.219906][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.267050][ T10] usb 6-1: config 0 descriptor?? [ 424.530438][T19969] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 424.565091][T19969] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 424.674762][T19969] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 424.711195][ T10] plantronics 0003:047F:FFFF.002D: No inputs registered, leaving [ 424.733546][T19969] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 424.752435][ T10] plantronics 0003:047F:FFFF.002D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 424.874791][ T5898] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 425.005351][ T1213] usb 6-1: USB disconnect, device number 27 [ 425.074715][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.100300][T19969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.112645][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.136898][ T5898] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 425.181881][T19969] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.209364][ T5898] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 425.254133][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.261359][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 425.270887][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.291462][ T5898] usb 7-1: config 0 descriptor?? [ 425.352894][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.361407][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.661054][T20136] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 425.742413][ T5898] plantronics 0003:047F:FFFF.002E: reserved main item tag 0xd [ 425.820120][ T5898] plantronics 0003:047F:FFFF.002E: No inputs registered, leaving [ 425.882568][ T5898] plantronics 0003:047F:FFFF.002E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 426.084320][ T5898] usb 7-1: USB disconnect, device number 27 [ 426.676025][T19969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 426.978308][T19969] veth0_vlan: entered promiscuous mode [ 427.076462][T19969] veth1_vlan: entered promiscuous mode [ 427.197812][T20163] IPVS: length: 91 != 24 [ 427.298483][T19969] veth0_macvtap: entered promiscuous mode [ 427.349405][T19969] veth1_macvtap: entered promiscuous mode [ 427.471395][T19969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 427.552269][T19969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 427.624735][T19969] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.663878][T19969] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.693059][T19969] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.717284][T19969] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.809427][T20171] input: syz0 as /devices/virtual/input/input51 [ 428.417045][ T3497] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 428.450528][T20184] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.4792'. [ 428.460027][ T3497] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 428.583510][ C1] net_ratelimit: 7945 callbacks suppressed [ 428.583532][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 428.602338][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 428.607482][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 428.614799][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 428.634853][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 428.644604][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 428.647832][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 428.667092][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 428.679604][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 428.692157][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 428.705162][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 428.718156][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 429.482977][ T1213] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 429.662815][ T1213] usb 6-1: Using ep0 maxpacket: 8 [ 429.699079][ T1213] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 429.737708][ T1213] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 429.787234][ T1213] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 429.854874][ T1213] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 429.871158][ T1213] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 429.893167][T20198] sctp: [Deprecated]: syz.7.4797 (pid 20198) Use of struct sctp_assoc_value in delayed_ack socket option. [ 429.893167][T20198] Use struct sctp_sack_info instead [ 429.942878][ T1213] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 429.969242][ T1213] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.263075][ T1213] usb 6-1: usb_control_msg returned -32 [ 430.268723][ T1213] usbtmc 