last executing test programs: 8m49.752428634s ago: executing program 32 (id=4606): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_IOEVENTFD(r1, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0xc3ca0400}) 7m32.839585814s ago: executing program 33 (id=6928): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x8}]}, 0x94}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0x98, 0x0, 0x1, 0x401, 0x0, 0x8000000, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0x98}}, 0x8884) 6m47.458094453s ago: executing program 34 (id=8303): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000600)="f2435f01000880000e0000850800f06cb005a150fa26a50ed4c7a7f784a3caff0400", 0x22, 0x1, &(0x7f0000000200)={0x11, 0x18, r1, 0x1, 0x0, 0x6, @random="98b3f49915a8"}, 0x14) 6m11.645511385s ago: executing program 3 (id=10222): ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000000)={0x40080, 0x4, 0xd8f9}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe) sched_setaffinity(0x0, 0x0, 0x0) 6m11.59780038s ago: executing program 3 (id=10225): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000003c0)={[{@uuid_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 6m11.521240389s ago: executing program 3 (id=10229): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r0) sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x2c, r1, 0x1, 0x0, 0x0, {0x3}, [@GTPA_LINK={0x8}, @GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}]}, 0x2c}}, 0x0) 6m11.47127537s ago: executing program 3 (id=10232): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) umount2(&(0x7f0000000100)='./file0\x00', 0xc) 6m11.471159888s ago: executing program 3 (id=10233): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mptcp_buf(r0, 0x11c, 0x1, 0x0, &(0x7f0000000140)) 6m11.281470289s ago: executing program 3 (id=10240): syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r0, &(0x7f0000001680)=[{&(0x7f0000000240)="12", 0x1}], 0x1) 6m11.239644213s ago: executing program 35 (id=10240): syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r0, &(0x7f0000001680)=[{&(0x7f0000000240)="12", 0x1}], 0x1) 5m53.936942198s ago: executing program 0 (id=10831): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48) 5m53.890167652s ago: executing program 0 (id=10834): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xe00, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0) 5m53.791611619s ago: executing program 0 (id=10838): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x2000, {0x1}, 0xfd}, 0x18) 5m53.788331307s ago: executing program 0 (id=10841): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff010}, {0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x0, 0x0, 0x2}]}, 0x8) sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) 5m53.711367332s ago: executing program 0 (id=10844): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x100) fcntl$notify(r0, 0x402, 0x8000000b) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x20) 5m53.711251454s ago: executing program 0 (id=10845): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001980)=ANY=[@ANYBLOB="05000000810d00000300000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0300006001"], 0x80}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) 5m38.673174975s ago: executing program 36 (id=10845): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001980)=ANY=[@ANYBLOB="05000000810d00000300000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0300006001"], 0x80}, 0x1, 0x0, 0x0, 0x20000080}, 0x8000) 5m15.080223229s ago: executing program 6 (id=12058): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r2, @ANYBLOB='\b\x00', @ANYRES64=r0], 0x40}}, 0x0) 5m14.979194333s ago: executing program 6 (id=12060): sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000003f80)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000800000009000000020000001000000000000100ff00000076e6e5dbc6ca7a051981d4015ffb885adfb28ba1c27fe0c0e0bce7f04b5c7f74b86947"], 0x30, 0x20000040}], 0x1, 0x4008004) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00'], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) 5m14.920465096s ago: executing program 6 (id=12062): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x1, 0x12) 5m14.849073306s ago: executing program 6 (id=12064): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) 5m14.780118547s ago: executing program 6 (id=12068): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01) 5m14.727082416s ago: executing program 6 (id=12069): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0xd00, 0x2, 0x1, 0x0, 0x4003, 0x2, 0x8, 0x7, 0x5, 0x40, 0x2, 0x1, 0xb, 0x2, 0x6, 0x9, 0x1, 0x5, 0x7, 0x40001003, 0x5, 0xffff, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0xffff, 0xfffffff4]}) ioctl$COMEDI_CMDTEST(r0, 0x8040640a, &(0x7f00000006c0)={0x0, 0x20000, 0x0, 0xffffffff, 0x20, 0x3, 0x4, 0x10001, 0x100, 0x5, 0xffffffff, 0x100, &(0x7f0000000000)=[0x7, 0x3, 0x8, 0x3, 0x7, 0x5, 0x85], 0x7, &(0x7f00000000c0)="bdc8dcd735ab0e72cb22d57318c8a147277c23d8524dc927c20f23010100003763cbd79b301a9c5e2927423fccfc55e56f9f3bd35cd44e1475e7b41944f5cbda922b5c97e8f7f935a36f79905f6d4a11df04c9cc9615dbe6da6b59", 0x5b}) 4m59.663939271s ago: executing program 37 (id=12069): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000180)={'pcl812\x00', [0xd00, 0x2, 0x1, 0x0, 0x4003, 0x2, 0x8, 0x7, 0x5, 0x40, 0x2, 0x1, 0xb, 0x2, 0x6, 0x9, 0x1, 0x5, 0x7, 0x40001003, 0x5, 0xffff, 0xf27, 0x6, 0x800b, 0x8, 0x5, 0x6, 0x8, 0xffff, 0xfffffff4]}) ioctl$COMEDI_CMDTEST(r0, 0x8040640a, &(0x7f00000006c0)={0x0, 0x20000, 0x0, 0xffffffff, 0x20, 0x3, 0x4, 0x10001, 0x100, 0x5, 0xffffffff, 0x100, &(0x7f0000000000)=[0x7, 0x3, 0x8, 0x3, 0x7, 0x5, 0x85], 0x7, &(0x7f00000000c0)="bdc8dcd735ab0e72cb22d57318c8a147277c23d8524dc927c20f23010100003763cbd79b301a9c5e2927423fccfc55e56f9f3bd35cd44e1475e7b41944f5cbda922b5c97e8f7f935a36f79905f6d4a11df04c9cc9615dbe6da6b59", 0x5b}) 1m36.959419391s ago: executing program 1 (id=16099): mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xf) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) mknod$loop(&(0x7f0000000340)='./file1\x00', 0x208c, 0x1) 1m36.959318595s ago: executing program 1 (id=16100): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f00000005c0)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, 0x0, 0x3f) 1m34.571249164s ago: executing program 1 (id=16130): syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/vlan0\x00') syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) 1m34.449862448s ago: executing program 1 (id=16136): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 1m34.370242598s ago: executing program 1 (id=16140): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x300, 0x0, 0x2, 0x9, 0x0, 0x4}, 0x20) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@dev={0xfe, 0x80, '\x00', 0xe}, 0x300, 0x0, 0x2, 0xa, 0x0, 0x4}, 0x20) 1m34.129252115s ago: executing program 1 (id=16144): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc048aeca, &(0x7f0000000580)={0x4, 0x0, [{0xa0f, 0x0, 0x8000000000000000}, {0x9bf, 0x0, 0x2}, {0xa5c, 0x0, 0x8}, {0x327, 0x0, 0x8}]}) 1m34.098884585s ago: executing program 38 (id=16144): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc048aeca, &(0x7f0000000580)={0x4, 0x0, [{0xa0f, 0x0, 0x8000000000000000}, {0x9bf, 0x0, 0x2}, {0xa5c, 0x0, 0x8}, {0x327, 0x0, 0x8}]}) 6.627650665s ago: executing program 2 (id=17813): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)={@val={0x0, 0x3}, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}, @val={@val={0x88a8, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x1, 0x0, 0x2a, 0x67, 0x0, 0x5, 0x6, 0x0, @local, @loopback}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x80, 0x48, 0x0, 0x2}, {"de45"}}}}}}}, 0x44) 6.367161833s ago: executing program 2 (id=17818): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) read$FUSE(r3, 0x0, 0x0) 6.191279171s ago: executing program 2 (id=17820): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$snddsp(r1, 0x0, 0x0) 6.111996198s ago: executing program 2 (id=17822): mkdirat(0xffffffffffffff9c, &(0x7f0000000800)='./file0\x00', 0x44) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 6.019371837s ago: executing program 2 (id=17824): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x121800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000300)={0x79, 0x0, 0x2f3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000001600)) 5.686377253s ago: executing program 2 (id=17833): unshare(0x62000000) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x80003, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="340000001a00010024bd70000000000002201400fc0200070002000008000300", @ANYRES32=r2, @ANYBLOB="08000100c0000806080002007e"], 0x34}}, 0xea5bc50b6199d7fe) 5.600283411s ago: executing program 39 (id=17833): unshare(0x62000000) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x80003, 0x1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="340000001a00010024bd70000000000002201400fc0200070002000008000300", @ANYRES32=r2, @ANYBLOB="08000100c0000806080002007e"], 0x34}}, 0xea5bc50b6199d7fe) 5.434551367s ago: executing program 9 (id=17843): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0xf}) 5.199039222s ago: executing program 9 (id=17846): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000780)={0x7, 0x0, [{0x4, 0xffffffff, 0x1, 0x7, 0x6, 0x6, 0x2}, {0x40000000, 0x4, 0x0, 0x7fff, 0x27, 0x7, 0x5}, {0x7, 0x8, 0x0, 0x2, 0x5, 0x5, 0xffff}, {0xb, 0xe5f, 0x0, 0x7, 0x8001, 0x6, 0x80000001}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0x400}, {0x2, 0x1, 0x4, 0x6, 0x4, 0x4, 0x3}, {0x1, 0x8d3d, 0x6, 0x9, 0x3ff, 0x1, 0x3}]}) 5.094434435s ago: executing program 9 (id=17849): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r1 = syz_clone(0x4111, 0x0, 0x88, 0x0, 0x0, 0x0) syz_open_procfs(r1, &(0x7f0000000140)='auxv\x00') 4.961812878s ago: executing program 9 (id=17858): mkdirat(0xffffffffffffff9c, &(0x7f0000000800)='./file0\x00', 0x44) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 4.875264669s ago: executing program 9 (id=17852): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='limits\x00') preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/74, 0x4a}], 0x1, 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r1, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x7}) ioctl$sock_netdev_private(r1, 0x8949, &(0x7f0000000000)) 4.599280491s ago: executing program 9 (id=17855): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x57, 0x0, r0, 0x1, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 4.493117232s ago: executing program 40 (id=17855): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x57, 0x0, r0, 0x1, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x4c6e, 0xc67a, 0xc, 0x0, 0x0) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 1.27619859s ago: executing program 5 (id=17875): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x30) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r2, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r1, 0x0, r0, 0x0, 0x20000015, 0xc) 737.786409ms ago: executing program 8 (id=17894): close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340)={r1}, 0xc) 737.340595ms ago: executing program 8 (id=17895): r0 = socket$can_bcm(0x1d, 0x2, 0x2) close_range(r0, r0, 0x0) io_setup(0x9, &(0x7f0000000240)=0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) io_submit(r1, 0x2, &(0x7f0000000140)=[&(0x7f00000002c0)={0x400000, 0x0, 0x0, 0x8, 0x0, r0, 0x0}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x4, r2, 0x0, 0x0, 0x2, 0x0, 0x1}]) 678.094575ms ago: executing program 4 (id=17896): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000280)={0x13, 0x1, 0x5}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x17b}]}) 578.362967ms ago: executing program 8 (id=17898): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000400000000000000", @ANYRES32=r0, @ANYBLOB="00000000140000002400128009000183de026e640000000014000280"], 0x44}, 0x1, 0x2000000000000000, 0x0, 0x800}, 0x0) splice(r0, 0x0, r2, 0x0, 0x10d00, 0xf) 573.733307ms ago: executing program 8 (id=17906): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) write$cgroup_type(r0, &(0x7f0000000000), 0xd4ba103) link(&(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000180)='./file1\x00') utimes(&(0x7f0000000040)='./file0/file1\x00', 0x0) 565.728172ms ago: executing program 4 (id=17900): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r0, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x100) fcntl$setlease(r1, 0x400, 0x0) 505.975937ms ago: executing program 4 (id=17902): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0x8010aa01, &(0x7f0000000000)={{&(0x7f0000600000/0x3000)=nil, 0x3000}}) 428.116511ms ago: executing program 4 (id=17903): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="07000000040000008000000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000c40)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000020000850000001b000000b700000000000000180100002120732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 427.700539ms ago: executing program 7 (id=17904): close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340)={r1}, 0xc) 425.92095ms ago: executing program 5 (id=17905): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000980)={[0x1ffffffffd]}, 0x8, 0x0) r1 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4, 0x0, r0}, &(0x7f0000000180)=0x0, &(0x7f0000000200)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0}) io_uring_enter(r1, 0x2def, 0x9566, 0x1, 0x0, 0x0) signalfd4(r0, &(0x7f0000000140), 0x8, 0x0) 351.902608ms ago: executing program 4 (id=17907): r0 = socket$can_bcm(0x1d, 0x2, 0x2) close_range(r0, r0, 0x0) io_setup(0x9, &(0x7f0000000240)=0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) io_submit(r1, 0x2, &(0x7f0000000140)=[&(0x7f00000002c0)={0x400000, 0x0, 0x0, 0x8, 0x0, r0, 0x0}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x4, r2, 0x0, 0x0, 0x2, 0x0, 0x1}]) 351.653069ms ago: executing program 5 (id=17908): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000a52000/0x1000)=nil, &(0x7f0000eb1000/0x2000)=nil, 0x1000, 0x3}) 342.665766ms ago: executing program 7 (id=17915): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e50226bd70000100000007000000", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r0], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x20000100) 278.718815ms ago: executing program 5 (id=17909): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}}, 0x8000) 278.359883ms ago: executing program 7 (id=17910): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000280)={0x13, 0x1, 0x5}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x17b}]}) 205.095048ms ago: executing program 5 (id=17911): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat2$dir(0xffffff9c, &(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, 0x0) 205.009784ms ago: executing program 8 (id=17912): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000c80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}, {{&(0x7f0000001180)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, &(0x7f00000011c0)=[{&(0x7f0000004d00)='f', 0x1}], 0x1}}], 0x2, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={r2, 0xa49a, 0x30}, 0xc) 202.192525ms ago: executing program 4 (id=17920): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)) read$dsp(r0, &(0x7f0000000280)=""/79, 0x4f) 189.032581ms ago: executing program 5 (id=17913): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 88.143895ms ago: executing program 7 (id=17914): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r1) sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x28, r3, 0x5eae78d9c54e9d3f, 0x0, 0x27dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0xc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000000}, 0x2004c0c4) 85.674657ms ago: executing program 8 (id=17924): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0x2000) ppoll(&(0x7f0000000100)=[{r0, 0x20}], 0x1, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x4000) 81.732124ms ago: executing program 7 (id=17916): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x60, r1, 0xd55319eec59dfa33, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x68}, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x64}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'pim6reg1\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}]]}, 0x60}, 0x1, 0x0, 0x0, 0x4040480}, 0x800) 0s ago: executing program 7 (id=17917): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)={0x3c, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) kernel console output (not intermixed with test programs): 70] block nbd2: Request send failed, requeueing [ 