last executing test programs: 6m57.688752147s ago: executing program 32 (id=741): r0 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x9}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty, 0x0, 0x0, 0x1000002}}) 6m44.789943243s ago: executing program 33 (id=1162): r0 = timerfd_create(0x8, 0x80000) timerfd_settime(r0, 0x0, &(0x7f0000007000)={{0x0, 0x4}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000040)=""/52, 0x34}], 0x1) 5m16.898687523s ago: executing program 34 (id=3335): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x400448cb, 0x0) 5m11.150121032s ago: executing program 35 (id=3682): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) times(0x0) 3m57.021782177s ago: executing program 1 (id=5041): syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000010ac0544020000000000010902240001000000000904000000030002"], 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x200) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 3m55.769430517s ago: executing program 1 (id=5072): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) get_mempolicy(0x0, 0x0, 0x8, &(0x7f00004bd000/0x1000)=nil, 0x2) 3m55.534325284s ago: executing program 1 (id=5075): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000180)={0xdf, 0x0, 0x8000}) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f00000000c0)={0x1ff, 0x0, &(0x7f0000ffd000/0x2000)=nil}) 3m54.761908189s ago: executing program 1 (id=5079): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x140) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) 3m54.682609825s ago: executing program 1 (id=5080): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18) syz_emit_ethernet(0xbe, &(0x7f0000001600)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x3, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x71, 0x0, [{0x0, 0xc, "e2ffb28c599d1681fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x0, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x1, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "240011000300"/16}, {0x0, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x3, [{0x0, 0x6, "7f36c525"}]}]}}}}}}}, 0x0) 3m54.344189069s ago: executing program 1 (id=5093): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) gettid() 3m54.311926293s ago: executing program 36 (id=5093): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) gettid() 2m2.518203142s ago: executing program 8 (id=8149): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) r2 = pidfd_getfd(r1, r1, 0x0) setns(r2, 0x40000002) 2m2.449832785s ago: executing program 8 (id=8151): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) 2m2.371658495s ago: executing program 8 (id=8154): syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x7e, 0x43, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001600), 0x1, r0}, 0x38) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000340)={r0, 0xe0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x6f) 2m2.300377758s ago: executing program 8 (id=8156): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x80a0000, 0x1000, &(0x7f000027e000/0x1000)=nil, 0xd0621a0000000000, r2}) 2m2.221045478s ago: executing program 8 (id=8161): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4) lchown(&(0x7f0000000040)='./file1\x00', 0xee01, 0xee01) 2m2.150991869s ago: executing program 8 (id=8162): r0 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r0) add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, r1) keyctl$KEYCTL_MOVE(0x1e, r1, r1, r0, 0x0) 1m47.12902167s ago: executing program 37 (id=8162): r0 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r0) add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, r1) keyctl$KEYCTL_MOVE(0x1e, r1, r1, r0, 0x0) 56.382077107s ago: executing program 7 (id=9273): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) syz_usb_control_io(r1, 0x0, 0x0) 55.01475443s ago: executing program 7 (id=9296): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) lseek(r0, 0x0, 0x1) 55.014112379s ago: executing program 7 (id=9297): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20800000000, 0xb, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendmsg$802154_dgram(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000100)={0x0}, 0x7}, 0x240440c8) 55.01163632s ago: executing program 4 (id=9298): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='\x00\n\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd70008000000002000000080061000000000005003e00f5"], 0x24}, 0x1, 0x0, 0x0, 0xc081}, 0x4000) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0) 54.953339294s ago: executing program 4 (id=9299): syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e4010223010902"], 0x0) syz_open_dev$dvb_dvr(&(0x7f0000000240), 0x0, 0x100) r0 = syz_io_uring_setup(0x172, &(0x7f0000000780)={0x0, 0x4f5c, 0x10100, 0xfffffffe, 0x2a0}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x6040000, 0x0, 0x0, 0x0) 54.695051936s ago: executing program 7 (id=9303): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, 0x28e3291, 0x0) 54.612666081s ago: executing program 7 (id=9304): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd(0x8) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r0}) 54.343533294s ago: executing program 7 (id=9307): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000000c0800"], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r0 = syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70}) 54.275338084s ago: executing program 38 (id=9307): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb010018000000000000000c0800"], &(0x7f0000000080)=""/125, 0x26, 0x7d, 0x1, 0x8}, 0x28) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r0 = syz_clone(0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70}) 53.722753923s ago: executing program 4 (id=9315): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000240)={0xf, 0x0, 0x9}) 53.319901666s ago: executing program 4 (id=9320): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') 53.261148624s ago: executing program 4 (id=9321): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00aa19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e468eea3fcfcf498278a315f5b87e1c26433a8acd715f5888b2007f00000000000000000100000000000000010015d60605000053350000000034a70c2ab40c7cf5691db43a5c00000000000000f030007ce2c6f800000000000000e75a89faff01218087560cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bef5d7d617da7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf050000008600a62e96b7cb8e52cbdc2ba9d580609e31c30879d6fce424c2208af6c3784a1975fa657de38a3a32e4fd67ce446adb431d07db79241aca1dd9ba02453bbb5ee8babe1745e645f091231b986e952afdac972f342c6f184777d05d988d6edc71df0100000013a38300cabf2b554380ad215c789bef4cc574109b8df8d9a9db669557b3809d8c396d2c0361629d1822f722ec23812770d72cd00100000078a75dea785be550dbb420287e0789b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b8a0ae6fb5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fc7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff25184d4e3c6f7f623559435b2c505fb711300000000040000000000000000000000000000e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7a49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd029406000000433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671a5767014b09ddbf69b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7b49991be06b950ccd48f4e49833f3c4a02bbd06c84680549f9eb16682ecb722e8ffaca907a3eaaebfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c52108d9c0d51dc30209872ec602af42eb29d54a37be0fdfdcd74c2d859a566ee5c30677173a2592a4617ae08bec07422d52d2ba7271550a5c20e3a8d1c8c8fd3025ff00607b2249ae9a18391e01b21b36169790b8e96f7955754b6b01a75165d3573d1dec5cf1b08b6115b43203a5654cce2277eb4c02ef4817b4cb989ac178895810eff7b697f2dc9b308aa2460e3cb85cdc4833571a62bf310700000000000000cc7f923284230ada8c756096a66119d4b6b2f159585c3cf8e7bfdd619e294b1d21cd491b8cfd4a253856e485fe29c6ad177a9fb078ca905782b9ed3c30675b89a784bb8031cac0de95178a5acff029a0f0fe972df22b20afe95fba722056f94ab15f1cf605c33df627311f1b614684d77549"], &(0x7f0000000140)='GPL\x00'}, 0x48) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000001f80)=r0, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="a0be"], 0x1c}}, 0x0) 52.951019899s ago: executing program 4 (id=9330): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x4e25d4e0, 0x0, 0x1, r2}) 52.68955044s ago: executing program 39 (id=9330): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x4e25d4e0, 0x0, 0x1, r2}) 38.037501146s ago: executing program 3 (id=9619): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0xdb2, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20040800, &(0x7f0000000180)={0xa, 0x4e24, 0x8041, @ipv4={'\x00', '\xff\xff', @local}, 0x627bcafb}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}, 0x7ffffffd}], 0x1, 0x40002000, 0x0) 37.839421439s ago: executing program 3 (id=9621): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp', 0x2) sendto$inet6(r0, 0x0, 0x0, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x6}, 0x1c) shutdown(r0, 0x1) 37.772640757s ago: executing program 3 (id=9622): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180200000000ff0100000000000000008500000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000001700000095"], &(0x7f0000000480)='GPL\x00'}, 0x94) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 37.727491237s ago: executing program 3 (id=9624): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') 37.659348998s ago: executing program 3 (id=9627): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000500, 0x0, &(0x7f00000002c0)) 37.463417372s ago: executing program 3 (id=9632): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) close$binfmt(r3) 37.415986863s ago: executing program 40 (id=9632): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_GET_STATS_FD_cpu(r2, 0xaece) close$binfmt(r3) 32.265913232s ago: executing program 9 (id=9693): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x1, @broadcast, 'bridge_slave_1\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'ip_vti0\x00'}}, 0x1e) close(0x3) 32.143413127s ago: executing program 9 (id=9703): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) 32.079004385s ago: executing program 9 (id=9698): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000f00000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 32.07166238s ago: executing program 9 (id=9700): mkdirat(0xffffffffffffff9c, &(0x7f0000000800)='./file0\x00', 0x44) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1) 31.992363773s ago: executing program 9 (id=9701): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) landlock_restrict_self(r1, 0x0) bind$inet(r0, &(0x7f00000003c0)={0x2, 0x4e21, @multicast1}, 0x10) 31.713001369s ago: executing program 9 (id=9705): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000200), 0x3, r1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r1], &(0x7f0000000200), &(0x7f0000000580)=[r2], &(0x7f0000000040), 0x0, 0x1000000000000}) 31.654785901s ago: executing program 41 (id=9705): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000200), 0x3, r1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r1], &(0x7f0000000200), &(0x7f0000000580)=[r2], &(0x7f0000000040), 0x0, 0x1000000000000}) 2.692839489s ago: executing program 0 (id=10259): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="12000000010000000400000008"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.647285704s ago: executing program 0 (id=10261): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x11, r0, 0x0) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) 2.312032443s ago: executing program 2 (id=10267): r0 = memfd_create(&(0x7f00000006c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xact\xf4\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xfbF\x99V4\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xe8\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`\x01Os\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x8f\x13\xda\x95\xec\"\x95\xc5B\x9dE\xe1\xd0_b\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W\x06|\x1c\x80\xbc\x840xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0xffffffff80000019, 0x0, 0x0) 512.015022ms ago: executing program 6 (id=10291): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r1) sendmsg$NL802154_CMD_NEW_SEC_KEY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x28, r3, 0x5eae78d9c54e9d3f, 0x0, 0x27dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_KEY={0xc, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000000}, 0x2004c0c4) 507.69816ms ago: executing program 5 (id=10292): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0) chroot(&(0x7f0000000080)='./file0/../file0\x00') pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00') 431.507076ms ago: executing program 6 (id=10293): r0 = syz_open_dev$usbmon(&(0x7f0000000300), 0x7, 0x0) read$usbmon(r0, 