6-1:16.0: can't read capabilities [ 432.315470][ T10] usb 6-1: USB disconnect, device number 28 [ 433.038321][ T5834] sched: DL replenish lagged too much [ 433.592930][ C1] net_ratelimit: 7864 callbacks suppressed [ 433.592949][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 433.611284][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 433.624256][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 433.637127][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 433.649986][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 433.662500][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 433.677784][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 433.690647][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 433.703150][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 433.715678][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 434.178195][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.331153][T20241] block device autoloading is deprecated and will be removed. [ 434.823802][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.531006][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 435.568824][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 435.583039][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.620224][ T5824] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 435.659818][ T5824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 435.688700][ T5824] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 435.701668][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.508526][ T12] bridge_slave_1: left allmulticast mode [ 436.564679][ T12] bridge_slave_1: left promiscuous mode [ 436.570479][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 436.763292][ T12] bridge_slave_0: left allmulticast mode [ 436.793076][ T12] bridge_slave_0: left promiscuous mode [ 436.831431][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.753538][ T5831] Bluetooth: hci2: command tx timeout [ 438.463492][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 438.498820][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 438.535193][ T12] bond0 (unregistering): Released all slaves [ 438.602975][ C1] net_ratelimit: 8992 callbacks suppressed [ 438.602995][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 438.621665][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 438.634463][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 438.646874][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 438.659301][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 438.671717][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 438.684546][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 438.697323][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 438.709710][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 438.722678][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 439.156612][ T30] audit: type=1800 audit(1750144050.001:492): pid=20283 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.4827" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 439.191968][T20283] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 439.279989][T20283] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 439.330152][T20283] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 439.668731][T20283] syz.0.4827 (20283) used greatest stack depth: 18392 bytes left [ 439.838993][ T5831] Bluetooth: hci2: command tx timeout [ 439.923211][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.055331][T20259] chnl_net:caif_netlink_parms(): no params data found [ 440.309751][ T30] audit: type=1800 audit(1750144051.141:493): pid=20306 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.4836" name="nullb0" dev="devtmpfs" ino=2854 res=0 errno=0 [ 440.454189][ T12] hsr_slave_0: left promiscuous mode [ 440.480365][ T12] hsr_slave_1: left promiscuous mode [ 440.511235][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 440.558105][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.642905][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.681534][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 441.004673][ T12] veth1_macvtap: left promiscuous mode [ 441.012298][ T12] veth0_macvtap: left promiscuous mode [ 441.024085][ T12] veth1_vlan: left promiscuous mode [ 441.029963][ T12] veth0_vlan: left promiscuous mode [ 441.913296][ T5831] Bluetooth: hci2: command tx timeout [ 442.630759][ T12] team0 (unregistering): Port device team_slave_1 removed [ 442.727093][ T12] team0 (unregistering): Port device team_slave_0 removed [ 443.613327][ C1] net_ratelimit: 7327 callbacks suppressed [ 443.613347][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 443.631590][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 