558.039412][T14269] block nbd2: Dead connection, failed to find a fallback [ 558.042384][T14269] block nbd2: shutting down sockets [ 558.044662][T14269] blk_print_req_error: 26 callbacks suppressed [ 558.044677][T14269] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.054366][T14269] buffer_io_error: 25 callbacks suppressed [ 558.054385][T14269] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.060997][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.065400][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.068827][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.075396][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.078755][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.079840][ T5939] usb 14-1: USB disconnect, device number 16 [ 558.082958][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.088358][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.093785][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.097153][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.101140][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.104087][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.107125][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.109719][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.114087][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.117485][ T6370] ldm_validate_partition_table(): Disk read failed. [ 558.120530][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.123936][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.126510][ T6370] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 558.128086][ T8748] netlink: 212340 bytes leftover after parsing attributes in process `syz.7.15979'. [ 558.129988][ T6370] Buffer I/O error on dev nbd2, logical block 0, async page read [ 558.130053][ T6370] Dev nbd2: unable to read RDB block 0 [ 558.138878][ T6370] nbd2: unable to read partition table [ 558.141193][ T8748] openvswitch: netlink: Port 167772160 exceeds max allowable 65535 [ 558.145378][ T6370] ldm_validate_partition_table(): Disk read failed. [ 558.147594][ T6370] Dev nbd2: unable to read RDB block 0 [ 558.149624][ T6370] nbd2: unable to read partition table [ 559.352745][ T8795] netlink: 'syz.1.15999': attribute type 6 has an invalid length. [ 559.384148][ T8799] input input77: cannot allocate more than FF_MAX_EFFECTS effects [ 559.492260][ T8805] e1000 0000:00:06.0 eth0: Unsupported Speed/Duplex configuration [ 559.531959][ T8807] netlink: 'syz.1.16004': attribute type 6 has an invalid length. [ 559.609655][ T2598] usb 12-1: new high-speed USB device number 24 using dummy_hcd [ 559.783144][ T2598] usb 12-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 559.786131][ T2598] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.788749][ T2598] usb 12-1: Product: syz [ 559.791007][ T2598] usb 12-1: Manufacturer: syz [ 559.792636][ T2598] usb 12-1: SerialNumber: syz [ 559.795586][ T2598] usb 12-1: config 0 descriptor?? [ 559.833009][ T8827] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16014'. [ 560.010099][ T6026] usb 12-1: USB disconnect, device number 24 [ 560.684353][ T10] kernel read not supported for file /dsp (pid: 10 comm: kworker/0:1) [ 561.003210][ T8879] netlink: 'syz.8.16038': attribute type 2 has an invalid length. [ 561.008902][ T8879] netlink: 'syz.8.16038': attribute type 11 has an invalid length. [ 561.014493][ T8879] netlink: 88 bytes leftover after parsing attributes in process `syz.8.16038'. [ 561.114918][ T8894] binder: 8893:8894 ioctl c0306201 80000080 returned -14 [ 561.259276][ T8904] lo speed is unknown, defaulting to 1000 [ 561.262375][ T8904] lo speed is unknown, defaulting to 1000 [ 561.265515][ T8904] lo speed is unknown, defaulting to 1000 [ 561.393538][ T8904] infiniband syU×: set active [ 561.395171][ T5939] lo speed is unknown, defaulting to 1000 [ 561.397062][ T8904] infiniband syU×: added lo [ 561.421414][ T8904] RDS/IB: syU×: added [ 561.422860][ T8904] smc: adding ib device syU× with port count 1 [ 561.425012][ T8904] smc: ib device syU× port 1 has no pnetid [ 561.427557][ T8904] lo speed is unknown, defaulting to 1000 [ 561.429810][ T5939] lo speed is unknown, defaulting to 1000 [ 561.490325][ T61] Bluetooth: hci2: Frame reassembly failed (-84) [ 561.594978][ T8904] lo speed is unknown, defaulting to 1000 [ 561.691090][ T8904] lo speed is unknown, defaulting to 1000 [ 561.804891][ T8904] lo speed is unknown, defaulting to 1000 [ 561.871275][ T3132] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 562.041194][ T8950] netlink: 24 bytes leftover after parsing attributes in process `syz.1.16071'. [ 562.544144][ T2598] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 562.552278][ T2598] hid-generic 0000:0000:0000.0012: hidraw1: HID v0.00 Device [syz1] on syz0 [ 562.629402][ T5939] usb 6-1: new full-speed USB device number 25 using dummy_hcd [ 562.643237][ T8979] fido_id[8979]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 562.790465][ T5939] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 562.793692][ T5939] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 562.798096][ T5939] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 562.801887][ T5939] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.883637][ T40] kauditd_printk_skb: 124 callbacks suppressed [ 562.883648][ T40] audit: type=1326 audit(2000000345.046:2357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 562.893873][ T40] audit: type=1326 audit(2000000345.056:2358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 562.901174][ T40] audit: type=1326 audit(2000000345.066:2359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 562.908627][ T40] audit: type=1326 audit(2000000345.066:2360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38f6c code=0x7ffc0000 [ 562.919828][ T40] audit: type=1326 audit(2000000345.066:2361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 562.926897][ T40] audit: type=1326 audit(2000000345.066:2362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 562.935566][ T40] audit: type=1326 audit(2000000345.066:2363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 562.942719][ T40] audit: type=1326 audit(2000000345.066:2364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38f6c code=0x7ffc0000 [ 562.951687][ T40] audit: type=1326 audit(2000000345.076:2365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38f6c code=0x7ffc0000 [ 562.961198][ T40] audit: type=1326 audit(2000000345.076:2366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8990 comm="syz.8.16088" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 563.016878][ T5939] usb 6-1: GET_CAPABILITIES returned 0 [ 563.018702][ T5939] usbtmc 6-1:16.0: can't read capabilities [ 563.219490][ T5939] usb 6-1: USB disconnect, device number 25 [ 563.279226][ T50] usb 13-1: new high-speed USB device number 14 using dummy_hcd [ 563.429687][ T50] usb 13-1: too many configurations: 9, using maximum allowed: 8 [ 563.433016][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.436092][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.439976][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.442836][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.445673][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.449330][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.453023][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.455647][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.459373][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.462738][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.465694][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.469767][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.472642][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.475569][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.479403][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.482316][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.485324][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.489239][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.492375][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.495310][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.498904][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.502103][ T50] usb 13-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 563.505072][ T50] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 563.508698][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 563.512754][ T50] usb 13-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 563.516127][ T50] usb 13-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 563.518891][ T50] usb 13-1: Product: syz [ 563.520431][ T50] usb 13-1: Manufacturer: syz [ 563.522043][ T50] usb 13-1: SerialNumber: syz [ 563.526321][ T50] usb 13-1: config 0 descriptor?? [ 563.531268][ T50] yurex 13-1:0.0: USB YUREX device now attached to Yurex #0 [ 563.549602][ T5946] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 563.551527][ T5955] Bluetooth: hci2: command 0x1003 tx timeout [ 564.199214][ T29] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 564.199212][ T50] usb 12-1: new high-speed USB device number 25 using dummy_hcd [ 564.349249][ T50] usb 12-1: Using ep0 maxpacket: 8 [ 564.351559][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 564.355544][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 564.361344][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 564.362725][ T50] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 564.365566][ T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 564.368424][ T29] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 564.370248][ T50] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 564.372991][ T29] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.373005][ T29] usb 6-1: Product: syz [ 564.373014][ T29] usb 6-1: Manufacturer: syz [ 564.373022][ T29] usb 6-1: SerialNumber: syz [ 564.381306][ T29] usb 6-1: config 0 descriptor?? [ 564.383894][ T50] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 564.393578][ T50] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 564.398154][ T50] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 564.401412][ T50] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.592303][ T29] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux1 [ 564.617232][ T50] usb 12-1: GET_CAPABILITIES returned 0 [ 564.619393][ T50] usbtmc 12-1:16.0: can't read capabilities [ 565.107706][ T9047] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16113'. [ 565.225108][ T9053] Attempt to restore checkpoint with obsolete wellknown handles [ 565.789482][ C3] usb 13-1: yurex_control_callback - control failed: -2 [ 565.794550][ T29] usb 13-1: USB disconnect, device number 14 [ 565.799223][ T6026] usb 6-1: USB disconnect, device number 26 [ 565.802388][ T5939] usb 12-1: USB disconnect, device number 25 [ 565.814245][ T29] yurex 13-1:0.0: USB YUREX #0 now disconnected [ 566.199467][ T10] usb 14-1: new high-speed USB device number 17 using dummy_hcd [ 566.369371][ T10] usb 14-1: Using ep0 maxpacket: 8 [ 566.381015][ T10] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 566.384837][ T10] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 566.388679][ T10] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 566.396877][ T10] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 566.402616][ T10] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 566.405885][ T10] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.634854][ T10] usb 14-1: GET_CAPABILITIES returned 0 [ 566.636870][ T10] usbtmc 14-1:16.0: can't read capabilities [ 566.836804][ T50] usb 14-1: USB disconnect, device number 17 [ 566.884203][ T5955] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 566.888946][ T5955] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 566.895107][ T5955] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 566.898897][ T5955] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 566.902308][ T5955] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 566.940293][ T9111] ip6_vti0 speed is unknown, defaulting to 1000 [ 567.033950][ T9111] lo speed is unknown, defaulting to 1000 [ 567.315419][ T9111] chnl_net:caif_netlink_parms(): no params data found [ 567.447947][ T9111] bridge0: port 1(bridge_slave_0) entered blocking state [ 567.450693][ T9111] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.453074][ T9111] bridge_slave_0: entered allmulticast mode [ 567.455901][ T9111] bridge_slave_0: entered promiscuous mode [ 567.459312][ T9111] bridge0: port 2(bridge_slave_1) entered blocking state [ 567.462648][ T9111] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.465161][ T9111] bridge_slave_1: entered allmulticast mode [ 567.468055][ T9111] bridge_slave_1: entered promiscuous mode [ 567.488599][ T9111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 567.495259][ T9111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 567.496240][ T3132] Bluetooth: hci3: Frame reassembly failed (-90) [ 567.524485][ T9111] team0: Port device team_slave_0 added [ 567.528325][ T9111] team0: Port device team_slave_1 added [ 567.546549][ T9111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 567.548793][ T9111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 567.561096][ T9111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 567.565590][ T9111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 567.567938][ T9111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 567.576455][ T9111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 567.607099][ T9111] hsr_slave_0: entered promiscuous mode [ 567.610195][ T9111] hsr_slave_1: entered promiscuous mode [ 567.612487][ T9111] debugfs: 'hsr0' already exists in 'hsr' [ 567.614488][ T9111] Cannot create hsr debugfs directory [ 567.632091][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.989600][ T5955] Bluetooth: hci2: command tx timeout [ 569.078587][ T9111] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 569.085416][ T9111] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 569.090062][ T9111] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 569.094259][ T9111] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 569.141997][ T9111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 569.152686][ T9111] 8021q: adding VLAN 0 to HW filter on device team0 [ 569.158196][ T1177] bridge0: port 1(bridge_slave_0) entered blocking state [ 569.160940][ T1177] bridge0: port 1(bridge_slave_0) entered forwarding state [ 569.177669][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 569.180871][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 569.213853][ T9111] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 569.217601][ T9111] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 569.341530][ T9111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 569.364816][ T9111] veth0_vlan: entered promiscuous mode [ 569.372048][ T9111] veth1_vlan: entered promiscuous mode [ 569.388718][ T9111] veth0_macvtap: entered promiscuous mode [ 569.400498][ T9111] veth1_macvtap: entered promiscuous mode [ 569.409540][ T9111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 569.415908][ T9111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 569.425607][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.428632][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.433634][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.436574][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.497049][ T108] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.502466][ T108] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 569.523980][ T108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.527344][ T108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 569.550485][ T5955] Bluetooth: hci3: command 0xfc11 tx timeout [ 569.550500][ T5946] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 570.021206][ T9264] syzkaller0: tun_chr_ioctl cmd 1074025678 [ 570.024118][ T9264] syzkaller0: group set to 0 [ 570.129358][ T24] usb 13-1: new high-speed USB device number 15 using dummy_hcd [ 570.282239][ T24] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.287726][ T24] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.300387][ T24] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 570.305047][ T24] usb 13-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 570.308717][ T24] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.316310][ T24] usb 13-1: config 0 descriptor?? [ 570.595941][ T9306] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16197'. [ 