0x0, 0x0) ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f00000001c0)) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x9) 431.157416ms ago: executing program 5 (id=10294): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x6c, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x16c}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}, @NBD_ATTR_SOCKETS={0x40, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}]}, 0x6c}}, 0x20000000) 292.342081ms ago: executing program 6 (id=10295): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5) syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_setup(0x8, &(0x7f0000000600)=0x0) io_submit(r1, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r0, 0x0}]) 212.942942ms ago: executing program 0 (id=10296): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r0, 0xda90) accept4(r0, 0x0, 0x0, 0x0) 131.754526ms ago: executing program 6 (id=10297): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newchain={0x24, 0x64, 0x214, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xf, 0x7}, {0x5, 0xfffd}, {0x6, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20008014) accept4(r1, 0x0, 0x0, 0x80800) 131.570099ms ago: executing program 6 (id=10298): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), r0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000a80)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000f80)=ANY=[@ANYBLOB="1c030000", @ANYRES16=r2, @ANYBLOB="11002bbd7000fddbdf250100000008000100", @ANYBLOB, @ANYBLOB, @ANYBLOB, @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="3801028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003"], 0x31c}, 0x1, 0x0, 0x0, 0x480d1}, 0x0) 6.31396ms ago: executing program 6 (id=10299): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x5c, r2, 0x1, 0x70bd27, 0x25dfdc03, {}, [{{0x8, 0x1, r3}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}]}}]}, 0x5c}, 0x1, 0x400000000000000}, 0x48090) 0s ago: executing program 5 (id=10300): setfsuid(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) close(r0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) read$FUSE(r0, 0x0, 0x0) 0s ago: executing program 6 (id=10302): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={0x48, r2, 0x1, 0x70bd28, 0x25dfdc00, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x56}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) kernel console output (not intermixed with test programs): T24993] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 403.662634][T24993] dvmrp1: linktype set to 804 [ 403.723952][ T2180] block nbd1: Possible stuck request ffff888027470000: control (read@0,1024B). Runtime 210 seconds [ 403.727502][ T2180] block nbd1: Possible stuck request ffff888027470200: control (read@1024,1024B). Runtime 210 seconds [ 403.730904][ T2180] block nbd1: Possible stuck request ffff888027470400: control (read@2048,1024B). Runtime 210 seconds [ 403.738457][ T2180] block nbd1: Possible stuck request ffff888027470600: control (read@3072,1024B). Runtime 210 seconds [ 403.760825][ C3] wdm_int_callback: 5 callbacks suppressed [ 403.760845][ C3] cdc_wdm 10-1:1.0: nonzero urb status received: -71 [ 403.760919][ T2293] usb 10-1: USB disconnect, device number 27 [ 403.763218][ C3] wdm_int_callback: 5 callbacks suppressed [ 403.763232][ C3] cdc_wdm 10-1:1.0: wdm_int_callback - 0 bytes [ 403.772092][ C3] cdc_wdm 10-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 403.776847][T24973] cdc_wdm 10-1:1.0: Tx URB error: -19 [ 404.129982][T25001] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8393'. [ 404.923382][ T5933] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 404.926981][ T5933] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 404.929897][ T5933] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 404.932734][ T5933] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 404.938580][ T5933] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 404.966953][T18024] bond0: (slave syz_tun): Releasing backup interface [ 405.110558][T25019] chnl_net:caif_netlink_parms(): no params data found [ 405.230741][T25019] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.233538][T25019] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.237411][T25019] bridge_slave_0: entered allmulticast mode [ 405.240414][T25019] bridge_slave_0: entered promiscuous mode [ 405.244929][T25019] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.247727][T25019] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.251020][T25019] bridge_slave_1: entered allmulticast mode [ 405.255477][T25019] bridge_slave_1: entered promiscuous mode [ 405.276495][T25019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 405.280995][T25019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.336093][T25019] team0: Port device team_slave_0 added [ 405.340767][T25019] team0: Port device team_slave_1 added [ 405.380026][T25019] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 405.382293][T25019] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 405.392211][T25019] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 405.397179][T25019] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 405.399462][T25019] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 405.413713][T25019] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 405.448116][T25019] hsr_slave_0: entered promiscuous mode [ 405.450417][T25019] hsr_slave_1: entered promiscuous mode [ 405.452516][T25019] debugfs: 'hsr0' already exists in 'hsr' [ 405.455897][T25019] Cannot create hsr debugfs directory [ 405.566336][T25019] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 405.574064][T25019] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 405.579881][T25019] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 405.585846][T25019] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 405.612739][T25019] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.615930][T25019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 405.619300][T25019] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.622322][T25019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 405.680421][T25019] 8021q: adding VLAN 0 to HW filter on device bond0 [ 405.693071][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.695930][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.703319][T25019] 8021q: adding VLAN 0 to HW filter on device team0 [ 