443.644079][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 443.657443][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 443.670279][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 443.682845][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 443.695018][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 443.707229][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 443.719941][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 443.732395][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 443.994299][ T5831] Bluetooth: hci2: command tx timeout [ 444.271975][T20318] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 444.303535][ T30] audit: type=1800 audit(1750144055.111:494): pid=20318 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.4842" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 444.367551][T20318] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 444.427127][T20318] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 444.860666][T20259] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.892588][T20259] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.939319][T20259] bridge_slave_0: entered allmulticast mode [ 444.975760][T20259] bridge_slave_0: entered promiscuous mode [ 445.044792][T20259] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.052386][T20259] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.090859][T20259] bridge_slave_1: entered allmulticast mode [ 445.139601][T20259] bridge_slave_1: entered promiscuous mode [ 445.425641][T20259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 445.574344][T20259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 445.864676][T20259] team0: Port device team_slave_0 added [ 445.918414][T20259] team0: Port device team_slave_1 added [ 446.332564][T20259] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 446.361641][T20259] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 446.480548][T20259] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 446.533123][T20259] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 446.540258][T20259] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 446.610848][T20259] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 447.420980][T20259] hsr_slave_0: entered promiscuous mode [ 447.439622][T20259] hsr_slave_1: entered promiscuous mode [ 447.485621][T20259] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 447.520754][T20259] Cannot create hsr debugfs directory [ 447.677889][ T30] audit: type=1326 audit(1884361786.499:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf9db2ab19 code=0x7ffc0000 [ 447.745084][ T30] audit: type=1326 audit(1884361786.509:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 447.842793][ T30] audit: type=1326 audit(1884361786.509:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 448.112754][ T30] audit: type=1326 audit(1884361786.809:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf9db2ab19 code=0x7ffc0000 [ 448.190069][ T30] audit: type=1326 audit(1884361786.859:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf9db2ab19 code=0x7ffc0000 [ 448.306104][ T30] audit: type=1326 audit(1884361786.909:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf9db2ab19 code=0x7ffc0000 [ 448.402276][ T30] audit: type=1326 audit(1884361786.919:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 448.623611][ C1] net_ratelimit: 7119 callbacks suppressed [ 448.623631][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 448.642310][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 448.655117][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 448.667525][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 448.679969][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 448.693015][ T30] audit: type=1326 audit(1884361787.369:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcf9db2ab19 code=0x7ffc0000 [ 448.693298][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 448.728006][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 448.741374][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 448.754068][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 448.766491][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 448.812600][ T30] audit: type=1326 audit(1884361787.379:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20377 comm="syz.5.4867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9db8e929 code=0x7ffc0000 [ 451.602048][T20420] block nbd0: NBD_DISCONNECT [ 451.608656][T20420] block nbd0: Send disconnect failed -22 [ 451.674401][T20418] block nbd0: Disconnected due to user request. [ 451.681064][T20418] block nbd0: shutting down sockets [ 453.423110][T20259] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 