570.738303][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.748465][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.751975][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.755535][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.758962][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.762690][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.765798][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.769072][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.772997][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.776196][ T24] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 570.792659][ T24] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw1: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 570.929393][T30513] usb 14-1: new high-speed USB device number 18 using dummy_hcd [ 570.991171][ T50] usb 13-1: USB disconnect, device number 15 [ 571.031709][ T24] usb 12-1: new high-speed USB device number 26 using dummy_hcd [ 571.041763][ T9320] netlink: 60 bytes leftover after parsing attributes in process `syz.2.16203'. [ 571.044935][ T9320] netlink: 60 bytes leftover after parsing attributes in process `syz.2.16203'. [ 571.069234][ T5946] Bluetooth: hci2: command tx timeout [ 571.100585][T30513] usb 14-1: config index 0 descriptor too short (expected 23569, got 27) [ 571.103373][T30513] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.107625][T30513] usb 14-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 571.111035][T30513] usb 14-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 571.114029][T30513] usb 14-1: Manufacturer: syz [ 571.119419][T30513] usb 14-1: config 0 descriptor?? [ 571.179294][T30513] rc_core: IR keymap rc-hauppauge not found [ 571.179610][ T24] usb 12-1: Using ep0 maxpacket: 8 [ 571.182047][T30513] Registered IR keymap rc-empty [ 571.184395][T30513] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/rc/rc0 [ 571.187679][ T24] usb 12-1: config 0 has no interfaces? [ 571.193404][ T24] usb 12-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 571.193475][T30513] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/rc/rc0/input78 [ 571.196607][ T24] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.201813][ T24] usb 12-1: config 0 descriptor?? [ 571.333444][ T50] usb 14-1: USB disconnect, device number 18 [ 571.417123][ T24] usb 12-1: USB disconnect, device number 26 [ 571.617264][ T9335] macvlan0: entered promiscuous mode [ 571.623083][ T9335] netlink: 'syz.8.16209': attribute type 1 has an invalid length. [ 571.625849][ T9335] netlink: 'syz.8.16209': attribute type 2 has an invalid length. [ 571.915149][ T9347] netlink: 8 bytes leftover after parsing attributes in process `syz.8.16215'. [ 571.926114][ T9347] bond0: entered promiscuous mode [ 571.929155][ T9347] bond_slave_0: entered promiscuous mode [ 571.931314][ T9347] bond_slave_1: entered promiscuous mode [ 571.936220][ T9347] batadv_slave_0: entered promiscuous mode [ 571.939040][ T9347] batadv_slave_0: left promiscuous mode [ 571.943327][ T9347] bond0: left promiscuous mode [ 571.944923][ T9347] bond_slave_0: left promiscuous mode [ 571.946830][ T9347] bond_slave_1: left promiscuous mode [ 572.120936][ T9365] syz_tun: entered allmulticast mode [ 572.134310][ T9365] dvmrp1: entered allmulticast mode [ 572.145606][ T9364] syz_tun: left allmulticast mode [ 572.147577][ T9364] dvmrp1: left allmulticast mode [ 572.193757][ T9371] input: syz0 as /devices/virtual/input/input79 [ 572.568371][ T9395] netlink: 72 bytes leftover after parsing attributes in process `syz.2.16238'. [ 572.609297][T30513] usb 13-1: new high-speed USB device number 16 using dummy_hcd [ 572.764761][T30513] usb 13-1: config index 0 descriptor too short (expected 39, got 27) [ 572.768858][T30513] usb 13-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 572.773670][T30513] usb 13-1: config 0 interface 0 has no altsetting 0 [ 572.778764][T30513] usb 13-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 572.782803][T30513] usb 13-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 572.786289][T30513] usb 13-1: Product: syz [ 572.788154][T30513] usb 13-1: Manufacturer: syz [ 572.791516][T30513] usb 13-1: SerialNumber: syz [ 572.795573][T30513] usb 13-1: config 0 descriptor?? [ 572.797504][ T9412] Invalid ELF header magic: != ELF [ 572.800463][T30513] hub 13-1:0.0: bad descriptor, ignoring hub [ 572.803067][T30513] hub 13-1:0.0: probe with driver hub failed with error -5 [ 572.808521][T30513] usb 13-1: selecting invalid altsetting 0 [ 573.070269][ T9441] netlink: 'syz.2.16259': attribute type 9 has an invalid length. [ 573.073015][ T9441] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.16259'. [ 573.080772][ T40] kauditd_printk_skb: 107 callbacks suppressed [ 573.080783][ T40] audit: type=1326 audit(2000000355.246:2474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9433 comm="syz.9.16256" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f35f6c code=0x0 [ 573.149199][ T5946] Bluetooth: hci2: command tx timeout [ 573.729261][ T9382] usb 13-1: reset high-speed USB device number 16 using dummy_hcd [ 573.893731][ T9382] usb 13-1: device firmware changed [ 573.899065][ T24] usb 13-1: USB disconnect, device number 16 [ 573.923518][ T9478] netlink: 88 bytes leftover after parsing attributes in process `syz.2.16277'. [ 574.059350][ T24] usb 13-1: new high-speed USB device number 17 using dummy_hcd [ 574.231449][ T24] usb 13-1: config index 0 descriptor too short (expected 39, got 27) [ 574.234307][ T24] usb 13-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 574.238436][ T24] usb 13-1: config 0 interface 0 has no altsetting 0 [ 574.245282][ T24] usb 13-1: string descriptor 0 read error: -22 [ 574.248017][ T24] usb 13-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 574.251944][ T24] usb 13-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 574.257020][ T24] usb 13-1: config 0 descriptor?? [ 574.261972][ T24] hub 13-1:0.0: bad descriptor, ignoring hub [ 574.264514][ T24] hub 13-1:0.0: probe with driver hub failed with error -5 [ 574.269744][ T24] usb 13-1: selecting invalid altsetting 0 [ 574.442274][ T9509] netlink: 136 bytes leftover after parsing attributes in process `syz.7.16292'. [ 574.445314][ T9509] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 574.571614][ T24] usb 13-1: USB disconnect, device number 17 [ 575.009739][ T9531] netlink: 'syz.2.16301': attribute type 2 has an invalid length. [ 575.239260][ T5946] Bluetooth: hci2: command tx timeout [ 575.306874][ T829] usb 13-1: new high-speed USB device number 18 using dummy_hcd [ 575.321698][ T9545] netlink: 4 bytes leftover after parsing attributes in process `syz.9.16306'. [ 575.459589][ T829] usb 13-1: Using ep0 maxpacket: 8 [ 575.463580][ T829] usb 13-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 575.467988][ T829] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.497686][ T829] pvrusb2: Hardware description: Terratec Grabster AV400 [ 575.501052][ T829] pvrusb2: ********** [ 575.502798][ T829] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 575.506094][ T829] pvrusb2: Important functionality might not be entirely working. [ 575.512075][ T829] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 575.516918][ T829] pvrusb2: ********** [ 575.704740][ T2487] pvrusb2: Invalid write control endpoint [ 575.740108][ T2487] pvrusb2: Invalid write control endpoint [ 575.742631][ T2487] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 575.746653][ T2487] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 575.750215][ T2487] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 575.754460][ T2487] pvrusb2: Device being rendered inoperable [ 575.758663][ T2487] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 575.762028][ T2487] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 575.765040][ T2487] pvrusb2: Attached sub-driver cx25840 [ 575.766845][ T2487] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 575.770434][ T2487] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 575.909807][ T6026] usb 13-1: USB disconnect, device number 18 [ 576.153452][ T5946] block nbd3: Receive control failed (result -32) [ 576.801776][T28898] usb 12-1: new high-speed USB device number 27 using dummy_hcd [ 576.964813][T28898] usb 12-1: config index 0 descriptor too short (expected 23569, got 27) [ 576.967989][T28898] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 576.972954][T28898] usb 12-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 576.976114][T28898] usb 12-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 576.978661][T28898] usb 12-1: Manufacturer: syz [ 576.990589][T28898] usb 12-1: config 0 descriptor?? [ 577.040669][T28898] rc_core: IR keymap rc-hauppauge not found [ 577.042777][T28898] Registered IR keymap rc-empty [ 577.045740][T28898] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:0.0/rc/rc0 [ 577.050987][T28898] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.7/usb12/12-1/12-1:0.0/rc/rc0/input80 [ 577.203167][T28898] usb 12-1: USB disconnect, device number 27 [ 577.503214][ T9687] bond1: entered promiscuous mode [ 577.844451][ T5987] kernel write not supported for file /sg0 (pid: 5987 comm: kworker/1:3) [ 578.176912][ T9734] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 578.394397][ T9750] input: syz1 as /devices/virtual/input/input81 [ 579.055837][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16420'. [ 579.061293][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16420'. [ 579.479859][ T50] usb 12-1: new high-speed USB device number 28 using dummy_hcd [ 579.639261][ T50] usb 12-1: Using ep0 maxpacket: 8 [ 579.642935][ T50] usb 12-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 579.647182][ T50] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 579.653479][ T50] usb 12-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 579.657393][ T50] usb 12-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 579.662455][ T50] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 579.665564][ T50] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.882753][ T50] usb 12-1: GET_CAPABILITIES returned 0 [ 579.884729][ T50] usbtmc 12-1:16.0: can't read capabilities [ 580.089277][ T50] usb 12-1: USB disconnect, device number 28 [ 580.110027][ T9849] wireguard: wg2: Could not create IPv4 socket [ 581.890073][ T9922] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16475'. [ 583.253308][ T40] audit: type=1326 audit(2000000365.416:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10015 comm="syz.9.16518" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 583.265309][ T40] audit: type=1326 audit(2000000365.416:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10015 comm="syz.9.16518" exe="/syz-executor" sig=0 arch=40000003 syscall=181 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 583.277360][ T40] audit: type=1326 audit(2000000365.416:2477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10015 comm="syz.9.16518" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 583.289222][ T40] audit: type=1326 audit(2000000365.416:2478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10015 comm="syz.9.16518" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 583.404662][T10030] netlink: 8 bytes leftover after parsing attributes in process `syz.8.16525'. [ 583.512605][T10039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16529'. [ 583.517089][T10039] netlink: 72 bytes leftover after parsing attributes in process `syz.2.16529'. [ 583.527155][T10043] netlink: 'syz.8.16531': attribute type 4 has an invalid length. [ 583.808731][T10072] sp0: Synchronizing with TNC [ 583.814894][T10071] [U] è`` [ 583.967192][T10086] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16549'. [ 584.120342][ T46] Bluetooth: hci3: Frame reassembly failed (-84) [ 584.123047][T10097] Bluetooth: hci3: Frame reassembly failed (-84) [ 584.410515][ T40] audit: type=1326 audit(2000000366.576:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10115 comm="syz.7.16562" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x0 [ 584.455694][T10118] mkiss: ax0: crc mode is auto. [ 585.556506][T10156] veth0_vlan: left promiscuous mode [ 586.189252][ T5712] Bluetooth: hci3: command 0x1003 tx timeout [ 586.189273][ T5946] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 587.423318][T10273] netlink: 256 bytes leftover after parsing attributes in process `syz.8.16630'. [ 587.426615][T10273] netlink: 256 bytes leftover after parsing attributes in process `syz.8.16630'. [ 587.728622][T10298] netlink: 24 bytes leftover after parsing attributes in process `syz.9.16641'. [ 588.199201][T32612] kernel read not supported for file /dsp1 (pid: 32612 comm: kworker/3:7) [ 589.178474][T10338] netfs: Couldn't get user pages (rc=-14) [ 592.529484][ T6026] usb 14-1: new high-speed USB device number 19 using dummy_hcd [ 592.679709][ T6026] usb 14-1: Using ep0 maxpacket: 16 [ 592.684186][ T6026] usb 14-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 592.688457][ T6026] usb 14-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 592.693062][ T6026] usb 14-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 592.698452][ T6026] usb 14-1: config 1 interface 0 has no altsetting 0 [ 592.703720][ T6026] usb 14-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 592.707848][ T6026] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.714042][ T6026] usb 14-1: Product: syz [ 592.715948][ T6026] usb 14-1: Manufacturer: syz [ 592.717920][ T6026] usb 14-1: SerialNumber: syz [ 592.846997][T10485] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.16720'. [ 592.949712][ T6026] usblp 14-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 593.151138][ T3996] usb 14-1: USB disconnect, device number 19 [ 593.154589][ T3996] usblp0: removed [ 593.175364][T10499] 9pnet: p9_errstr2errno: server reported unknown error [ 593.373616][T10514] loop8: detected capacity change from 0 to 8 [ 593.376266][T10514] Dev loop8: unable to read RDB block 8 [ 593.378243][T10514] loop8: unable to read partition table [ 593.380254][T10514] loop8: partition table beyond EOD, truncated [ 593.389278][T10514] loop_reread_partitions: partition scan of loop8 (ŝè˘Ğxü^>à– ) failed (rc=-5) [ 593.556825][T10527] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 593.629289][ T6026] kernel read not supported for file /swradio4 (pid: 6026 comm: kworker/1:6) [ 593.694334][T10540] loop8: detected capacity change from 0 to 8 [ 593.698586][ T6370] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 593.702912][ T6370] loop8: p1 start 170943852 is beyond EOD, truncated [ 593.705878][ T6370] loop8: p2 size 3397386272 extends beyond EOD, truncated [ 593.711181][ T6370] loop8: p3 start 594335246 is beyond EOD, truncated [ 593.713803][ T6370] loop8: p4 start 3776743406 is beyond EOD, truncated [ 593.716171][ T6370] loop8: p5 start 2027407540 is beyond EOD, truncated [ 593.718489][ T6370] loop8: p6 start 638845845 is beyond EOD, truncated [ 593.721394][ T6370] loop8: p7 start 575385556 is beyond EOD, truncated [ 593.724209][ T6370] loop8: p8 start 2093735673 is beyond EOD, truncated [ 593.726668][ T6370] loop8: p9 start 742306117 is beyond EOD, truncated [ 593.728959][ T6370] loop8: p10 start 702590879 is beyond EOD, truncated [ 593.731536][ T6370] loop8: p11 start 3071560887 is beyond EOD, truncated [ 593.734572][ T6370] loop8: p12 start 1681252333 is beyond EOD, truncated [ 593.747228][T10540] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 593.751897][T10540] loop8: p1 start 170943852 is beyond EOD, truncated [ 593.754270][T10540] loop8: p2 size 3397386272 extends beyond EOD, truncated [ 593.763508][T10540] loop8: p3 start 594335246 is beyond EOD, truncated [ 593.766316][T10540] loop8: p4 start 3776743406 is beyond EOD, truncated [ 593.770152][T10540] loop8: p5 start 2027407540 is beyond EOD, truncated [ 593.772760][T10540] loop8: p6 start 638845845 is beyond EOD, truncated [ 593.775365][T10540] loop8: p7 start 575385556 is beyond EOD, truncated [ 593.777714][T10540] loop8: p8 start 2093735673 is beyond EOD, truncated [ 593.783524][T10540] loop8: p9 start 742306117 is beyond EOD, truncated [ 593.784402][T10551] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16751'. [ 593.785736][T10540] loop8: p10 start 702590879 is beyond EOD, truncated [ 593.792690][T10540] loop8: p11 start 3071560887 is beyond EOD, truncated [ 593.795882][T10540] loop8: p12 start 1681252333 is beyond EOD, truncated [ 593.851605][ T6370] udevd[6370]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory [ 593.872880][ T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 593.947029][ T3996] libceph: connect (1)[c::]:6789 error -97 [ 593.949232][ T3996] libceph: mon0 (1)[c::]:6789 connect error [ 594.027312][T10559] ceph: No mds server is up or the cluster is laggy [ 594.109333][ T6026] usb 13-1: new high-speed USB device number 19 using dummy_hcd [ 594.259163][ T6026] usb 13-1: Using ep0 maxpacket: 16 [ 594.271509][ T6026] usb 13-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 594.275325][ T6026] usb 13-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 594.278554][ T6026] usb 13-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 594.284524][ T6026] usb 13-1: config 1 interface 0 has no altsetting 0 [ 594.288225][ T6026] usb 13-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 594.291817][ T6026] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.294513][ T6026] usb 13-1: Product: syz [ 594.296045][ T6026] usb 13-1: Manufacturer: syz [ 594.297628][ T6026] usb 13-1: SerialNumber: syz [ 594.522283][ T6026] usblp 13-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 594.637505][T10592] netlink: 4 bytes leftover after parsing attributes in process `syz.7.16768'. [ 594.672119][ T40] audit: type=1326 audit(2000000376.836:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.9.16766" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7fc00000 [ 594.725101][ T6026] usb 13-1: USB disconnect, device number 19 [ 594.730742][ T6026] usblp0: removed [ 595.005555][T10609] netlink: 24 bytes leftover after parsing attributes in process `syz.2.16775'. [ 595.008580][T10609] bond0: ARP target 8.4.0.0 is already present [ 595.011178][T10609] bond0: option arp_ip_target: invalid value (1032) [ 595.304311][T10628] loop8: detected capacity change from 0 to 8 [ 595.307298][T10628] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 595.311595][T10628] loop8: p1 start 170943852 is beyond EOD, truncated [ 595.314186][T10628] loop8: p2 size 3397386272 extends beyond EOD, truncated [ 595.317820][T10628] loop8: p3 start 594335246 is beyond EOD, truncated [ 595.320404][T10628] loop8: p4 start 3776743406 is beyond EOD, truncated [ 595.322645][T10628] loop8: p5 start 2027407540 is beyond EOD, truncated [ 595.324738][T10628] loop8: p6 start 638845845 is beyond EOD, truncated [ 595.326771][T10628] loop8: p7 start 575385556 is beyond EOD, truncated [ 595.328138][ T40] audit: type=1326 audit(2000000377.486:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10586 comm="syz.9.16766" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f35f88 code=0x7fc00000 [ 595.328912][T10628] loop8: p8 start 2093735673 is beyond EOD, truncated [ 595.328932][T10628] loop8: p9 start 742306117 is beyond EOD, truncated [ 595.328953][T10628] loop8: p10 start 702590879 is beyond EOD, truncated [ 595.345795][T10628] loop8: p11 start 3071560887 is beyond EOD, truncated [ 595.347921][T10628] loop8: p12 start 1681252333 is beyond EOD, truncated [ 595.378863][ T6370] udevd[6370]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory [ 595.395510][ T6370] udevd[6370]: inotify_add_watch(7, /dev/loop8p2, 10) failed: No such file or directory [ 595.482173][T10642] serio: Serial port ptm0 [ 595.739343][T28898] usb 14-1: new high-speed USB device number 20 using dummy_hcd [ 595.909371][T28898] usb 14-1: Using ep0 maxpacket: 32 [ 595.913564][T28898] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 595.917683][T28898] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.922026][T28898] usb 14-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 595.925887][T28898] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.931364][T28898] usb 14-1: config 0 descriptor?? [ 596.340698][T10670] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 596.361662][T28898] savu 0003:1E7D:2D5A.0014: hiddev0,hidraw1: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.9-1/input0 [ 596.612336][T28898] usb 14-1: USB disconnect, device number 20 [ 597.808922][T10754] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 597.925336][ T46] Bluetooth: hci3: Frame reassembly failed (-84) [ 597.927728][ T46] Bluetooth: hci3: Frame reassembly failed (-84) [ 598.169756][T10775] macvtap0: entered promiscuous mode [ 598.172142][T10775] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16851'. [ 598.176503][T10775] veth0_macvtap: left promiscuous mode [ 598.196608][T10775] macvtap0 (unregistering): left promiscuous mode [ 598.348648][T10782] netlink: 36 bytes leftover after parsing attributes in process `syz.9.16854'. [ 598.798139][T10802] netlink: 8 bytes leftover after parsing attributes in process `syz.9.16862'. [ 599.099216][T30513] usb 14-1: new low-speed USB device number 21 using dummy_hcd [ 599.261043][T30513] usb 14-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 599.264546][T30513] usb 14-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 599.267921][T30513] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30062, setting to 8 [ 599.273508][T30513] usb 14-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 599.276463][T30513] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.286711][T10804] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 599.294771][T30513] hub 14-1:1.0: bad descriptor, ignoring hub [ 599.297550][T30513] hub 14-1:1.0: probe with driver hub failed with error -5 [ 599.301420][T30513] cdc_wdm 14-1:1.0: skipping garbage [ 599.303225][T30513] cdc_wdm 14-1:1.0: skipping garbage [ 599.306674][T30513] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device [ 599.308932][T30513] cdc_wdm 14-1:1.0: Unknown control protocol [ 599.866053][T10832] netlink: 44 bytes leftover after parsing attributes in process `syz.7.16877'. [ 599.872109][T10832] netlink: 44 bytes leftover after parsing attributes in process `syz.7.16877'. [ 599.923229][T10838] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16880'. [ 599.927597][T10838] netlink: 12 bytes leftover after parsing attributes in process `syz.2.16880'. [ 599.949400][ T5946] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 599.950763][ T5712] Bluetooth: hci3: command 0x1003 tx timeout [ 600.047296][T10804] usb 14-1: reset low-speed USB device number 21 using dummy_hcd [ 600.094933][ T40] audit: type=1326 audit(2000000382.256:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38f6c code=0x7ffc0000 [ 600.109266][ T40] audit: type=1326 audit(2000000382.256:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 600.116961][ T40] audit: type=1326 audit(2000000382.256:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 600.124014][ T40] audit: type=1326 audit(2000000382.256:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 600.132151][ T40] audit: type=1326 audit(2000000382.256:2486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 600.139240][ T40] audit: type=1326 audit(2000000382.256:2487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 600.152621][ T40] audit: type=1326 audit(2000000382.256:2488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38f6c code=0x7ffc0000 [ 600.161501][ T40] audit: type=1326 audit(2000000382.276:2489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 600.168658][ T40] audit: type=1326 audit(2000000382.276:2490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f38f88 code=0x7ffc0000 [ 600.175930][ T40] audit: type=1326 audit(2000000382.276:2491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10846 comm="syz.8.16884" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f38f6c code=0x7ffc0000 [ 600.383972][T10819] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 600.461090][T10873] netlink: 4 bytes leftover after parsing attributes in process `syz.8.16895'. [ 600.699710][ T5987] usb 14-1: USB disconnect, device number 21 [ 600.963333][T10907] netlink: 44 bytes leftover after parsing attributes in process `syz.8.16908'. [ 600.990867][T10909] netlink: 'syz.7.16912': attribute type 15 has an invalid length. [ 600.993653][T10909] netlink: 24 bytes leftover after parsing attributes in process `syz.7.16912'. [ 602.346795][T10981] can0: slcan on ttyS3. [ 602.505140][T10981] can0 (unregistered): slcan off ttyS3. [ 603.319527][ T5987] usb 13-1: new high-speed USB device number 20 using dummy_hcd [ 603.482167][ T5987] usb 13-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 603.485632][ T5987] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.488615][ T5987] usb 13-1: Product: syz [ 603.490866][ T5987] usb 13-1: Manufacturer: syz [ 603.492719][ T5987] usb 13-1: SerialNumber: syz [ 603.495822][ T5987] usb 13-1: config 0 descriptor?? [ 603.524474][T11025] kvm: apic: phys broadcast and lowest prio [ 603.620765][T11027] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.16959'. [ 603.703458][ T5987] usb 13-1: USB disconnect, device number 20 [ 604.459222][T11075] netlink: 'syz.8.16980': attribute type 3 has an invalid length. [ 604.462858][T11075] netlink: 4 bytes leftover after parsing attributes in process `syz.8.16980'. [ 604.801841][T11090] ipvlan2: entered promiscuous mode [ 604.803755][T11090] ipvlan2: entered allmulticast mode [ 604.805516][T11090] macvlan0: entered allmulticast mode [ 604.818612][T11090] ipvlan3: entered promiscuous mode [ 604.820737][T11090] ipvlan3: entered allmulticast mode [ 605.080340][T11094] netlink: 120 bytes leftover after parsing attributes in process `syz.2.16989'. [ 605.084404][T11094] netlink: 'syz.2.16989': attribute type 1 has an invalid length. [ 605.087837][T11094] netlink: 64 bytes leftover after parsing attributes in process `syz.2.16989'. [ 605.367442][T11109] netlink: 16 bytes leftover after parsing attributes in process `syz.9.16995'. [ 605.531285][T11104] warn_alloc: 2 callbacks suppressed [ 605.531304][T11104] syz.7.16994: page allocation failure: order:10, mode:0x40cc0(GFP_KERNEL|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 605.538685][T11104] CPU: 0 UID: 0 PID: 11104 Comm: syz.7.16994 Tainted: G L syzkaller #0 PREEMPT(full) [ 605.538713][T11104] Tainted: [L]=SOFTLOCKUP [ 605.538720][T11104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 605.538730][T11104] Call Trace: [ 605.538737][T11104] [ 605.538745][T11104] dump_stack_lvl+0x100/0x190 [ 605.538773][T11104] warn_alloc.cold+0x95/0x1c1 [ 605.538802][T11104] ? __pfx_warn_alloc+0x10/0x10 [ 605.538828][T11104] ? psi_memstall_leave+0x19c/0x2e0 [ 605.538855][T11104] ? __pfx___might_resched+0x10/0x10 [ 605.538884][T11104] __alloc_frozen_pages_noprof+0xf36/0x2ba0 [ 605.538922][T11104] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 605.538955][T11104] ? kasan_quarantine_put+0x104/0x240 [ 605.538982][T11104] ? lockdep_hardirqs_on+0x78/0x100 [ 605.539006][T11104] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 605.539036][T11104] ? policy_nodemask+0xed/0x4f0 [ 605.539057][T11104] alloc_pages_mpol+0x1fb/0x550 [ 605.539090][T11104] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 605.539108][T11104] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 605.539179][T11104] ? raw_alloc_io_data+0x14d/0x1c0 [ 605.539197][T11104] ___kmalloc_large_node+0x104/0x150 [ 605.539219][T11104] __kmalloc_large_node_noprof+0x1c/0x70 [ 605.539240][T11104] __kmalloc_noprof+0x5be/0x850 [ 605.539389][T11104] raw_alloc_io_data+0x14d/0x1c0 [ 605.539409][T11104] raw_ioctl+0x1214/0x2b80 [ 605.539432][T11104] ? __pfx_raw_ioctl+0x10/0x10 [ 605.539455][T11104] ? __pfx_raw_ioctl+0x10/0x10 [ 605.539472][T11104] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 605.539501][T11104] __do_fast_syscall_32+0xe3/0x8c0 [ 605.539529][T11104] do_fast_syscall_32+0x32/0x70 [ 605.539553][T11104] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 605.539576][T11104] RIP: 0023:0xf701ef6c [ 605.539590][T11104] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 605.539608][T11104] RSP: 002b:00000000f540d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 605.539624][T11104] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0085504 [ 605.539635][T11104] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 605.539646][T11104] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 605.539655][T11104] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 605.539665][T11104] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 605.539684][T11104] [ 605.542464][T11104] Mem-Info: [ 605.626935][T11104] active_anon:829 inactive_anon:1913 isolated_anon:18 [ 605.626935][T11104] active_file:3289 inactive_file:22274 isolated_file:0 [ 605.626935][T11104] unevictable:1749 dirty:341 writeback:0 [ 605.626935][T11104] slab_reclaimable:7017 slab_unreclaimable:67552 [ 605.626935][T11104] mapped:22636 shmem:1775 pagetables:1999 [ 605.626935][T11104] sec_pagetables:329 bounce:0 [ 605.626935][T11104] kernel_misc_reclaimable:0 [ 605.626935][T11104] free:64267 free_pcp:800 free_cma:0 [ 605.641558][T11104] Node 0 active_anon:128kB inactive_anon:4kB active_file:432kB inactive_file:0kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8128kB pagetables:1608kB sec_pagetables:1116kB all_unreclaimable? yes Balloon:0kB [ 605.652670][T11104] Node 1 active_anon:3288kB inactive_anon:7648kB active_file:12724kB inactive_file:89096kB unevictable:3460kB isolated(anon):72kB isolated(file):0kB mapped:90628kB dirty:1360kB writeback:0kB shmem:3564kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7096kB pagetables:6488kB sec_pagetables:200kB all_unreclaimable? no Balloon:0kB [ 605.663150][T11104] Node 0 DMA free:3252kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 605.673079][T11104] lowmem_reserve[]: 0 285 285 285 285 [ 605.674980][T11104] Node 0 DMA32 free:34768kB boost:18432kB min:31504kB low:34772kB high:38040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:128kB inactive_anon:4kB active_file:432kB inactive_file:0kB unevictable:3536kB writepending:4kB zspages:796kB present:1032196kB managed:292584kB mlocked:0kB bounce:0kB free_pcp:476kB local_pcp:0kB free_cma:0kB [ 605.685791][T11104] lowmem_reserve[]: 0 0 0 0 0 [ 605.687455][T11104] Node 1 DMA32 free:222728kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:3188kB inactive_anon:7648kB active_file:12724kB inactive_file:84896kB unevictable:3460kB writepending:1360kB zspages:6552kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:2584kB local_pcp:416kB free_cma:0kB [ 605.699950][T11104] lowmem_reserve[]: 0 0 0 0 0 [ 605.701608][T11104] Node 0 DMA: 119*4kB (U) 49*8kB (U) 21*16kB (U) 20*32kB (U) 8*64kB (U) 3*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 3252kB [ 605.706263][T11104] Node 0 DMA32: 1090*4kB (UE) 601*8kB (UME) 321*16kB (UME) 267*32kB (UME) 70*64kB (UME) 34*128kB (UME) 8*256kB (UME) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 34752kB [ 605.712246][T11104] Node 1 DMA32: 5614*4kB (UME) 6120*8kB (UME) 5127*16kB (UME) 294*32kB (UME) 54*64kB (UME) 39*128kB (UME) 20*256kB (UME) 71*512kB (UM) 4*1024kB (M) 4*2048kB (UM) 0*4096kB = 225064kB [ 605.718482][T11104] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 605.722304][T11104] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 605.725348][T11104] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 605.728694][T11104] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 605.732437][T11104] 27347 total pagecache pages [ 605.734029][T11104] 1663 pages in swap cache [ 605.735529][T11104] Free swap = 91016kB [ 605.736871][T11104] Total swap = 124996kB [ 605.738242][T11104] 524155 pages RAM [ 605.739875][T11104] 0 pages HighMem/MovableOnly [ 605.741452][T11104] 210116 pages reserved [ 605.742856][T11104] 0 pages cma reserved [ 606.069738][ T3996] usb 14-1: new high-speed USB device number 22 using dummy_hcd [ 606.249604][ T3996] usb 14-1: Using ep0 maxpacket: 8 [ 606.271629][ T3996] usb 14-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 606.274763][ T3996] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.277566][ T3996] usb 14-1: Product: syz [ 606.279769][ T3996] usb 14-1: Manufacturer: syz [ 606.281365][ T3996] usb 14-1: SerialNumber: syz [ 606.284243][ T3996] usb 14-1: config 0 descriptor?? [ 606.493489][ T3996] usb 14-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 606.498530][ T3996] dvb_usb_rtl28xxu 14-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 606.507592][ T3996] usb 14-1: USB disconnect, device number 22 [ 606.659779][ T24] usb 12-1: new high-speed USB device number 29 using dummy_hcd [ 606.809818][ T24] usb 12-1: Using ep0 maxpacket: 16 [ 606.814368][ T24] usb 12-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 606.817339][ T24] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.819946][ T24] usb 12-1: Product: syz [ 606.821331][ T24] usb 12-1: Manufacturer: syz [ 606.822877][ T24] usb 12-1: SerialNumber: syz [ 606.825735][ T24] usb 12-1: config 0 descriptor?? [ 606.830366][ T24] as10x_usb: device has been detected [ 606.832562][ T24] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 606.840568][ T24] usb 12-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 606.857431][ T24] as10x_usb: error during firmware upload part1 [ 606.859888][ T24] Registered device Sky IT Digital Key (green led) [ 606.999286][ T5987] usb 13-1: new high-speed USB device number 21 using dummy_hcd [ 607.037402][T11160] random: crng reseeded on system resumption [ 607.049023][ T829] usb 12-1: USB disconnect, device number 29 [ 607.063535][ T829] Unregistered device Sky IT Digital Key (green led) [ 607.065454][ T829] as10x_usb: device has been disconnected [ 607.149969][ T5987] usb 13-1: Using ep0 maxpacket: 8 [ 607.154438][ T5987] usb 13-1: config 0 has an invalid interface number: 55 but max is 0 [ 607.157613][ T5987] usb 13-1: config 0 has no interface number 0 [ 607.159921][ T5987] usb 13-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 607.163452][ T5987] usb 13-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 607.167000][ T5987] usb 13-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 607.170910][ T5987] usb 13-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 607.175112][ T5987] usb 13-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 607.178042][ T5987] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.182187][ T5987] usb 13-1: config 0 descriptor?? [ 607.186181][ T5987] ldusb 13-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 607.349700][ T24] usb 14-1: new high-speed USB device number 23 using dummy_hcd [ 607.442518][ T5987] usb 13-1: USB disconnect, device number 21 [ 607.444596][ C1] ldusb 13-1:0.55: usb_submit_urb failed (-19) [ 607.449002][ T5987] ldusb 13-1:0.55: LD USB Device #0 now disconnected [ 607.499803][ T24] usb 14-1: Using ep0 maxpacket: 32 [ 607.503698][ T24] usb 14-1: config 0 has no interfaces? [ 607.506276][ T24] usb 14-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 607.511958][ T24] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.518198][ T24] usb 14-1: config 0 descriptor?? [ 608.283356][T11198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 608.289392][T11198] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 608.297063][T11215] cgroup: fork rejected by pids controller in /syz8 [ 608.345302][T11220] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.17029'. [ 608.390459][ T40] kauditd_printk_skb: 92 callbacks suppressed [ 608.390471][ T40] audit: type=1326 audit(2000000390.556:2584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 608.420067][ T40] audit: type=1326 audit(2000000390.556:2585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 608.430512][ T40] audit: type=1326 audit(2000000390.556:2586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 608.440085][ T40] audit: type=1326 audit(2000000390.556:2587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 608.449699][ T40] audit: type=1326 audit(2000000390.556:2588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 608.459064][ T40] audit: type=1326 audit(2000000390.556:2589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 608.474276][ T40] audit: type=1326 audit(2000000390.556:2590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 608.483513][ T40] audit: type=1326 audit(2000000390.556:2591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 608.495920][ T40] audit: type=1326 audit(2000000390.556:2592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 608.504689][ T40] audit: type=1326 audit(2000000390.556:2593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11221 comm="syz.7.17030" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 608.904236][ T5712] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 608.911785][ T5712] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 608.916054][ T5712] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 608.919582][ T5712] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 608.922300][ T5712] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 608.974844][T11238] ip6_vti0 speed is unknown, defaulting to 1000 [ 609.147230][T11238] lo speed is unknown, defaulting to 1000 [ 609.354271][T11238] chnl_net:caif_netlink_parms(): no params data found [ 609.412419][T11238] bridge0: port 1(bridge_slave_0) entered blocking state [ 609.414886][T11238] bridge0: port 1(bridge_slave_0) entered disabled state [ 609.417288][T11238] bridge_slave_0: entered allmulticast mode [ 609.420583][T11238] bridge_slave_0: entered promiscuous mode [ 609.424342][T11238] bridge0: port 2(bridge_slave_1) entered blocking state [ 609.426855][T11238] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.429396][T11238] bridge_slave_1: entered allmulticast mode [ 609.432677][T11238] bridge_slave_1: entered promiscuous mode [ 609.450866][T11238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 609.455669][T11238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.473398][T11238] team0: Port device team_slave_0 added [ 609.478205][T11238] team0: Port device team_slave_1 added [ 609.495187][T11238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 609.497566][T11238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 609.505911][T11238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 609.511229][T11238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 609.513535][T11238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 609.521872][T11238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 609.575431][T11238] hsr_slave_0: entered promiscuous mode [ 609.578814][T11238] hsr_slave_1: entered promiscuous mode [ 609.585504][T11238] debugfs: 'hsr0' already exists in 'hsr' [ 609.587823][T11238] Cannot create hsr debugfs directory [ 609.660842][T11270] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 609.779906][T11238] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 609.785808][T11238] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.887711][T11238] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 609.891798][T11238] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.949225][ T829] usb 12-1: new high-speed USB device number 30 using dummy_hcd [ 610.015208][T11238] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 610.019022][T11238] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.095315][T11238] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 610.099966][T11238] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.109290][ T829] usb 12-1: Using ep0 maxpacket: 8 [ 610.113863][ T829] usb 12-1: config 0 has an invalid interface number: 1 but max is 0 [ 610.116524][ T3996] usb 14-1: USB disconnect, device number 23 [ 610.118739][ T829] usb 12-1: config 0 has no interface number 0 [ 610.129669][ T829] usb 12-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 610.133405][ T829] usb 12-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 610.136402][ T829] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.141947][ T829] usb 12-1: config 0 descriptor?? [ 610.155877][ T829] iowarrior 12-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 610.277204][T11238] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 610.282235][T11238] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 610.286985][T11238] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 610.292376][T11238] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 610.385657][T11238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 610.401244][T11238] 8021q: adding VLAN 0 to HW filter on device team0 [ 610.410474][ T3132] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.413775][ T3132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 610.424017][ T3132] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.427288][ T3132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 610.631844][T11238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 610.832349][T11238] veth0_vlan: entered promiscuous mode [ 610.838776][T11238] veth1_vlan: entered promiscuous mode [ 610.858450][T11238] veth0_macvtap: entered promiscuous mode [ 610.867218][T11238] veth1_macvtap: entered promiscuous mode [ 610.880560][T11238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 610.893163][T11238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 610.904567][ T46] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.908865][ T46] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.914943][ T46] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.927481][ T46] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.989335][ T5946] Bluetooth: hci3: command tx timeout [ 610.998424][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 611.002275][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 611.020858][ T3132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 611.026402][ T3132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 611.136833][T11325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17063'. [ 611.395008][ T829] usb 12-1: USB disconnect, device number 30 [ 612.181356][ T1246] Bluetooth: hci4: Frame reassembly failed (-84) [ 612.185653][ T61] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 612.188138][ T61] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 612.571130][T11378] tunl0: Caught tx_queue_len zero misconfig [ 612.941975][T11403] input: syz0 as /devices/virtual/input/input83 [ 613.021108][T11405] ceph: No mds server is up or the cluster is laggy [ 613.078963][ T5712] Bluetooth: hci3: command tx timeout [ 613.119862][T11415] trusted_key: syz.8.17104 sent an empty control message without MSG_MORE. [ 613.319564][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.323393][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 614.191910][ T5946] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 614.225463][T11470] kvm: apic: phys broadcast and lowest prio [ 614.286413][T11478] input: syz0 as /devices/virtual/input/input84 [ 614.728069][T11522] pim6reg1: entered promiscuous mode [ 614.734143][T11522] pim6reg1: entered allmulticast mode [ 615.149296][ T5946] Bluetooth: hci3: command tx timeout [ 615.209927][T11562] syzkaller1: entered promiscuous mode [ 615.212229][T11562] syzkaller1: entered allmulticast mode [ 617.049015][T11647] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 617.239427][ T5946] Bluetooth: hci3: command tx timeout [ 617.356862][T11654] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17206'. [ 617.361888][T11654] netlink: 12 bytes leftover after parsing attributes in process `syz.2.17206'. [ 617.377752][T11654] netlink: 60 bytes leftover after parsing attributes in process `syz.2.17206'. [ 617.914474][T11666] loop3: detected capacity change from 0 to 4096 [ 618.113072][T11683] netlink: 4 bytes leftover after parsing attributes in process `syz.8.17218'. [ 618.367432][T11701] input: syz0 as /devices/virtual/input/input85 [ 618.602328][T11723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17237'. [ 618.605343][T11723] netlink: 252 bytes leftover after parsing attributes in process `syz.2.17237'. [ 618.608429][T11723] netlink: 440 bytes leftover after parsing attributes in process `syz.2.17237'. [ 618.618973][T11723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17237'. [ 618.839505][ T1246] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 619.429503][T11766] block nbd4: server does not support multiple connections per device. [ 619.432464][T11766] block nbd4: shutting down sockets [ 619.470708][ T108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 619.473609][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 620.749624][ T108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 620.839745][T11855] netlink: 32 bytes leftover after parsing attributes in process `syz.9.17296'. [ 621.107914][T11868] overlayfs: statfs failed on './file0' [ 621.195237][T11876] netlink: 32 bytes leftover after parsing attributes in process `syz.7.17306'. [ 621.400613][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 621.687478][T11902] Bluetooth: MGMT ver 1.23 [ 621.749854][ T24] usb 14-1: new high-speed USB device number 24 using dummy_hcd [ 621.772383][T11908] dummy0: entered promiscuous mode [ 621.774134][T11908] dummy0: left promiscuous mode [ 621.930722][ T24] usb 14-1: Using ep0 maxpacket: 8 [ 621.940000][ T24] usb 14-1: config index 0 descriptor too short (expected 301, got 45) [ 621.943092][ T24] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 621.947153][ T24] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 621.966849][ T24] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 621.972279][ T24] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 621.977412][ T24] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 621.984131][ T24] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.039608][ T108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 622.201771][ T24] usb 14-1: GET_CAPABILITIES returned 0 [ 622.204334][ T24] usbtmc 14-1:16.0: can't read capabilities [ 622.414090][ T829] usb 14-1: USB disconnect, device number 24 [ 622.761143][ T5712] Bluetooth: hci4: sending frame failed (-49) [ 622.763553][ T5946] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 622.998915][T11984] syzkaller1: entered promiscuous mode [ 623.002241][T11984] syzkaller1: entered allmulticast mode [ 623.238471][ T40] kauditd_printk_skb: 93 callbacks suppressed [ 623.238489][ T40] audit: type=1326 audit(2000000405.396:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12006 comm="syz.2.17360" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fe8f6c code=0x0 [ 624.188030][T12036] __nla_validate_parse: 2 callbacks suppressed [ 624.188043][T12036] netlink: 28 bytes leftover after parsing attributes in process `syz.9.17373'. [ 624.193607][T12036] netlink: 'syz.9.17373': attribute type 7 has an invalid length. [ 624.197433][T12036] netlink: 'syz.9.17373': attribute type 8 has an invalid length. [ 624.200674][T12036] netlink: 4 bytes leftover after parsing attributes in process `syz.9.17373'. [ 624.313315][T12047] tap0: tun_chr_ioctl cmd 1074025675 [ 624.315081][T12047] tap0: persist enabled [ 624.317292][T12047] tap0: tun_chr_ioctl cmd 1074025675 [ 624.319062][T12047] tap0: persist enabled [ 624.355807][T12055] netlink: 56 bytes leftover after parsing attributes in process `syz.9.17382'. [ 624.396130][T12061] netlink: 88 bytes leftover after parsing attributes in process `syz.2.17385'. [ 624.482483][T12072] tipc: Started in network mode [ 624.484129][T12072] tipc: Node identity ac14140f, cluster identity 4711 [ 624.486752][T12072] tipc: New replicast peer: 255.255.255.255 [ 624.491150][T12072] tipc: Enabled bearer , priority 10 [ 624.545244][T12077] netlink: 212368 bytes leftover after parsing attributes in process `syz.9.17392'. [ 624.567817][T12079] input: syz1 as /devices/virtual/input/input87 [ 624.591267][ T108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.919182][ T5987] usb 14-1: new high-speed USB device number 25 using dummy_hcd [ 624.986332][ T50] kernel read not supported for file /input/event0 (pid: 50 comm: kworker/3:1) [ 625.071051][ T5987] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 625.074755][ T5987] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 625.078324][ T5987] usb 14-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 625.081683][ T5987] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.085896][ T5987] usb 14-1: config 0 descriptor?? [ 625.230478][ T108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 625.429210][ T50] usb 13-1: new high-speed USB device number 22 using dummy_hcd [ 625.492953][ T5987] hid_parser_main: 28 callbacks suppressed [ 625.492966][ T5987] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0 [ 625.497322][ T5987] cm6533_jd 0003:0D8C:0022.0015: unknown main item tag 0x0 [ 625.503640][ T5987] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/0003:0D8C:0022.0015/input/input88 [ 625.516257][ T5987] cm6533_jd 0003:0D8C:0022.0015: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.9-1/input0 [ 625.599346][ T50] usb 13-1: Using ep0 maxpacket: 16 [ 625.602434][ T50] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 625.607466][ T50] usb 13-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 625.610632][ T50] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.613521][ T50] usb 13-1: Product: syz [ 625.614945][ T50] usb 13-1: Manufacturer: syz [ 625.616519][ T50] usb 13-1: SerialNumber: syz [ 625.619756][ T5939] tipc: Node number set to 2886997007 [ 625.620802][ T50] usb 13-1: config 0 descriptor?? [ 625.625981][ T50] hub 13-1:0.0: bad descriptor, ignoring hub [ 625.628008][ T50] hub 13-1:0.0: probe with driver hub failed with error -5 [ 625.631831][ T50] usb 13-1: Quirk or no altset; falling back to MIDI 1.0 [ 625.701185][ T5939] usb 14-1: USB disconnect, device number 25 [ 625.871085][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 625.932729][ T50] usb 13-1: USB disconnect, device number 22 [ 626.274136][T12135] syzkaller1: entered promiscuous mode [ 626.275992][T12135] syzkaller1: entered allmulticast mode [ 626.440806][ T61] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 626.511798][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 626.579723][T12153] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.17425'. [ 626.651873][T12158] netlink: 12 bytes leftover after parsing attributes in process `syz.9.17427'. [ 626.654934][T12158] netlink: 12 bytes leftover after parsing attributes in process `syz.9.17427'. [ 627.124722][T12189] netlink: 20 bytes leftover after parsing attributes in process `syz.9.17440'. [ 627.359908][T12199] netlink: 4 bytes leftover after parsing attributes in process `syz.8.17443'. [ 627.407465][T12201] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 627.799592][ T61] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 628.142224][T12225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 628.390440][T12239] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 628.469731][ T5987] usb 14-1: new high-speed USB device number 26 using dummy_hcd [ 628.629598][ T5987] usb 14-1: Using ep0 maxpacket: 8 [ 628.633649][ T5987] usb 14-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.638566][ T5987] usb 14-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.643334][ T5987] usb 14-1: config 0 interface 0 has no altsetting 0 [ 628.646279][ T5987] usb 14-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 628.650706][ T5987] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.660667][ T5987] usb 14-1: config 0 descriptor?? [ 628.989888][ T40] audit: type=1326 audit(2000000411.156:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 628.998071][ T40] audit: type=1326 audit(2000000411.156:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.006149][ T40] audit: type=1326 audit(2000000411.156:2690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.013582][ T40] audit: type=1326 audit(2000000411.156:2691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.020949][ T40] audit: type=1326 audit(2000000411.156:2692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.028325][ T40] audit: type=1326 audit(2000000411.156:2693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.035615][ T40] audit: type=1326 audit(2000000411.156:2694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.043235][ T40] audit: type=1326 audit(2000000411.156:2695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.050878][ T40] audit: type=1326 audit(2000000411.156:2696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.058073][ T40] audit: type=1326 audit(2000000411.156:2697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12260 comm="syz.8.17474" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000 [ 629.068804][ T5987] mcp2221 0003:04D8:00DD.0016: unknown main item tag 0x0 [ 629.072565][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.079277][ T5987] mcp2221 0003:04D8:00DD.0016: unknown main item tag 0x0 [ 629.082015][ T5987] mcp2221 0003:04D8:00DD.0016: unknown main item tag 0x0 [ 629.084350][ T5987] mcp2221 0003:04D8:00DD.0016: unknown main item tag 0x0 [ 629.086662][ T5987] mcp2221 0003:04D8:00DD.0016: unknown main item tag 0x0 [ 629.089578][ T5987] mcp2221 0003:04D8:00DD.0016: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.9-1/input0 [ 629.273524][T12231] i2c i2c-2: unsupported multi-msg i2c transaction [ 629.287889][ T829] usb 14-1: USB disconnect, device number 26 [ 629.544732][ T5946] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 629.550128][ T5946] CPU: 3 UID: 0 PID: 5946 Comm: kworker/u33:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 629.550166][ T5946] Tainted: [L]=SOFTLOCKUP [ 629.550174][ T5946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 629.550188][ T5946] Workqueue: hci3 hci_rx_work [ 629.550216][ T5946] Call Trace: [ 629.550223][ T5946] [ 629.550231][ T5946] dump_stack_lvl+0x100/0x190 [ 629.550264][ T5946] sysfs_warn_dup.cold+0x1c/0x28 [ 629.550293][ T5946] sysfs_create_dir_ns+0x24b/0x2b0 [ 629.550321][ T5946] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 629.550350][ T5946] ? find_held_lock+0x2b/0x80 [ 629.550369][ T5946] ? kobject_add_internal+0x25f/0x930 [ 629.550401][ T5946] ? kobject_add_internal+0x25f/0x930 [ 629.550434][ T5946] ? do_raw_spin_unlock+0x145/0x1e0 [ 629.550482][ T5946] kobject_add_internal+0x2c8/0x930 [ 629.550520][ T5946] kobject_add+0x16a/0x1e0 [ 629.550538][ T5946] ? __pfx_kobject_add+0x10/0x10 [ 629.550555][ T5946] ? class_to_subsys+0x10f/0x150 [ 629.550585][ T5946] ? kobject_put+0xb9/0x640 [ 629.550612][ T5946] ? _raw_spin_unlock+0x28/0x50 [ 629.550644][ T5946] device_add+0x294/0x1950 [ 629.550668][ T5946] ? __pfx_dev_set_name+0x10/0x10 [ 629.550701][ T5946] ? __pfx_device_add+0x10/0x10 [ 629.550725][ T5946] ? mgmt_send_event_skb+0x2fb/0x460 [ 629.550757][ T5946] hci_conn_add_sysfs+0x1a3/0x260 [ 629.550786][ T5946] le_conn_complete_evt+0x11cb/0x1f40 [ 629.550818][ T5946] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 629.550851][ T5946] hci_le_conn_complete_evt+0x23c/0x3a0 [ 629.550877][ T5946] ? skb_pull_data+0x15f/0x1e0 [ 629.550901][ T5946] hci_le_meta_evt+0x34a/0x5f0 [ 629.550928][ T5946] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 629.550956][ T5946] hci_event_packet+0x682/0x11c0 [ 629.550981][ T5946] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 629.551008][ T5946] ? __pfx_hci_event_packet+0x10/0x10 [ 629.551035][ T5946] ? kcov_remote_start+0x374/0x660 [ 629.551054][ T5946] ? lockdep_hardirqs_on+0x78/0x100 [ 629.551087][ T5946] hci_rx_work+0x451/0xfc0 [ 629.551116][ T5946] process_one_work+0xa23/0x19a0 [ 629.551156][ T5946] ? __pfx_process_one_work+0x10/0x10 [ 629.551190][ T5946] ? __pfx_hci_rx_work+0x10/0x10 [ 629.551216][ T5946] worker_thread+0x5ef/0xe50 [ 629.551255][ T5946] ? kthread+0x13a/0x450 [ 629.551278][ T5946] ? __pfx_worker_thread+0x10/0x10 [ 629.551304][ T5946] kthread+0x370/0x450 [ 629.551327][ T5946] ? __pfx_kthread+0x10/0x10 [ 629.551354][ T5946] ret_from_fork+0x754/0xd80 [ 629.551383][ T5946] ? __pfx_ret_from_fork+0x10/0x10 [ 629.551414][ T5946] ? __switch_to+0x7b4/0x1120 [ 629.551435][ T5946] ? __pfx_kthread+0x10/0x10 [ 629.551462][ T5946] ret_from_fork_asm+0x1a/0x30 [ 629.551498][ T5946] [ 629.552707][ T5946] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 629.662788][ T5946] Bluetooth: hci3: failed to register connection device [ 629.732457][T12282] netlink: 212348 bytes leftover after parsing attributes in process `syz.8.17483'. [ 629.801952][T12286] netlink: 7 bytes leftover after parsing attributes in process `syz.8.17485'. [ 630.089454][ T5987] usb 14-1: new high-speed USB device number 27 using dummy_hcd [ 630.239197][ T5987] usb 14-1: Using ep0 maxpacket: 8 [ 630.242129][ T5987] usb 14-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 630.245621][ T5987] usb 14-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 630.250193][ T5987] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 630.253162][ T5987] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.262400][ T5987] usbtmc 14-1:16.0: bulk endpoints not found [ 630.349880][ T1246] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 630.352703][ T1246] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 630.440625][T12314] netlink: 24 bytes leftover after parsing attributes in process `syz.8.17499'. [ 630.915267][T12331] netlink: 228 bytes leftover after parsing attributes in process `syz.8.17506'. [ 630.918374][T12331] netlink: 228 bytes leftover after parsing attributes in process `syz.8.17506'. [ 631.559632][ T61] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 632.281397][ T24] usb 13-1: new high-speed USB device number 23 using dummy_hcd [ 632.442621][ T24] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 632.446266][ T24] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.450377][ T24] usb 13-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 632.453533][ T24] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.457541][ T24] usb 13-1: config 0 descriptor?? [ 632.829686][ T1246] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 632.847993][ T5987] usb 14-1: USB disconnect, device number 27 [ 632.872953][ T24] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 632.875452][ T24] cm6533_jd 0003:0D8C:0022.0017: unknown main item tag 0x0 [ 632.889540][ T24] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/0003:0D8C:0022.0017/input/input89 [ 632.908644][ T24] cm6533_jd 0003:0D8C:0022.0017: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.8-1/input0 [ 633.082546][ T24] usb 13-1: USB disconnect, device number 23 [ 633.550792][ T1246] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 633.684937][T12411] netlink: 41 bytes leftover after parsing attributes in process `syz.9.17542'. [ 633.687883][T12411] netlink: 140 bytes leftover after parsing attributes in process `syz.9.17542'. [ 633.690935][T12411] netlink: 41 bytes leftover after parsing attributes in process `syz.9.17542'. [ 634.282477][T12445] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.17556'. [ 634.339258][ T829] usb 14-1: new low-speed USB device number 28 using dummy_hcd [ 634.359368][T21346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 634.511851][ T829] usb 14-1: config 0 has an invalid interface number: 1 but max is 0 [ 634.515702][ T829] usb 14-1: config 0 has no interface number 0 [ 634.518503][ T829] usb 14-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 634.523967][ T829] usb 14-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 634.528758][ T829] usb 14-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 634.533781][ T829] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.539771][ T829] usb 14-1: config 0 descriptor?? [ 634.545037][T12434] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 634.553009][ T829] iowarrior 14-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 634.599244][T30513] usb 13-1: new high-speed USB device number 24 using dummy_hcd [ 634.756767][ T829] usb 14-1: USB disconnect, device number 28 [ 634.759520][T30513] usb 13-1: Using ep0 maxpacket: 8 [ 634.767589][T30513] usb 13-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.772821][T30513] usb 13-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.776907][T30513] usb 13-1: config 0 interface 0 has no altsetting 0 [ 634.779877][T30513] usb 13-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 634.783610][T30513] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.789939][T30513] usb 13-1: config 0 descriptor?? [ 634.996020][T12468] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17565'. [ 635.072525][ T3996] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 635.129916][T12474] netlink: 60 bytes leftover after parsing attributes in process `syz.7.17569'. [ 635.134529][T12474] netlink: 12 bytes leftover after parsing attributes in process `syz.7.17569'. [ 635.164918][T12474] netlink: 60 bytes leftover after parsing attributes in process `syz.7.17569'. [ 635.208809][T30513] mcp2221 0003:04D8:00DD.0018: unknown main item tag 0x0 [ 635.211418][T30513] mcp2221 0003:04D8:00DD.0018: unknown main item tag 0x0 [ 635.213809][T30513] mcp2221 0003:04D8:00DD.0018: unknown main item tag 0x0 [ 635.216088][T30513] mcp2221 0003:04D8:00DD.0018: unknown main item tag 0x0 [ 635.218529][T30513] mcp2221 0003:04D8:00DD.0018: unknown main item tag 0x0 [ 635.218965][T12477] tun0: tun_chr_ioctl cmd 1074025675 [ 635.221229][T30513] mcp2221 0003:04D8:00DD.0018: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.8-1/input0 [ 635.222722][T12477] tun0: persist enabled [ 635.225425][T12477] tun0: tun_chr_ioctl cmd 1074025675 [ 635.231469][T12477] tun0: persist disabled [ 635.282838][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 635.282850][ T40] audit: type=1326 audit(2000000417.446:2703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.293225][ T40] audit: type=1326 audit(2000000417.466:2704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.302145][ T40] audit: type=1326 audit(2000000417.466:2705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.310025][ T40] audit: type=1326 audit(2000000417.466:2706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.317267][ T40] audit: type=1326 audit(2000000417.466:2707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.325875][ T40] audit: type=1326 audit(2000000417.466:2708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.333805][ T40] audit: type=1326 audit(2000000417.466:2709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f35f88 code=0x7ffc0000 [ 635.341750][ T40] audit: type=1326 audit(2000000417.466:2710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.348960][ T40] audit: type=1326 audit(2000000417.466:2711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.356464][ T40] audit: type=1326 audit(2000000417.466:2712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12478 comm="syz.9.17571" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35f6c code=0x7ffc0000 [ 635.409885][T12449] i2c i2c-2: unsupported multi-msg i2c transaction [ 635.415162][T30513] usb 13-1: USB disconnect, device number 24 [ 635.595360][T12485] netlink: 41 bytes leftover after parsing attributes in process `syz.7.17573'. [ 635.598345][T12485] netlink: 140 bytes leftover after parsing attributes in process `syz.7.17573'. [ 635.601547][T12485] netlink: 41 bytes leftover after parsing attributes in process `syz.7.17573'. [ 635.789521][ T5946] Bluetooth: hci3: command 0x0406 tx timeout [ 635.929428][T12501] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 635.975991][T12506] netlink: 20 bytes leftover after parsing attributes in process `syz.9.17586'. [ 636.110070][ T1177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 636.110254][ T3996] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 636.112525][ T108] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 636.439169][ T3996] usb 14-1: new high-speed USB device number 29 using dummy_hcd [ 636.528776][T12521] netlink: 4 bytes leftover after parsing attributes in process `syz.8.17591'. [ 636.534599][T12521] netlink: 4 bytes leftover after parsing attributes in process `syz.8.17591'. [ 636.589755][ T3996] usb 14-1: Using ep0 maxpacket: 16 [ 636.592862][ T3996] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 636.598215][ T3996] usb 14-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 636.601827][ T3996] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.604392][ T3996] usb 14-1: Product: syz [ 636.605732][ T3996] usb 14-1: Manufacturer: syz [ 636.607762][ T3996] usb 14-1: SerialNumber: syz [ 636.612338][ T3996] usb 14-1: config 0 descriptor?? [ 636.615174][ T3996] hub 14-1:0.0: bad descriptor, ignoring hub [ 636.617156][ T3996] hub 14-1:0.0: probe with driver hub failed with error -5 [ 636.625659][ T3996] usb 14-1: Quirk or no altset; falling back to MIDI 1.0 [ 636.958101][T21346] usb 14-1: USB disconnect, device number 29 [ 637.099575][T30513] usb 12-1: new high-speed USB device number 31 using dummy_hcd [ 637.150667][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 637.224185][T12542] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 637.228652][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 637.249925][T30513] usb 12-1: Using ep0 maxpacket: 8 [ 637.262280][T30513] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 637.267082][T30513] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 637.271815][T30513] usb 12-1: config 0 interface 0 has no altsetting 0 [ 637.274702][T30513] usb 12-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 637.278633][T30513] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.290432][T30513] usb 12-1: config 0 descriptor?? [ 637.390424][ T3132] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 637.391339][T21346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 637.703449][T30513] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 637.706044][T30513] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 637.708523][T30513] mcp2221 0003:04D8:00DD.0019: unknown main item tag 0x0 [ 637.712084][T30513] mcp2221 0003:04D8:00DD.0019: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0 [ 637.799341][ T50] usb 13-1: new high-speed USB device number 25 using dummy_hcd [ 637.902050][T12531] i2c i2c-2: unsupported multi-msg i2c transaction [ 637.905706][T30513] usb 12-1: USB disconnect, device number 31 [ 637.950373][ T50] usb 13-1: Using ep0 maxpacket: 32 [ 637.954732][ T50] usb 13-1: config index 0 descriptor too short (expected 156, got 27) [ 637.958000][ T50] usb 13-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 637.962184][ T50] usb 13-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 637.966344][ T50] usb 13-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 637.971010][ T50] usb 13-1: config 0 interface 0 has no altsetting 0 [ 637.974829][ T50] usb 13-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 637.978060][ T50] usb 13-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 637.981452][ T50] usb 13-1: Product: syz [ 637.982980][ T50] usb 13-1: Manufacturer: syz [ 637.984564][ T50] usb 13-1: SerialNumber: syz [ 637.987693][ T50] usb 13-1: config 0 descriptor?? [ 637.991030][ T50] ldusb 13-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 637.994789][ T50] ldusb 13-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 638.189570][ T3996] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 638.194692][ T3996] usb 13-1: USB disconnect, device number 25 [ 638.194714][ C0] ldusb 13-1:0.0: usb_submit_urb failed (-19) [ 638.199629][ T3996] ldusb 13-1:0.0: LD USB Device #0 now disconnected [ 639.035601][T12577] input: syz1 as /devices/virtual/input/input90 [ 639.919855][ T24] usb 12-1: new high-speed USB device number 32 using dummy_hcd [ 640.069559][ T24] usb 12-1: Using ep0 maxpacket: 16 [ 640.082839][ T24] usb 12-1: unable to get BOS descriptor or descriptor too short [ 640.085992][ T24] usb 12-1: unable to read config index 0 descriptor/start: -71 [ 640.088518][ T24] usb 12-1: can't read configurations, error -71 [ 640.849540][ T6026] usb 14-1: new high-speed USB device number 30 using dummy_hcd [ 641.009391][ T6026] usb 14-1: Using ep0 maxpacket: 8 [ 641.012494][ T6026] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 641.015685][ T6026] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 641.018863][ T6026] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 641.023062][ T6026] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 641.027275][ T6026] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 641.030406][ T6026] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.241014][ T6026] usb 14-1: GET_CAPABILITIES returned 0 [ 641.242884][ T6026] usbtmc 14-1:16.0: can't read capabilities [ 641.310634][ T24] net_ratelimit: 8 callbacks suppressed [ 641.310652][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.447450][ C0] usbtmc 14-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 641.454320][T30513] usb 14-1: USB disconnect, device number 30 [ 641.870019][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.880507][ T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.986571][T12632] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.990153][ C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.993626][T12632] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.996886][ T1177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 642.017005][T12631] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 642.021213][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 642.357663][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 642.681169][T12678] netlink: 'syz.9.17662': attribute type 2 has an invalid length. [ 643.789299][T30513] usb 13-1: new high-speed USB device number 26 using dummy_hcd [ 643.883179][T12700] netlink: 'syz.7.17672': attribute type 2 has an invalid length. [ 643.950986][T30513] usb 13-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 643.955268][T30513] usb 13-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 643.956579][T12706] __nla_validate_parse: 3 callbacks suppressed [ 643.956593][T12706] netlink: 36 bytes leftover after parsing attributes in process `syz.9.17676'. [ 643.959730][T30513] usb 13-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 643.961847][T30513] usb 13-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 643.979291][T30513] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.983008][T30513] usb 13-1: Product: syz [ 643.984884][T30513] usb 13-1: Manufacturer: syz [ 643.986886][T30513] usb 13-1: SerialNumber: syz [ 643.992445][T30513] hub 13-1:1.0: bad descriptor, ignoring hub [ 643.994783][T30513] hub 13-1:1.0: probe with driver hub failed with error -5 [ 644.202255][T30513] usblp 13-1:1.0: usblp0: USB Unidirectional printer dev 26 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 644.830965][T12684] usb 13-1: reset high-speed USB device number 26 using dummy_hcd [ 645.239586][T30513] usb 13-1: USB disconnect, device number 26 [ 645.244144][T30513] usblp0: removed [ 645.673248][T12735] netlink: 52 bytes leftover after parsing attributes in process `syz.9.17688'. [ 646.192612][T12765] syzkaller1: entered promiscuous mode [ 646.194433][T12765] syzkaller1: entered allmulticast mode [ 646.446205][T12784] netlink: 176 bytes leftover after parsing attributes in process `syz.9.17719'. [ 646.509381][ T24] net_ratelimit: 10 callbacks suppressed [ 646.509399][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.665624][T12794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.670260][T12794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.673388][T12794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.676789][T12794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.680190][T12794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 646.685536][T12793] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 647.048143][T12802] netlink: 4 bytes leftover after parsing attributes in process `syz.9.17718'. [ 647.053406][T12802] netlink: 4 bytes leftover after parsing attributes in process `syz.9.17718'. [ 647.057706][T12802] netlink: 104 bytes leftover after parsing attributes in process `syz.9.17718'. [ 647.061751][T12802] netlink: 104 bytes leftover after parsing attributes in process `syz.9.17718'. [ 647.550004][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 647.630701][ T1177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 647.639754][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 648.426226][T12852] input: syz1 as /devices/virtual/input/input92 [ 648.514490][T12861] geneve2: entered promiscuous mode [ 648.583250][T12866] ip6_vti0 speed is unknown, defaulting to 1000 [ 648.705039][T12875] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17752'. [ 648.708389][T12866] lo speed is unknown, defaulting to 1000 [ 648.709194][T12875] netlink: 'syz.2.17752': attribute type 7 has an invalid length. [ 648.714090][T12875] netlink: 'syz.2.17752': attribute type 8 has an invalid length. [ 648.716597][T12875] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17752'. [ 648.723479][T12875] erspan0: entered promiscuous mode [ 648.725799][T12875] gretap0: entered promiscuous mode [ 648.728293][T12875] erspan0: left promiscuous mode [ 648.733551][T12875] gretap0: left promiscuous mode [ 648.769375][ T6026] usb 13-1: new high-speed USB device number 27 using dummy_hcd [ 648.939472][ T6026] usb 13-1: Using ep0 maxpacket: 8 [ 648.943279][ T6026] usb 13-1: config 168 descriptor has 1 excess byte, ignoring [ 648.946366][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 648.951252][ T6026] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 648.956643][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 648.960635][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 648.964710][ T5987] usb 14-1: new high-speed USB device number 31 using dummy_hcd [ 648.968177][ T6026] usb 13-1: config 168 descriptor has 1 excess byte, ignoring [ 648.972031][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 648.976858][ T6026] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 648.982197][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 648.986849][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 648.993660][ T6026] usb 13-1: config 168 descriptor has 1 excess byte, ignoring [ 648.996989][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 649.002441][ T6026] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 649.008480][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 649.019386][ T6026] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 649.027037][ T6026] usb 13-1: string descriptor 0 read error: -22 [ 649.030617][ T6026] usb 13-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 649.034911][ T6026] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.051917][ T6026] adutux 13-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 649.122556][ T5987] usb 14-1: config index 0 descriptor too short (expected 23569, got 27) [ 649.124255][T12891] input: syz1 as /devices/virtual/input/input93 [ 649.126310][ T5987] usb 14-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 649.137617][ T5987] usb 14-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 649.142609][ T5987] usb 14-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 649.146358][ T5987] usb 14-1: Manufacturer: syz [ 649.152117][ T5987] usb 14-1: config 0 descriptor?? [ 649.173583][T12894] netlink: 176 bytes leftover after parsing attributes in process `syz.2.17758'. [ 649.199228][ T5987] rc_core: IR keymap rc-hauppauge not found [ 649.201321][ T5987] Registered IR keymap rc-empty [ 649.203500][ T5987] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/rc/rc0 [ 649.216284][ T5987] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.9/usb14/14-1/14-1:0.0/rc/rc0/input94 [ 649.362283][ C1] igorplugusb 14-1:0.0: Error: urb status = -32 [ 649.367444][ T5939] usb 14-1: USB disconnect, device number 31 [ 649.401398][T12907] tipc: Started in network mode [ 649.403046][T12907] tipc: Node identity ac14140f, cluster identity 4711 [ 649.405352][T12907] tipc: New replicast peer: 255.255.255.255 [ 649.407473][T12907] tipc: Enabled bearer , priority 10 [ 649.530063][ T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 650.399619][ T24] tipc: Node number set to 2886997007 [ 650.779259][ T50] usb 12-1: new high-speed USB device number 34 using dummy_hcd [ 650.931094][ T50] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 650.934584][ T50] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.937716][ T50] usb 12-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 650.942724][ T50] usb 12-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 650.949544][ T50] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.957318][ T50] usb 12-1: config 0 descriptor?? [ 651.315503][ T5987] usb 13-1: USB disconnect, device number 27 [ 651.380214][ T50] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0 [ 651.709716][ C0] net_ratelimit: 11 callbacks suppressed [ 651.709827][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 651.712179][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 651.718950][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.599526][ T50] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.749313][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.749980][ T1177] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.755107][ T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 653.389257][ T5946] Bluetooth: hci4: command 0x1003 tx timeout [ 653.391678][ T5712] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 653.409939][T12973] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 653.412809][T12973] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 653.421658][T12973] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 653.508199][T30513] usb 12-1: USB disconnect, device number 34 [ 653.710548][T12991] ip6_vti0 speed is unknown, defaulting to 1000 [ 653.830802][T12991] lo speed is unknown, defaulting to 1000 [ 654.235519][T13012] netlink: 56 bytes leftover after parsing attributes in process `syz.2.17810'. [ 654.457996][T13024] ip6_vti0 speed is unknown, defaulting to 1000 [ 654.588142][T13024] lo speed is unknown, defaulting to 1000 [ 655.218525][T13066] netlink: 24 bytes leftover after parsing attributes in process `syz.9.17834'. [ 655.388896][ T5946] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 655.395951][ T5946] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 655.406548][ T5946] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 655.410459][ T5946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 655.413216][ T5946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 655.439928][T13074] ip6_vti0 speed is unknown, defaulting to 1000 [ 655.562549][T13074] lo speed is unknown, defaulting to 1000 [ 655.885707][T13074] chnl_net:caif_netlink_parms(): no params data found [ 655.939395][T13074] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.942766][T13074] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.946094][T13074] bridge_slave_0: entered allmulticast mode [ 655.950436][T13074] bridge_slave_0: entered promiscuous mode [ 655.957071][T13074] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.964787][T13074] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.967112][T13074] bridge_slave_1: entered allmulticast mode [ 655.969980][T13074] bridge_slave_1: entered promiscuous mode [ 655.985217][T13074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 655.992391][T13074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 656.018387][T13074] team0: Port device team_slave_0 added [ 656.023416][T13074] team0: Port device team_slave_1 added [ 656.088475][T13074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 656.091366][T13074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 656.100287][T13074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 656.105857][T13074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 656.108886][T13074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 656.120592][T13074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 656.164240][T13074] hsr_slave_0: entered promiscuous mode [ 656.167236][T13074] hsr_slave_1: entered promiscuous mode [ 656.170867][T13074] debugfs: 'hsr0' already exists in 'hsr' [ 656.173092][T13074] Cannot create hsr debugfs directory [ 656.249737][ T13] netdevsim netdevsim9 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.253170][ T13] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.378747][ T13] netdevsim netdevsim9 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.385162][ T13] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.534640][T13127] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17860'. [ 656.537532][T13127] netlink: 4 bytes leftover after parsing attributes in process `syz.7.17860'. [ 656.541750][ T5946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 656.548583][ T5946] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 656.551041][T13127] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17860'. [ 656.558440][ T13] netdevsim netdevsim9 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.562988][ T13] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.564530][ T5946] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 656.573415][ T5946] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 656.577102][ T5946] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 656.653898][ T13] netdevsim netdevsim9 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 656.657000][ T13] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 656.667218][T13125] ip6_vti0 speed is unknown, defaulting to 1000 [ 656.756939][T13125] lo speed is unknown, defaulting to 1000 [ 656.919816][ T3996] net_ratelimit: 61 callbacks suppressed [ 656.919833][ T3996] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.106605][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 657.113352][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 657.117186][ T13] bond0 (unregistering): Released all slaves [ 657.125860][ T13] bond1 (unregistering): Released all slaves [ 657.226601][T13074] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 657.231972][T13164] netlink: 'syz.7.17869': attribute type 11 has an invalid length. [ 657.234597][T13164] netlink: 8 bytes leftover after parsing attributes in process `syz.7.17869'. [ 657.246484][T13074] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 657.261042][ T3996] usb 13-1: new high-speed USB device number 28 using dummy_hcd [ 657.275837][T13074] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 657.286161][T13074] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 657.441531][ T3996] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 657.442190][T13125] chnl_net:caif_netlink_parms(): no params data found [ 657.444884][ T3996] usb 13-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 657.450941][ T3996] usb 13-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 657.456786][ T3996] usb 13-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 657.459883][ T3996] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.466369][ T3996] usb 13-1: config 0 descriptor?? [ 657.483247][ T5712] Bluetooth: hci2: command