405.715351][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.717761][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 405.725652][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.728351][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 405.745517][ T40] audit: type=1326 audit(1774157900.226:4661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25017 comm="syz.7.8402" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7fc00000 [ 405.869583][T25019] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 406.021770][T25019] veth0_vlan: entered promiscuous mode [ 406.028776][T25019] veth1_vlan: entered promiscuous mode [ 406.045907][T25019] veth0_macvtap: entered promiscuous mode [ 406.050218][T25019] veth1_macvtap: entered promiscuous mode [ 406.059591][T25019] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 406.066702][T25019] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 406.076167][ T1167] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.080715][ T1167] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.085772][ T1167] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.089756][ T1167] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.126298][ T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.129599][ T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 406.144754][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.148823][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 406.669228][T25127] IPv6: NLM_F_REPLACE set, but no existing node found! [ 406.963882][ T5933] Bluetooth: hci3: command tx timeout [ 407.010193][T25157] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8455'. [ 407.444017][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 407.747268][T25210] netlink: 20 bytes leftover after parsing attributes in process `syz.7.8481'. [ 407.767055][T25213] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8483'. [ 408.194516][T25251] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8500'. [ 408.197589][T25251] netlink: 'syz.7.8500': attribute type 30 has an invalid length. [ 408.204648][ T788] netdevsim netdevsim7 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.207151][ T788] netdevsim netdevsim7 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.207473][T25254] comedi comedi3: comedi_test: 10 microvolt, 2046 microsecond waveform attached [ 408.209701][ T788] netdevsim netdevsim7 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.209723][ T788] netdevsim netdevsim7 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 408.216650][T25251] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8500'. [ 408.220885][T25251] netlink: 'syz.7.8500': attribute type 30 has an invalid length. [ 408.513903][T17762] usb 10-1: new high-speed USB device number 28 using dummy_hcd [ 408.673827][T17762] usb 10-1: Using ep0 maxpacket: 8 [ 408.676659][T17762] usb 10-1: config index 0 descriptor too short (expected 74, got 45) [ 408.679260][T17762] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 408.684289][T17762] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 408.688456][T17762] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 408.693117][T17762] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 408.697876][T17762] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 408.702908][T17762] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 408.706802][T17762] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.920500][T17762] usb 10-1: GET_CAPABILITIES returned 0 [ 408.922331][T17762] usbtmc 10-1:16.0: can't read capabilities [ 409.043952][ T5947] Bluetooth: hci3: command tx timeout [ 409.131523][T17762] usb 10-1: USB disconnect, device number 28 [ 409.458695][ C2] vcan0: j1939_tp_rxtimer: 0xffff888060ac4400: rx timeout, send abort [ 409.463296][ C2] vcan0: j1939_xtp_rx_abort_one: 0xffff888060ac4400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 410.239214][T25327] veth0: entered promiscuous mode [ 410.242443][T25326] veth0: left promiscuous mode [ 411.058231][T25344] netlink: 'syz.7.8545': attribute type 1 has an invalid length. [ 411.060701][T25344] netlink: 16150 bytes leftover after parsing attributes in process `syz.7.8545'. [ 411.094143][T25349] kvm: user requested TSC rate below hardware speed [ 411.124108][ T5947] Bluetooth: hci3: command tx timeout [ 411.182152][T25356] netlink: 'syz.4.8550': attribute type 25 has an invalid length. [ 411.184807][T25356] netlink: 'syz.4.8550': attribute type 28 has an invalid length. [ 411.346316][T25372] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 411.348456][T25372] dvmrp1: linktype set to 804 [ 411.442221][T25375] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8557'. [ 411.750576][ T1148] Bluetooth: hci1: Frame reassembly failed (-84) [ 412.155962][T25406] kvm: user requested TSC rate below hardware speed [ 412.298839][T25419] loop8: detected capacity change from 0 to 8 [ 412.301842][T23003] Dev loop8: unable to read RDB block 8 [ 412.303799][T23003] loop8: unable to read partition table [ 412.305693][T23003] loop8: partition table beyond EOD, truncated [ 412.312667][T25419] Dev loop8: unable to read RDB block 8 [ 412.316204][T25419] loop8: unable to read partition table [ 412.318152][T25419] loop8: partition table beyond EOD, truncated [ 412.320215][T25419] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 412.418009][T25429] kvm: user requested TSC rate below hardware speed [ 412.459555][T25434] netlink: 92 bytes leftover after parsing attributes in process `syz.5.8583'. [ 412.551638][T25441] kvm: user requested TSC rate below hardware speed [ 412.807042][T25460] input: syz0 as /devices/virtual/input/input63 [ 412.932517][T25473] netlink: 'syz.5.8601': attribute type 11 has an invalid length. [ 413.022791][T25481] veth0_vlan: left promiscuous mode [ 413.213949][ T5933] Bluetooth: hci3: command tx timeout [ 413.424041][ T9] usb 10-1: new high-speed USB device number 29 using dummy_hcd [ 413.592882][T25507] netlink: 'syz.4.8617': attribute type 83 has an invalid length. [ 413.595405][ T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 413.599974][ T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.603012][ T9] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 413.607752][ T9] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 413.611211][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.618348][ T9] usb 10-1: config 0 descriptor?? [ 