453.493797][T20259] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 453.561231][T20259] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 453.625195][T20259] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 453.633354][ C1] net_ratelimit: 6961 callbacks suppressed [ 453.633372][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 453.652024][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 453.664460][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 453.676918][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 453.689812][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 453.702771][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 453.715609][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 453.728887][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 453.741346][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 453.753811][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 454.250515][T20259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 454.396385][T20259] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.460684][T20455] netlink: 'syz.5.4892': attribute type 10 has an invalid length. [ 454.468881][ T10] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 454.479647][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.486830][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.507618][T20455] netlink: 55 bytes leftover after parsing attributes in process `syz.5.4892'. [ 454.541717][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.548944][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.572982][ T5898] usb 1-1: new full-speed USB device number 47 using dummy_hcd [ 454.663862][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 454.673459][ T10] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.703321][ T10] usb 7-1: config 0 interface 0 has no altsetting 0 [ 454.710086][ T10] usb 7-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 454.759634][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.778227][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.793920][ T5898] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 454.816425][ T10] usb 7-1: config 0 descriptor?? [ 454.829416][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.871970][ T5898] usb 1-1: config 0 descriptor?? [ 455.256980][ T10] hid (null): report_id 55783 is invalid [ 455.351941][ T5898] nintendo 0003:057E:200E.002F: unbalanced delimiter at end of report description [ 455.428009][ T5898] nintendo 0003:057E:200E.002F: HID parse failed [ 455.452618][ T10] cougar 0003:060B:500A.0030: usage count exceeds max: fixing up report descriptor [ 455.511963][ T5898] nintendo 0003:057E:200E.002F: probe - fail = -22 [ 455.540435][ T10] cougar 0003:060B:500A.0030: unexpected long global item [ 455.568118][ T5898] nintendo 0003:057E:200E.002F: probe with driver nintendo failed with error -22 [ 455.598794][ T10] cougar 0003:060B:500A.0030: parse failed [ 455.641256][ T10] cougar 0003:060B:500A.0030: probe with driver cougar failed with error -22 [ 455.663836][ T5898] usb 1-1: USB disconnect, device number 47 [ 455.735161][ T10] usb 7-1: USB disconnect, device number 28 [ 456.479584][ T30] kauditd_printk_skb: 66 callbacks suppressed [ 456.479601][ T30] audit: type=1326 audit(1884361795.299:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20482 comm="syz.0.4903" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff59ad8e929 code=0x0 [ 456.741179][T20259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 457.073312][T20259] veth0_vlan: entered promiscuous mode [ 457.157309][T20259] veth1_vlan: entered promiscuous mode [ 457.379133][T20259] veth0_macvtap: entered promiscuous mode [ 457.472332][T20259] veth1_macvtap: entered promiscuous mode [ 457.607747][T20259] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 457.706752][T20259] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 457.777034][T20259] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.835797][T20259] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.877437][T20259] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 457.901133][T20259] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.380738][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 458.431728][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 458.630139][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 458.642758][ C1] net_ratelimit: 7105 callbacks suppressed [ 458.642774][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 458.661468][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 458.674289][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 458.683139][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 