tx timeout [ 657.570281][T13074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 657.572656][T13125] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.575392][T13125] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.577790][T13125] bridge_slave_0: entered allmulticast mode [ 657.580712][T13125] bridge_slave_0: entered promiscuous mode [ 657.589351][T13125] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.591706][T13125] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.594233][T13125] bridge_slave_1: entered allmulticast mode [ 657.597714][T13125] bridge_slave_1: entered promiscuous mode [ 657.608236][T13074] 8021q: adding VLAN 0 to HW filter on device team0 [ 657.684786][T13125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 657.706681][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.709862][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.738364][T13125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 657.755591][ T13] hsr_slave_0: left promiscuous mode [ 657.758673][ T13] hsr_slave_1: left promiscuous mode [ 657.767850][ T13] veth1_macvtap: left promiscuous mode [ 657.904252][ T3996] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0 [ 657.922113][ T13] team0 (unregistering): Port device team_slave_1 removed [ 657.937398][ T13] team0 (unregistering): Port device team_slave_0 removed [ 657.950034][ T3996] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 658.058270][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.060701][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 658.080439][T13125] team0: Port device team_slave_0 added [ 658.085704][T13125] team0: Port device team_slave_1 added [ 658.108535][T13125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 658.111677][T13125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 658.120130][T13125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 658.134681][T13125] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 658.136982][T13125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 658.145480][T13125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 658.189924][T13125] hsr_slave_0: entered promiscuous mode [ 658.192298][T13125] hsr_slave_1: entered promiscuous mode [ 658.194882][T13125] debugfs: 'hsr0' already exists in 'hsr' [ 658.196754][T13125] Cannot create hsr debugfs directory [ 658.385864][T13074] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 658.572089][T13074] veth0_vlan: entered promiscuous mode [ 658.577154][T13074] veth1_vlan: entered promiscuous mode [ 658.595903][T13074] veth0_macvtap: entered promiscuous mode [ 658.599946][T13074] veth1_macvtap: entered promiscuous mode [ 658.608715][T13074] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 658.618990][T13074] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 658.627455][ T61] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.631402][ T61] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.661571][ T61] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.664589][ T61] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 658.669250][ T5712] Bluetooth: hci0: command tx timeout [ 658.674137][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 658.705551][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 658.708123][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 658.722725][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 658.725274][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 658.786838][T13125] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 658.794250][T13125] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 658.799450][T13125] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 658.824165][T13125] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 658.898512][T13125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 658.915845][T13125] 8021q: adding VLAN 0 to HW filter on device team0 [ 658.925955][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 658.928668][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 658.938001][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.940371][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 659.004231][ T3996] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 659.090077][T13125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 659.176958][T13273] syzkaller1: entered promiscuous mode [ 659.178869][T13273] syzkaller1: entered allmulticast mode [ 659.282667][T13125] veth0_vlan: entered promiscuous mode [ 659.287810][T13125] veth1_vlan: entered promiscuous mode [ 659.308153][T13125] veth0_macvtap: entered promiscuous mode [ 659.314189][T13125] veth1_macvtap: entered promiscuous mode [ 659.324469][T13125] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 659.330324][T13125] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 659.336203][ T108] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.352223][ T108] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.356229][ T108] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.359029][ T108] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 659.402423][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.409002][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.424154][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 659.427033][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 659.517466][T13288] netlink: 8 bytes leftover after parsing attributes in process `syz.5.17856'. [ 659.521296][T13288] netlink: 'syz.5.17856': attribute type 1 has an invalid length. [ 659.529199][ T108] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 659.532206][ T108] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 659.535835][ T108] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 659.548133][ T108] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 659.549232][ T5712] Bluetooth: hci2: command tx timeout [ 659.740701][T13305] netlink: 20 bytes leftover after parsing attributes in process `syz.7.17880'. [ 659.778616][T13310] netlink: 'syz.8.17881': attribute type 2 has an invalid length. [ 659.789351][ T5987] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 659.875348][ T3996] usb 13-1: USB disconnect, device number 28 [ 660.029764][ T2598] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 660.612496][T13396] netlink: 20 bytes leftover after parsing attributes in process `syz.5.17909'. [ 660.758346][ T5712] Bluetooth: hci0: command tx timeout [ 660.886345][T13423] ------------[ cut here ]------------ [ 660.889794][T13423] !chanctx_conf [ 660.889803][T13423] WARNING: net/mac80211/rate.c:53 at rate_control_rate_init+0x5c5/0x730, CPU#2: syz.7.17917/13423 [ 660.899849][T13423] Modules linked in: [ 660.902021][T13423] CPU: 2 UID: 0 PID: 13423 Comm: syz.7.17917 Tainted: G L syzkaller #0 PREEMPT(full) [ 660.906848][T13423] Tainted: [L]=SOFTLOCKUP [ 660.908502][T13423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 660.913352][T13423] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 660.915849][T13423] Code: 48 8d 35 00 00 00 00 e8 29 c5 e0 f6 e8 94 14 ea f6 e9 20 fe ff ff e8 ba 7a 04 f7 90 0f 0b 90 e9 12 fe ff ff e8 ac 7a 04 f7 90 <0f> 0b 90 eb b1 e8 a1 7a 04 f7 e8 cc 1c e9 f6 31 ff 89 c3 89 c6 e8 [ 660.924681][T13423] RSP: 0018:ffffc900067871d0 EFLAGS: 00010283 [ 660.927346][T13423] RAX: 0000000000000713 RBX: ffff88806bfc8000 RCX: ffffc900274a9000 [ 660.930961][T13423] RDX: 0000000000080000 RSI: ffffffff8b039db4 RDI: ffff88804a438000 [ 660.933676][T13423] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 660.936654][T13423] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88802a710360 [ 660.940371][T13423] R13: ffff888054048e80 R14: ffff8880526c0000 R15: 0000000000000000 [ 660.943714][T13423] FS: 0000000000000000(0000) GS:ffff88809734a000(0063) knlGS:00000000f540db40 [ 660.947578][T13423] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 660.950910][T13423] CR2: 00000000f7398c00 CR3: 000000005c037000 CR4: 0000000000352ef0 [ 660.954354][T13423] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 660.957596][T13423] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 660.960620][T13423] Call Trace: [ 660.961831][T13423] [ 660.962870][T13423] rate_control_rate_init_all_links+0x76/0x1f0 [ 660.965251][T13423] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 660.967180][T13423] sta_apply_parameters+0xd2f/0x19e0 [ 660.969005][T13423] ieee80211_add_station+0x3fe/0x6d0 [ 660.972371][T13423] nl80211_new_station+0x145b/0x1dd0 [ 660.974580][T13423] ? __pfx_nl80211_new_station+0x10/0x10 [ 660.976466][T13423] ? nl80211_pre_doit+0x19a/0xae0 [ 660.978668][T13423] genl_family_rcv_msg_doit+0x214/0x300 [ 660.980698][T13423] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 660.982679][T13423] ? genl_get_cmd+0x3ef/0x720 [ 660.984246][T13423] ? bpf_lsm_capable+0x9/0x10 [ 660.985797][T13423] ? security_capable+0x80/0x260 [ 660.987426][T13423] ? ns_capable+0xd2/0xf0 [ 660.989010][T13423] genl_rcv_msg+0x560/0x800 [ 660.990627][T13423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 660.992293][T13423] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 660.994055][T13423] ? __pfx_nl80211_new_station+0x10/0x10 [ 660.995888][T13423] ? __pfx_nl80211_post_doit+0x10/0x10 [ 660.997738][T13423] netlink_rcv_skb+0x159/0x420 [ 660.999597][T13423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 661.001509][T13423] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 661.003498][T13423] ? netlink_deliver_tap+0x1ae/0xcc0 [ 661.005315][T13423] genl_rcv+0x28/0x40 [ 661.006674][T13423] netlink_unicast+0x5aa/0x870 [ 661.008540][T13423] ? __pfx_netlink_unicast+0x10/0x10 [ 661.010401][T13423] netlink_sendmsg+0x8b0/0xda0 [ 661.012384][T13423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 661.014269][T13423] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 661.016190][T13423] ____sys_sendmsg+0x9e1/0xb70 [ 661.017945][T13423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 661.020678][T13423] ? __pfx_____sys_sendmsg+0x10/0x10 [ 661.023093][T13423] ? __pfx_futex_wake_mark+0x10/0x10 [ 661.025383][T13423] ___sys_sendmsg+0x190/0x1e0 [ 661.027367][T13423] ? __pfx____sys_sendmsg+0x10/0x10 [ 661.030049][T13423] __sys_sendmsg+0x170/0x220 [ 661.032135][T13423] ? __pfx___sys_sendmsg+0x10/0x10 [ 661.034372][T13423] ? __ia32_sys_futex_time32+0x2f4/0x470 [ 661.036801][T13423] __do_fast_syscall_32+0xe3/0x8c0 [ 661.039056][T13423] do_fast_syscall_32+0x32/0x70 [ 661.041311][T13423] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 661.044093][T13423] RIP: 0023:0xf701ef6c [ 661.045592][T13423] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 661.051931][T13423] RSP: 002b:00000000f540d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 661.054728][T13423] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 661.057309][T13423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 661.060185][T13423] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 661.062792][T13423] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 661.065403][T13423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 661.068063][T13423] [ 661.069212][T13423] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 661.071663][T13423] CPU: 2 UID: 0 PID: 13423 Comm: syz.7.17917 Tainted: G L syzkaller #0 PREEMPT(full) [ 661.075301][T13423] Tainted: [L]=SOFTLOCKUP [ 661.076728][T13423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 661.080776][T13423] Call Trace: [ 661.082226][T13423] [ 661.083261][T13423] dump_stack_lvl+0x100/0x190 [ 661.084826][T13423] vpanic+0x552/0x970 [ 661.086146][T13423] ? __pfx_vpanic+0x10/0x10 [ 661.087645][T13423] panic+0xd1/0xe0 [ 661.089001][T13423] ? __pfx_panic+0x10/0x10 [ 661.090494][T13423] check_panic_on_warn.cold+0x19/0x34 [ 661.092283][T13423] ? rate_control_rate_init+0x5c5/0x730 [ 661.094120][T13423] __warn.cold+0x191/0x348 [ 661.095589][T13423] __report_bug+0x296/0x3d0 [ 661.097060][T13423] ? rate_control_rate_init+0x5c5/0x730 [ 661.099079][T13423] ? __pfx___report_bug+0x10/0x10 [ 661.100741][T13423] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 661.102951][T13423] ? ieee80211_add_station+0x56b/0x6d0 [ 661.105455][T13423] ? nl80211_new_station+0x145b/0x1dd0 [ 661.107814][T13423] ? genl_family_rcv_msg_doit+0x214/0x300 [ 661.109765][T13423] ? netlink_rcv_skb+0x159/0x420 [ 661.111367][T13423] ? netlink_unicast+0x5aa/0x870 [ 661.112974][T13423] ? netlink_sendmsg+0x8b0/0xda0 [ 661.114599][T13423] ? ____sys_sendmsg+0x9e1/0xb70 [ 661.116225][T13423] ? ___sys_sendmsg+0x190/0x1e0 [ 661.117859][T13423] ? __sys_sendmsg+0x170/0x220 [ 661.119447][T13423] ? rate_control_rate_init+0x5c5/0x730 [ 661.121255][T13423] report_bug+0xb2/0x220 [ 661.122647][T13423] ? rate_control_rate_init+0x5c5/0x730 [ 661.124479][T13423] handle_bug+0x16a/0x2a0 [ 661.125901][T13423] exc_invalid_op+0x17/0x50 [ 661.127386][T13423] asm_exc_invalid_op+0x1a/0x20 [ 661.129446][T13423] RIP: 0010:rate_control_rate_init+0x5c5/0x730 [ 661.132184][T13423] Code: 48 8d 35 00 00 00 00 e8 29 c5 e0 f6 e8 94 14 ea f6 e9 20 fe ff ff e8 ba 7a 04 f7 90 0f 0b 90 e9 12 fe ff ff e8 ac 7a 04 f7 90 <0f> 0b 90 eb b1 e8 a1 7a 04 f7 e8 cc 1c e9 f6 31 ff 89 c3 89 c6 e8 [ 661.138571][T13423] RSP: 0018:ffffc900067871d0 EFLAGS: 00010283 [ 661.140610][T13423] RAX: 0000000000000713 RBX: ffff88806bfc8000 RCX: ffffc900274a9000 [ 661.143356][T13423] RDX: 0000000000080000 RSI: ffffffff8b039db4 RDI: ffff88804a438000 [ 661.146889][T13423] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000 [ 661.150396][T13423] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88802a710360 [ 661.153964][T13423] R13: ffff888054048e80 R14: ffff8880526c0000 R15: 0000000000000000 [ 661.157459][T13423] ? rate_control_rate_init+0x5c4/0x730 [ 661.159636][T13423] rate_control_rate_init_all_links+0x76/0x1f0 [ 661.162482][T13423] sta_apply_auth_flags.isra.0+0x4aa/0x500 [ 661.165202][T13423] sta_apply_parameters+0xd2f/0x19e0 [ 661.167655][T13423] ieee80211_add_station+0x3fe/0x6d0 [ 661.170111][T13423] nl80211_new_station+0x145b/0x1dd0 [ 661.172572][T13423] ? __pfx_nl80211_new_station+0x10/0x10 [ 661.175203][T13423] ? nl80211_pre_doit+0x19a/0xae0 [ 661.177565][T13423] genl_family_rcv_msg_doit+0x214/0x300 [ 661.180163][T13423] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 661.182955][T13423] ? genl_get_cmd+0x3ef/0x720 [ 661.185161][T13423] ? bpf_lsm_capable+0x9/0x10 [ 661.187353][T13423] ? security_capable+0x80/0x260 [ 661.189658][T13423] ? ns_capable+0xd2/0xf0 [ 661.191662][T13423] genl_rcv_msg+0x560/0x800 [ 661.193800][T13423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 661.196056][T13423] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 661.198556][T13423] ? __pfx_nl80211_new_station+0x10/0x10 [ 661.201074][T13423] ? __pfx_nl80211_post_doit+0x10/0x10 [ 661.202982][T13423] netlink_rcv_skb+0x159/0x420 [ 661.205233][T13423] ? __pfx_genl_rcv_msg+0x10/0x10 [ 661.207539][T13423] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 661.209984][T13423] ? netlink_deliver_tap+0x1ae/0xcc0 [ 661.212432][T13423] genl_rcv+0x28/0x40 [ 661.214306][T13423] netlink_unicast+0x5aa/0x870 [ 661.216533][T13423] ? __pfx_netlink_unicast+0x10/0x10 [ 661.218923][T13423] netlink_sendmsg+0x8b0/0xda0 [ 661.221151][T13423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 661.223589][T13423] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 661.226190][T13423] ____sys_sendmsg+0x9e1/0xb70 [ 661.228375][T13423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 661.230694][T13423] ? __pfx_____sys_sendmsg+0x10/0x10 [ 661.232994][T13423] ? __pfx_futex_wake_mark+0x10/0x10 [ 661.235253][T13423] ___sys_sendmsg+0x190/0x1e0 [ 661.237283][T13423] ? __pfx____sys_sendmsg+0x10/0x10 [ 661.239689][T13423] __sys_sendmsg+0x170/0x220 [ 661.241845][T13423] ? __pfx___sys_sendmsg+0x10/0x10 [ 661.244217][T13423] ? __ia32_sys_futex_time32+0x2f4/0x470 [ 661.246812][T13423] __do_fast_syscall_32+0xe3/0x8c0 [ 661.249087][T13423] do_fast_syscall_32+0x32/0x70 [ 661.251195][T13423] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 661.253897][T13423] RIP: 0023:0xf701ef6c [ 661.255655][T13423] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 661.261832][T13423] RSP: 002b:00000000f540d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 661.264479][T13423] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080001080 [ 661.266976][T13423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 661.269451][T13423] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 661.271914][T13423] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 661.274394][T13423] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 661.276800][T13423] [ 661.278442][T13423] Kernel Offset: disabled [ 661.279792][T13423] Rebooting in 86400 seconds..