413.764023][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 414.052173][ T9] plantronics 0003:047F:FFFF.0010: reserved main item tag 0xd [ 414.055013][ T9] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 414.057351][ T9] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 414.059746][ T9] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 414.063267][ T9] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 414.066452][ T9] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 414.076293][ T9] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 414.148881][T25535] overlay: filesystem on ./file0 not supported as upperdir [ 414.285909][ T6001] usb 10-1: USB disconnect, device number 29 [ 415.110583][ T40] audit: type=1326 audit(1774157909.586:4662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f04f88 code=0x7ffc0000 [ 415.122457][ T40] audit: type=1326 audit(1774157909.596:4663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f04f88 code=0x7ffc0000 [ 415.144774][ T40] audit: type=1326 audit(1774157909.596:4664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 415.152113][ T40] audit: type=1326 audit(1774157909.596:4665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 415.160838][ T40] audit: type=1326 audit(1774157909.596:4666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 415.169060][ T40] audit: type=1326 audit(1774157909.596:4667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 415.176899][ T40] audit: type=1326 audit(1774157909.596:4668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 415.188815][ T40] audit: type=1326 audit(1774157909.596:4669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f04f88 code=0x7ffc0000 [ 415.203310][ T40] audit: type=1326 audit(1774157909.596:4670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 415.211979][ T40] audit: type=1326 audit(1774157909.596:4671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25601 comm="syz.7.8658" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f04f6c code=0x7ffc0000 [ 415.677880][T25640] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8675'. [ 415.681934][T25640] netlink: 'syz.7.8675': attribute type 1 has an invalid length. [ 415.731530][T25645] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8677'. [ 415.924333][T25666] 9p: Unknown uid 00000000004294967295 [ 415.925335][T25665] sctp: [Deprecated]: syz.9.8689 (pid 25665) Use of struct sctp_assoc_value in delayed_ack socket option. [ 415.925335][T25665] Use struct sctp_sack_info instead [ 416.007968][T25678] serio: Serial port ttyprintk [ 416.220942][T25696] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8702'. [ 416.240298][T25696] netlink: 8 bytes leftover after parsing attributes in process `syz.9.8702'. [ 416.243845][ T2293] usb 12-1: new high-speed USB device number 24 using dummy_hcd [ 416.404010][ T2293] usb 12-1: Using ep0 maxpacket: 8 [ 416.409908][ T2293] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.414249][ T2293] usb 12-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.417504][ T2293] usb 12-1: config 0 interface 0 has no altsetting 0 [ 416.419654][ T2293] usb 12-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 416.422510][ T2293] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.428296][ T2293] usb 12-1: config 0 descriptor?? [ 416.486483][ T1280] block nbd3: Possible stuck request ffff888027550000: control (read@0,4096B). Runtime 120 seconds [ 416.522343][T25715] netlink: 428 bytes leftover after parsing attributes in process `syz.9.8711'. [ 416.525964][T25715] netlink: 12 bytes leftover after parsing attributes in process `syz.9.8711'. [ 416.841243][ T2293] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0 [ 416.848191][ T2293] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0 [ 416.851372][ T2293] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0 [ 416.854776][ T2293] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0 [ 416.857766][ T2293] mcp2221 0003:04D8:00DD.0011: unknown main item tag 0x0 [ 416.868282][ T2293] mcp2221 0003:04D8:00DD.0011: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0 [ 417.050320][ T828] usb 12-1: USB disconnect, device number 24 [ 417.105099][ T39] usb 10-1: new high-speed USB device number 30 using dummy_hcd [ 417.256454][ T39] usb 10-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 417.259690][ T39] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.262292][ T39] usb 10-1: Product: syz [ 417.263617][ T39] usb 10-1: Manufacturer: syz [ 417.265148][ T39] usb 10-1: SerialNumber: syz [ 417.267880][ T39] usb 10-1: config 0 descriptor?? [ 417.480891][ T39] usb 10-1: USB disconnect, device number 30 [ 417.730476][T25744] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8721'. [ 417.839606][T25752] Bluetooth: hci0: expected 2 bytes, got 7 bytes [ 418.557751][T25768] netlink: 51 bytes leftover after parsing attributes in process `syz.4.8732'. [ 418.599452][T25773] netlink: 7 bytes leftover after parsing attributes in process `syz.4.8734'. [ 418.964184][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 418.965044][ T5933] Bluetooth: hci1: command 0x1003 tx timeout [ 419.843828][ T60] usb 10-1: new high-speed USB device number 31 using dummy_hcd [ 420.013820][ T60] usb 10-1: Using ep0 maxpacket: 8 [ 420.016904][ T60] usb 10-1: config index 0 descriptor too short (expected 301, got 45) [ 420.021381][ T60] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 420.025525][ T60] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 420.029565][ T60] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 420.033961][ T60] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 420.039512][ T60] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 420.043317][ T60] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.255565][ T60] usb 10-1: usb_control_msg returned -32 [ 420.258046][ T60] usbtmc 10-1:16.0: can't read capabilities [ 420.607977][T25825] usbtmc 10-1:16.0: stb usb_control_msg returned -32 [ 420.611220][ T39] usb 10-1: USB disconnect, device number 31 [ 420.617200][T25826] netlink: 'syz.9.8758': attribute type 4 has an invalid length. [ 420.620408][T25826] netlink: 240 bytes leftover after parsing attributes in process `syz.9.8758'. [ 421.373848][ T9] usb 10-1: new high-speed USB device number 32 using dummy_hcd [ 421.436005][T25830] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8760'. [ 421.442186][T25830] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8760'. [ 