458.686627][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 458.705932][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 458.718778][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 458.731606][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 458.744408][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 458.759195][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 458.771674][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 461.662527][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.316129][ T31] INFO: task syz.3.3505:17203 blocked for more than 143 seconds. [ 462.349786][ T31] Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 462.387351][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 462.405375][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 462.422855][ T5824] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 462.441885][ T5824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 462.449851][ T5824] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 462.488184][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 462.547416][ T31] task:syz.3.3505 state:D stack:25352 pid:17203 tgid:17202 ppid:13352 task_flags:0x400140 flags:0x00004004 [ 462.611972][ T31] Call Trace: [ 462.633160][ T31] [ 462.646235][ T31] __schedule+0x16a2/0x4cb0 [ 462.739951][ T31] ? __lock_acquire+0xab9/0xd20 [ 462.794055][ T31] ? schedule+0x165/0x360 [ 462.852802][ T31] ? __pfx___schedule+0x10/0x10 [ 462.906408][ T31] ? schedule+0x91/0x360 [ 462.910727][ T31] schedule+0x165/0x360 [ 462.976207][ T31] schedule_preempt_disabled+0x13/0x30 [ 462.981739][ T31] __mutex_lock+0x724/0xe80 [ 463.042919][ T31] ? __mutex_lock+0x51b/0xe80 [ 463.047686][ T31] ? nfsd_shutdown_threads+0x4e/0xd0 [ 463.099615][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 463.118206][ T31] ? net_generic+0x1e/0x240 [ 463.137836][ T31] ? net_generic+0x1e/0x240 [ 463.142394][ T31] nfsd_shutdown_threads+0x4e/0xd0 [ 463.157745][ T31] nfsd_umount+0x42/0xd0 [ 463.162039][ T31] deactivate_locked_super+0xbc/0x130 [ 463.193032][ T31] put_fs_context+0x93/0x790 [ 463.197672][ T31] ? __pfx_fscontext_release+0x10/0x10 [ 463.212758][ T31] fscontext_release+0x62/0x80 [ 463.217573][ T31] __fput+0x449/0xa70 [ 463.221595][ T31] task_work_run+0x1d1/0x260 [ 463.250638][ T31] ? __pfx_task_work_run+0x10/0x10 [ 463.268084][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 463.277369][ T31] exit_to_user_mode_loop+0xec/0x110 [ 463.301801][ T31] do_syscall_64+0x2bd/0x3b0 [ 463.310919][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 463.319849][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.327444][ T31] ? clear_bhb_loop+0x60/0xb0 [ 463.332152][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.341715][ T31] RIP: 0033:0x7fb0c178e929 [ 463.353773][ T31] RSP: 002b:00007fb0c2537038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 463.362223][ T31] RAX: 0000000000000000 RBX: 00007fb0c19b5fa0 RCX: 00007fb0c178e929 [ 463.379302][ T31] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000004 [ 463.390601][ T31] RBP: 00007fb0c1810b39 R08: 0000000000000000 R09: 0000000000000000 [ 463.401711][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 463.419613][ T31] R13: 0000000000000000 R14: 00007fb0c19b5fa0 R15: 00007ffd8a29c708 [ 463.428493][ T31] [ 463.449853][ T31] [ 463.449853][ T31] Showing all locks held in the system: [ 463.552713][ T31] 8 locks held by kworker/u8:0/12: [ 463.557875][ T31] #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 463.645199][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.652974][ C1] net_ratelimit: 7656 callbacks suppressed [ 463.652992][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 463.673725][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 463.686144][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 463.689850][ T31] #1: [ 463.698563][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 463.713766][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 463.723039][ T31] ffffc90000117bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 463.726633][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 463.748854][ C1] bridge0: received packet on veth0_to_bridge with own address as source address (addr:d2:cd:88:0f:f5:d8, vlan:0) [ 463.761657][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 463.774557][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 463.787316][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 463.807857][ T31] #2: ffffffff8f4f1410 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 463.862801][ T31] #3: ffff888021ad90e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 463.913302][ T31] #4: ffff8880550a8250 (&devlink->lock_key#12){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 463.963081][ T31] #5: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xdb/0x670 [ 463.972051][ T31] #6: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730 [ 464.092740][ T31] #7: ffff8880b863b798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 464.172953][ T31] 3 locks held by kworker/u8:1/13: [ 464.178133][ T31] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 464.277950][ T31] #1: ffffc90000127bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 464.351703][ T31] #2: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 464.402701][ T31] 1 lock held by khungtaskd/31: [ 464.407600][ T31] #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 464.472991][ T5824] Bluetooth: hci2: command tx timeout [ 464.509955][ T31] 3 locks held by kworker/1:1/48: [ 464.532739][ T31] 2 locks held by kworker/u8:3/49: [ 464.537911][ T31] 2 locks held by kworker/1:2/977: [ 464.578971][ T31] 2 locks held by getty/5589: [ 464.612127][ T31] #0: ffff88803418a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 464.655556][ T31] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 464.670927][ T31] 2 locks held by kworker/1:3/5834: [ 464.676589][ T31] 4 locks held by kworker/1:4/5891: [ 464.681805][ T31] 3 locks held by kworker/1:5/5912: [ 464.692407][ T31] 2 locks held by syz.4.2414/14661: [ 464.697666][ T31] #0: ffffffff8f5641b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 464.711057][ T31] #1: ffffffff8e41b488 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12a/0x1650 [ 464.732706][ T31] 1 lock held by syz.5.2642/15171: [ 464.737847][ T31] #0: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 464.751332][ T31] 2 locks held by syz.3.3505/17203: [ 464.756601][ T31] #0: ffff88807b4020e0 (&type->s_umount_key#86){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0 [ 464.771958][ T31] #1: ffffffff8e41b488 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x4e/0xd0 [ 464.781640][ T31] 1 lock held by syz.7.3985/18308: [ 464.792312][ T31] #0: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 464.801908][ T31] 3 locks held by kworker/1:7/20531: [ 464.812373][ T31] 4 locks held by kworker/1:8/20537: [ 464.817710][ T31] 2 locks held by syz.6.4926/20546: [ 464.829090][ T31] #0: ffffffff8f4f1410 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 464.847791][ T31] #1: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 464.868117][ T31] 1 lock held by syz.0.4929/20554: [ 464.874113][ T31] #0: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 464.888242][ T31] 1 lock held by syz-executor/20572: [ 464.893997][ T31] #0: ffffffff8f4fe008 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 464.946278][ T31] [ 464.948651][ T31] ============================================= [ 464.948651][ T31] [ 464.997776][ T31] NMI backtrace for cpu 0 [ 464.997806][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 464.997829][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 464.997842][ T31] Call Trace: [ 464.997849][ T31] [ 464.997858][ T31] dump_stack_lvl+0x189/0x250 [ 464.997895][ T31] ? __wake_up_klogd+0xd9/0x110 [ 464.997918][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 464.997945][ T31] ? __pfx__printk+0x10/0x10 [ 464.997978][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 464.998004][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 464.998025][ T31] ? _printk+0xcf/0x120 [ 464.998048][ T31] ? __pfx__printk+0x10/0x10 [ 464.998069][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 464.998095][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 464.998121][ T31] watchdog+0xfee/0x1030 [ 464.998146][ T31] ? watchdog+0x1de/0x1030 [ 464.998179][ T31] kthread+0x70e/0x8a0 [ 464.998202][ T31] ? __pfx_watchdog+0x10/0x10 [ 464.998224][ T31] ? __pfx_kthread+0x10/0x10 [ 464.998245][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 464.998271][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 464.998296][ T31] ? __pfx_kthread+0x10/0x10 [ 464.998317][ T31] ret_from_fork+0x3f9/0x770 [ 464.998344][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 464.998376][ T31] ? __switch_to_asm+0x39/0x70 [ 464.998392][ T31] ? __switch_to_asm+0x33/0x70 [ 464.998409][ T31] ? __pfx_kthread+0x10/0x10 [ 464.998429][ T31] ret_from_fork_asm+0x1a/0x30 [ 464.998463][ T31] [ 464.998470][ T31] Sending NMI from CPU 0 to CPUs 1: [ 465.157653][ C1] NMI backtrace for cpu 1 [ 465.157669][ C1] CPU: 1 UID: 0 PID: 5912 Comm: kworker/1:5 Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 465.157690][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.157702][ C1] Workqueue: wg-kex-wg2 wg_packet_handshake_receive_worker [ 465.157731][ C1] RIP: 0010:__asan_memset+0x22/0x50 [ 465.157749][ C1] Code: 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 56 53 48 89 d3 89 f5 49 89 fe 48 8b 4c 24 18 48 89 d6 ba 01 00 00 00 e8 7e e4 ff ff <84> c0 74 11 4c 89 f7 89 ee 48 89 da 5b 41 5e 5d e9 09 ab 3d 09 31 [ 465.157764][ C1] RSP: 0000:ffffc90000a07c58 EFLAGS: 00000256 [ 465.157778][ C1] RAX: 1ffff92000140f01 RBX: 0000000000000010 RCX: ffffffff8172a6e8 [ 465.157791][ C1] RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc90000a07d98 [ 465.157802][ C1] RBP: 0000000000000000 R08: ffffc90000a07da7 R09: 1ffff92000140fb4 [ 465.157813][ C1] R10: dffffc0000000000 R11: fffff52000140fb5 R12: ffffc90000a086e0 [ 465.157826][ C1] R13: ffffc90000a07d98 R14: ffffc90000a07d98 R15: ffffc90000a07d90 [ 465.157838][ C1] FS: 0000000000000000(0000) GS:ffff888125d85000(0000) knlGS:0000000000000000 [ 465.157852][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 465.157864][ C1] CR2: 0000001b2ea0dff8 CR3: 000000000df38000 CR4: 00000000003526f0 [ 465.157878][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 465.157888][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 465.157898][ C1] Call Trace: [ 465.157905][ C1] [ 465.157914][ C1] unwind_next_frame+0xc98/0x2390 [ 465.157941][ C1] ? unwind_next_frame+0xa5/0x2390 [ 465.157964][ C1] ? br_nf_pre_routing_ipv6+0x37e/0x6b0 [ 465.157986][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 465.158004][ C1] arch_stack_walk+0x11c/0x150 [ 465.158030][ C1] ? br_handle_frame+0x982/0x14c0 [ 465.158050][ C1] stack_trace_save+0x9c/0xe0 [ 465.158066][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 465.158084][ C1] ? ip6_rcv_finish+0x29a/0x2d0 [ 465.158114][ C1] kasan_save_track+0x3e/0x80 [ 465.158130][ C1] ? kasan_save_track+0x3e/0x80 [ 465.158146][ C1] ? __kasan_slab_alloc+0x6c/0x80 [ 465.158163][ C1] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 465.158181][ C1] ? skb_clone+0x212/0x3a0 [ 465.158201][ C1] ? maybe_deliver+0x98/0x160 [ 465.158215][ C1] ? br_flood+0x31a/0x6a0 [ 465.158228][ C1] ? br_handle_frame_finish+0x14b4/0x19b0 [ 465.158245][ C1] ? br_nf_hook_thresh+0x3c6/0x4a0 [ 465.158261][ C1] ? br_nf_pre_routing_finish_ipv6+0x948/0xd00 [ 465.158280][ C1] ? br_nf_pre_routing_ipv6+0x37e/0x6b0 [ 465.158323][ C1] __kasan_slab_alloc+0x6c/0x80 [ 465.158342][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 465.158360][ C1] ? skb_clone+0x212/0x3a0 [ 465.158382][ C1] skb_clone+0x212/0x3a0 [ 465.158405][ C1] maybe_deliver+0x98/0x160 [ 465.158421][ C1] br_flood+0x31a/0x6a0 [ 465.158440][ C1] br_handle_frame_finish+0x14b4/0x19b0 [ 465.158465][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 465.158488][ C1] ? ip6t_do_table+0x1db/0x1550 [ 465.158510][ C1] ? nf_hook_slow+0x176/0x220 [ 465.158529][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 465.158546][ C1] br_nf_hook_thresh+0x3c6/0x4a0 [ 465.158568][ C1] ? __pfx_br_nf_hook_thresh+0x10/0x10 [ 465.158586][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 465.158603][ C1] ? nf_nat_ipv6_in+0x1fc/0x2b0 [ 465.158633][ C1] br_nf_pre_routing_finish_ipv6+0x948/0xd00 [ 465.158652][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 465.158674][ C1] ? br_nf_pre_routing_ipv6+0x42f/0x6b0 [ 465.158693][ C1] br_nf_pre_routing_ipv6+0x37e/0x6b0 [ 465.158714][ C1] ? __pfx_br_nf_pre_routing_ipv6+0x10/0x10 [ 465.158734][ C1] ? __pfx_br_nf_pre_routing_finish_ipv6+0x10/0x10 [ 465.158768][ C1] ? br_nf_pre_routing+0x720/0x1470 [ 465.158789][ C1] ? __pfx_br_nf_pre_routing+0x10/0x10 [ 465.158806][ C1] br_handle_frame+0x982/0x14c0 [ 465.158828][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 465.158844][ C1] ? rcu_lockdep_current_cpu_online+0x37/0x120 [ 465.158863][ C1] ? __pfx_br_handle_frame_finish+0x10/0x10 [ 465.158880][ C1] ? __pfx_rcu_read_lock_bh_held+0x10/0x10 [ 465.158908][ C1] ? __pfx_br_handle_frame+0x10/0x10 [ 465.158926][ C1] __netif_receive_skb_core+0x10de/0x4180 [ 465.158957][ C1] ? ip6_mc_input+0x9c3/0xbe0 [ 465.158984][ C1] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 465.159008][ C1] ? ip6_rcv_finish+0x29a/0x2d0 [ 465.159030][ C1] ? NF_HOOK+0x309/0x3a0 [ 465.159050][ C1] ? skb_orphan+0xaf/0xd0 [ 465.159078][ C1] ? process_backlog+0x2d5/0x14f0 [ 465.159094][ C1] ? process_backlog+0x2d5/0x14f0 [ 465.159116][ C1] __netif_receive_skb+0x72/0x380 [ 465.159142][ C1] ? process_backlog+0x2d5/0x14f0 [ 465.159159][ C1] process_backlog+0x60e/0x14f0 [ 465.159174][ C1] ? __lock_acquire+0xab9/0xd20 [ 465.159201][ C1] ? __pfx_process_backlog+0x10/0x10 [ 465.159223][ C1] __napi_poll+0xc7/0x480 [ 465.159245][ C1] ? net_rx_action+0x46d/0xe30 [ 465.159263][ C1] net_rx_action+0x707/0xe30 [ 465.159285][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 465.159315][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 465.159356][ C1] handle_softirqs+0x286/0x870 [ 465.159380][ C1] ? do_softirq+0xec/0x180 [ 465.159404][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 465.159429][ C1] ? kernel_fpu_end+0xc8/0x120 [ 465.159446][ C1] do_softirq+0xec/0x180 [ 465.159466][ C1] [ 465.159471][ C1] [ 465.159478][ C1] ? __pfx_do_softirq+0x10/0x10 [ 465.159500][ C1] ? __local_bh_disable_ip+0xf1/0x190 [ 465.159521][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 465.159545][ C1] ? lockdep_softirqs_on+0x13b/0x1c0 [ 465.159566][ C1] __local_bh_enable_ip+0x17d/0x1c0 [ 465.159588][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 465.159610][ C1] ? kernel_fpu_begin_mask+0x2c8/0x3a0 [ 465.159631][ C1] kernel_fpu_end+0xd2/0x120 [ 465.159646][ C1] ? __pfx_kernel_fpu_end+0x10/0x10 [ 465.159666][ C1] blake2s_compress+0x5f/0xd0 [ 465.159683][ C1] blake2s_final+0x116/0x260 [ 465.159709][ C1] hmac+0x293/0x330 [ 465.159728][ C1] ? __pfx_hmac+0x10/0x10 [ 465.159761][ C1] ? rcu_lockdep_current_cpu_online+0x37/0x120 [ 465.159781][ C1] kdf+0x105/0x270 [ 465.159800][ C1] ? __pfx_kdf+0x10/0x10 [ 465.159819][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.159843][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 465.159868][ C1] ? wg_pubkey_hashtable_lookup+0x1e/0x360 [ 465.159892][ C1] ? wg_pubkey_hashtable_lookup+0x1e/0x360 [ 465.159919][ C1] wg_noise_handshake_consume_initiation+0x3ee/0x900 [ 465.159944][ C1] ? __pfx_wg_noise_handshake_consume_initiation+0x10/0x10 [ 465.159963][ C1] ? kernel_fpu_end+0xd2/0x120 [ 465.159979][ C1] ? __pfx_kernel_fpu_end+0x10/0x10 [ 465.159993][ C1] ? wg_packet_encrypt_worker+0x167a/0x1720 [ 465.160022][ C1] ? __asan_memset+0x22/0x50 [ 465.160043][ C1] ? __pfx_compute_mac1+0x10/0x10 [ 465.160072][ C1] ? wg_cookie_validate_packet+0x208/0x320 [ 465.160095][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 465.160127][ C1] wg_packet_handshake_receive_worker+0x5f2/0xfb0 [ 465.160160][ C1] ? __pfx_wg_packet_handshake_receive_worker+0x10/0x10 [ 465.160185][ C1] ? register_lock_class+0x51/0x320 [ 465.160208][ C1] ? __lock_acquire+0xab9/0xd20 [ 465.160233][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 465.160260][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 465.160279][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 465.160301][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 465.160324][ C1] process_scheduled_works+0xade/0x17b0 [ 465.160361][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 465.160392][ C1] worker_thread+0x8a0/0xda0 [ 465.160416][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 465.160442][ C1] ? __kthread_parkme+0x7b/0x200 [ 465.160470][ C1] kthread+0x70e/0x8a0 [ 465.160488][ C1] ? __pfx_worker_thread+0x10/0x10 [ 465.160510][ C1] ? __pfx_kthread+0x10/0x10 [ 465.160527][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 465.160547][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.160568][ C1] ? __pfx_kthread+0x10/0x10 [ 465.160585][ C1] ret_from_fork+0x3f9/0x770 [ 465.160607][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 465.160631][ C1] ? __switch_to_asm+0x39/0x70 [ 465.160646][ C1] ? __switch_to_asm+0x33/0x70 [ 465.160660][ C1] ? __pfx_kthread+0x10/0x10 [ 465.160677][ C1] ret_from_fork_asm+0x1a/0x30 [ 465.160700][ C1] [ 466.023000][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 466.029905][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00024-g9afe652958c3 #0 PREEMPT(full) [ 466.041726][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 466.051807][ T31] Call Trace: [ 466.055097][ T31] [ 466.058045][ T31] dump_stack_lvl+0x99/0x250 [ 466.062658][ T31] ? __asan_memcpy+0x40/0x70 [ 466.067266][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 466.072485][ T31] ? __pfx__printk+0x10/0x10 [ 466.077100][ T31] panic+0x2db/0x790 [ 466.081021][ T31] ? __pfx_panic+0x10/0x10 [ 466.085458][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 466.091287][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 466.096677][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 466.102855][ T31] watchdog+0x102d/0x1030 [ 466.107206][ T31] ? watchdog+0x1de/0x1030 [ 466.111650][ T31] kthread+0x70e/0x8a0 [ 466.115737][ T31] ? __pfx_watchdog+0x10/0x10 [ 466.120428][ T31] ? __pfx_kthread+0x10/0x10 [ 466.125035][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 466.130253][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.135469][ T31] ? __pfx_kthread+0x10/0x10 [ 466.140071][ T31] ret_from_fork+0x3f9/0x770 [ 466.144684][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 466.149822][ T31] ? __switch_to_asm+0x39/0x70 [ 466.154596][ T31] ? __switch_to_asm+0x33/0x70 [ 466.159369][ T31] ? __pfx_kthread+0x10/0x10 [ 466.163970][ T31] ret_from_fork_asm+0x1a/0x30 [ 466.168761][ T31] [ 466.172115][ T31] Kernel Offset: disabled [ 466.176444][ T31] Rebooting in 86400 seconds..