421.535749][ T9] usb 10-1: Using ep0 maxpacket: 8 [ 421.538684][ T9] usb 10-1: config index 0 descriptor too short (expected 301, got 45) [ 421.541530][ T9] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 421.545108][ T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 421.548200][ T9] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 421.551540][ T9] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 421.556450][ T9] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 421.559455][ T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.764064][ T5695] usb 12-1: new high-speed USB device number 25 using dummy_hcd [ 421.771827][ T9] usb 10-1: usb_control_msg returned -32 [ 421.774058][ T9] usbtmc 10-1:16.0: can't read capabilities [ 421.883987][ T10] usb 14-1: new low-speed USB device number 2 using dummy_hcd [ 421.915421][ T5695] usb 12-1: config 0 has no interfaces? [ 421.918672][ T5695] usb 12-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 421.921604][ T5695] usb 12-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 421.925248][ T5695] usb 12-1: Product: syz [ 421.926618][ T5695] usb 12-1: Manufacturer: syz [ 421.928111][ T5695] usb 12-1: SerialNumber: syz [ 421.931223][ T5695] usb 12-1: config 0 descriptor?? [ 422.036915][ T10] usb 14-1: config 168 descriptor has 1 excess byte, ignoring [ 422.040121][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 422.045324][ T10] usb 14-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 422.049706][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 422.053468][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 422.058395][ T10] usb 14-1: config 168 descriptor has 1 excess byte, ignoring [ 422.060820][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 422.064640][ T10] usb 14-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 422.068389][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 422.071973][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 422.076825][ T10] usb 14-1: config 168 descriptor has 1 excess byte, ignoring [ 422.079216][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 422.083533][ T10] usb 14-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 422.087982][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 422.092045][ T10] usb 14-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 422.099475][ T10] usb 14-1: string descriptor 0 read error: -22 [ 422.101644][ T10] usb 14-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 422.104938][ T10] usb 14-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.115319][ T10] adutux 14-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 422.126943][T25851] usbtmc 10-1:16.0: usb_control_msg returned -32 [ 422.135657][ T60] usb 10-1: USB disconnect, device number 32 [ 422.140156][ T2293] usb 12-1: USB disconnect, device number 25 [ 422.323337][ T6019] usb 14-1: USB disconnect, device number 2 [ 423.000525][T25889] /dev/nullb0: Can't open blockdev [ 423.054783][ T39] usb 12-1: new high-speed USB device number 26 using dummy_hcd [ 423.213908][ T39] usb 12-1: Using ep0 maxpacket: 16 [ 423.216886][ T39] usb 12-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 423.219964][ T39] usb 12-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 423.223009][ T39] usb 12-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 423.233872][ T39] usb 12-1: config 1 interface 0 has no altsetting 0 [ 423.237750][ T39] usb 12-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 423.240629][ T39] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.243183][ T39] usb 12-1: Product: syz [ 423.244915][ T39] usb 12-1: Manufacturer: syz [ 423.252470][ T39] usb 12-1: SerialNumber: syz [ 423.400753][T25908] netlink: 76 bytes leftover after parsing attributes in process `syz.4.8788'. [ 423.410619][T25911] netlink: 20 bytes leftover after parsing attributes in process `syz.9.8792'. [ 423.471921][ T39] usblp 12-1:1.0: usblp0: USB Unidirectional printer dev 26 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 423.678488][ T2293] usb 12-1: USB disconnect, device number 26 [ 423.883312][T25874] usblp0: removed [ 423.974498][ T39] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 424.128053][ T39] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 424.132073][ T39] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 424.137762][ T39] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 424.140653][ T39] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.145183][T25930] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 424.149955][ T39] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 424.353337][ T40] kauditd_printk_skb: 266 callbacks suppressed [ 424.353353][ T40] audit: type=1326 audit(1774157918.826:4938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25950 comm="syz.5.8807" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x0 [ 424.358134][T17762] usb 9-1: USB disconnect, device number 25 [ 424.425266][ T60] usb 14-1: new high-speed USB device number 3 using dummy_hcd [ 424.438608][T25248] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 424.603803][ T60] usb 14-1: Using ep0 maxpacket: 8 [ 424.607865][ T60] usb 14-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 424.612461][ T60] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 424.616246][ T60] usb 14-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 424.620691][ T60] usb 14-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 424.626290][ T60] usb 14-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 424.630248][ T60] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.842957][ T60] usb 14-1: GET_CAPABILITIES returned 0 [ 424.844868][ T60] usbtmc 14-1:16.0: can't read capabilities [ 425.000628][T17762] kernel read not supported for file /dsp (pid: 17762 comm: kworker/3:6) [ 425.046973][ T60] usb 14-1: USB disconnect, device number 3 [ 425.088735][T25965] hugetlbfs: syz.7.8812 (25965): Using mlock ulimits for SHM_HUGETLB is obsolete [ 425.596091][T26001] input: syz0 as /devices/virtual/input/input66 [ 426.031064][T26030] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8842'. [ 426.035638][T26030] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8842'. [ 426.256451][T26044] netlink: 'syz.9.8848': attribute type 15 has an invalid length. [ 426.259438][T26044] netlink: 48 bytes leftover after parsing attributes in process `syz.9.8848'. [ 426.422745][T26062] syzkaller1: entered promiscuous mode [ 426.424768][T26062] syzkaller1: entered allmulticast mode [ 427.117876][T26108] trusted_key: syz.9.8877 sent an empty control message without MSG_MORE. [ 427.197228][ T40] audit: type=1326 audit(1774157921.676:4939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26111 comm="syz.4.8879" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x0 [ 427.232209][T26116] netlink: 212368 bytes leftover after parsing attributes in process `syz.7.8881'. [ 427.613819][ T2293] usb 14-1: new high-speed USB device number 4 using dummy_hcd [ 427.768541][ T2293] usb 14-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 427.772984][ T2293] usb 14-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 427.780335][ T2293] usb 14-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 427.784146][ T2293] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.790248][T26130] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 427.796908][ T2293] usb 14-1: Quirk or no altset; falling back to MIDI 1.0 [ 427.999727][ T2293] usb 14-1: USB disconnect, device number 4 [ 428.049411][T26161] Invalid argument reading file caps for ./file0 [ 428.087415][T26163] syzkaller1: entered promiscuous mode [ 428.089776][T26163] syzkaller1: entered allmulticast mode [ 428.873684][T26191] erspan0: entered promiscuous mode [ 428.876891][T26191] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8912'. [ 428.893856][ T60] usb 12-1: new high-speed USB device number 27 using dummy_hcd [ 429.044588][ T60] usb 12-1: Using ep0 maxpacket: 8 [ 429.052556][ T60] usb 12-1: config 0 has an invalid interface number: 1 but max is 0 [ 429.065840][ T60] usb 12-1: config 0 has no interface number 0 [ 429.068598][ T60] usb 12-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 429.077314][ T60] usb 12-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 429.081088][ T60] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.087270][ T60] usb 12-1: config 0 descriptor?? [ 429.094259][ T60] iowarrior 12-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 429.298276][ T60] usb 12-1: USB disconnect, device number 27 [ 429.300262][ C3] iowarrior 12-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 429.492547][T26226] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 429.612750][T26236] Invalid argument reading file caps for ./file0 [ 429.647197][T26240] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8935'. [ 430.154588][T26278] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8949'. [ 430.325834][T26295] netlink: 'syz.4.8958': attribute type 9 has an invalid length. [ 430.328352][T26295] netlink: 212308 bytes leftover after parsing attributes in process `syz.4.8958'. [ 430.527411][T26312] netlink: 8 bytes leftover after parsing attributes in process `syz.7.8965'. [ 430.581146][T26323] netlink: 56 bytes leftover after parsing attributes in process `syz.9.8969'. [ 430.945116][T26348] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8979'. [ 430.948581][T26348] bridge_slave_1: left allmulticast mode [ 430.950379][T26348] bridge_slave_1: left promiscuous mode [ 430.952303][T26348] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.965224][T26348] bridge_slave_0: left allmulticast mode [ 430.967035][T26348] bridge_slave_0: left promiscuous mode [ 430.968920][T26348] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.365875][T26376] kvm: apic: phys broadcast and lowest prio [ 431.492071][T26389] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 431.742983][T26407] netlink: 15 bytes leftover after parsing attributes in process `syz.5.9006'. [ 432.425880][ T46] Bluetooth: hci1: Frame reassembly failed (-84) [ 432.988943][T26475] binder: 26474:26475 ioctl c0306201 80000540 returned -14 [ 433.023828][ T2293] usb 12-1: new high-speed USB device number 28 using dummy_hcd [ 433.198165][ T2293] usb 12-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 433.201402][ T2293] usb 12-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 433.206018][ T2293] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 433.209318][ T2293] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 433.212802][ T2293] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 433.218770][ T2293] usb 12-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 433.221810][ T2293] usb 12-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 433.224819][ T2293] usb 12-1: Product: syz [ 433.226248][ T2293] usb 12-1: Manufacturer: syz [ 433.231010][ T2293] cdc_wdm 12-1:1.0: skipping garbage [ 433.232814][ T2293] cdc_wdm 12-1:1.0: skipping garbage [ 433.235450][ T2293] cdc_wdm 12-1:1.0: cdc-wdm0: USB WDM device [ 433.237366][ T2293] cdc_wdm 12-1:1.0: Unknown control protocol [ 433.446263][ T828] usb 12-1: USB disconnect, device number 28 [ 433.764162][ T2180] block nbd1: Possible stuck request ffff888027470000: control (read@0,1024B). Runtime 240 seconds [ 433.768677][ T2180] block nbd1: Possible stuck request ffff888027470200: control (read@1024,1024B). Runtime 240 seconds [ 433.772729][ T2180] block nbd1: Possible stuck request ffff888027470400: control (read@2048,1024B). Runtime 240 seconds [ 433.776552][ T2180] block nbd1: Possible stuck request ffff888027470600: control (read@3072,1024B). Runtime 240 seconds [ 433.893813][T17762] usb 12-1: new high-speed USB device number 29 using dummy_hcd [ 434.053781][T17762] usb 12-1: Using ep0 maxpacket: 8 [ 434.056806][T17762] usb 12-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 434.060407][T17762] usb 12-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 434.063482][T17762] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 434.070354][T17762] usb 12-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 434.075240][T17762] usb 12-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 434.079045][T17762] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.100732][T17762] hub 12-1:1.0: bad descriptor, ignoring hub [ 434.102712][T17762] hub 12-1:1.0: probe with driver hub failed with error -5 [ 434.105627][T17762] cdc_wdm 12-1:1.0: skipping garbage [ 434.107354][T17762] cdc_wdm 12-1:1.0: skipping garbage [ 434.109746][T17762] cdc_wdm 12-1:1.0: cdc-wdm0: USB WDM device [ 434.111686][T17762] cdc_wdm 12-1:1.0: Unknown control protocol [ 434.146600][T26509] netlink: 32 bytes leftover after parsing attributes in process `syz.9.9053'. [ 434.483819][ T5933] Bluetooth: hci1: command 0x1003 tx timeout [ 434.487936][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 434.490815][T26521] vhci_hcd vhci_hcd.0: pdev(9) rhport(0) sockfd(3) [ 434.493000][T26521] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 434.498043][T26521] vhci_hcd vhci_hcd.0: Device attached [ 434.501147][ T828] usb 12-1: USB disconnect, device number 29 [ 434.534376][T26525] : renamed from vlan0 [ 434.743805][ T9] usb 14-1: new full-speed USB device number 5 using dummy_hcd [ 434.753805][ T2293] usb 55-1: new low-speed USB device number 2 using vhci_hcd [ 434.813884][ T60] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 434.895011][ T9] usb 14-1: config 0 has no interfaces? [ 434.896617][ T9] usb 14-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 434.899199][ T9] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.903151][ T9] usb 14-1: config 0 descriptor?? [ 434.965552][ T60] usb 9-1: Using ep0 maxpacket: 32 [ 434.968741][ T60] usb 9-1: config 0 has no interfaces? [ 434.970502][ T60] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 434.973519][ T60] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.981200][ T60] usb 9-1: config 0 descriptor?? [ 435.107770][T26522] usbip_core: unknown command [ 435.109306][T26522] vhci_hcd: unknown pdu 0 [ 435.110856][T26522] usbip_core: unknown command [ 435.114524][ T60] usb 14-1: USB disconnect, device number 5 [ 435.115547][T25248] vhci_hcd vhci_hcd.9: stop threads [ 435.118186][T25248] vhci_hcd vhci_hcd.9: release socket [ 435.121681][T25248] vhci_hcd vhci_hcd.9: disconnect device [ 435.186014][T26546] netlink: 4 bytes leftover after parsing attributes in process `syz.7.9068'. [ 435.193902][ T2293] vhci_hcd vhci_hcd.9: vhci_device speed not set [ 435.242677][T26550] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 435.514303][ T828] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None [ 435.557015][T26572] vivid-004: disconnect [ 435.559115][T26571] vivid-004: reconnect [ 435.745653][T26569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 435.749507][T26569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 435.753402][T26588] syzkaller1: entered promiscuous mode [ 435.756182][T26588] syzkaller1: entered allmulticast mode [ 437.574122][ T2293] usb 9-1: USB disconnect, device number 26 [ 440.584578][ T5344] udevd[5344]: worker [6049] /devices/virtual/block/nbd1 timeout; kill it [ 440.588343][ T5344] udevd[5344]: seq 15225 '/devices/virtual/block/nbd1' killed [ 440.591443][ T5344] udevd[5344]: worker [5942] /devices/virtual/block/nbd3 is taking a long time [ 444.648468][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.901268][T26627] netlink: 20 bytes leftover after parsing attributes in process `syz.7.9089'. [ 446.048433][T23003] udevd[23003]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 446.121137][T26640] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.9093'. [ 446.568742][ T1280] block nbd3: Possible stuck request ffff888027550000: control (read@0,4096B). Runtime 150 seconds [ 446.700221][T26661] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9102'. [ 446.718632][T26661] bond3: Invalid ad_actor_system MAC address. [ 446.721472][T26661] bond3: option ad_actor_system: invalid value (281419142266867) [ 446.737508][T26661] bond3 (unregistering): Released all slaves [ 446.808387][T26670] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 446.812955][T26670] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 447.291338][T26690] syz.5.9113: page allocation failure: order:10, mode:0x40cc0(GFP_KERNEL|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 447.305424][T26690] CPU: 3 UID: 0 PID: 26690 Comm: syz.5.9113 Tainted: G L syzkaller #0 PREEMPT(full) [ 447.305444][T26690] Tainted: [L]=SOFTLOCKUP [ 447.305448][T26690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 447.305456][T26690] Call Trace: [ 447.305460][T26690] [ 447.305465][T26690] dump_stack_lvl+0x100/0x190 [ 447.305485][T26690] warn_alloc.cold+0x95/0x1c1 [ 447.305504][T26690] ? __pfx_warn_alloc+0x10/0x10 [ 447.305522][T26690] ? psi_memstall_leave+0x19c/0x2e0 [ 447.305539][T26690] ? __pfx___might_resched+0x10/0x10 [ 447.305559][T26690] __alloc_frozen_pages_noprof+0xf36/0x2ba0 [ 447.305584][T26690] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 447.305608][T26690] ? kasan_quarantine_put+0x104/0x240 [ 447.305625][T26690] ? lockdep_hardirqs_on+0x78/0x100 [ 447.305644][T26690] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 447.305656][T26690] ? policy_nodemask+0xed/0x4f0 [ 447.305669][T26690] alloc_pages_mpol+0x1fb/0x550 [ 447.305681][T26690] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 447.305692][T26690] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 447.305708][T26690] ? raw_alloc_io_data+0x14d/0x1c0 [ 447.305720][T26690] ___kmalloc_large_node+0x104/0x150 [ 447.305735][T26690] __kmalloc_large_node_noprof+0x1c/0x70 [ 447.305749][T26690] __kmalloc_noprof+0x5be/0x850 [ 447.305768][T26690] raw_alloc_io_data+0x14d/0x1c0 [ 447.305782][T26690] raw_ioctl+0x1214/0x2b80 [ 447.305796][T26690] ? __pfx_raw_ioctl+0x10/0x10 [ 447.305811][T26690] ? __pfx_raw_ioctl+0x10/0x10 [ 447.305823][T26690] __ia32_compat_sys_ioctl+0x2cf/0x360 [ 447.305841][T26690] __do_fast_syscall_32+0xe3/0x8c0 [ 447.305860][T26690] do_fast_syscall_32+0x32/0x70 [ 447.305870][T26690] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 447.305884][T26690] RIP: 0023:0xf702ef6c [ 447.305894][T26690] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 447.305903][T26690] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036 [ 447.305914][T26690] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0085504 [ 447.305921][T26690] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 447.305927][T26690] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 447.305933][T26690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 447.305939][T26690] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 447.305952][T26690] [ 447.305956][T26690] Mem-Info: [ 447.386125][T26690] active_anon:1717 inactive_anon:2932 isolated_anon:0 [ 447.386125][T26690] active_file:6292 inactive_file:13659 isolated_file:0 [ 447.386125][T26690] unevictable:1768 dirty:501 writeback:0 [ 447.386125][T26690] slab_reclaimable:7689 slab_unreclaimable:75860 [ 447.386125][T26690] mapped:24317 shmem:1877 pagetables:2291 [ 447.386125][T26690] sec_pagetables:302 bounce:0 [ 447.386125][T26690] kernel_misc_reclaimable:0 [ 447.386125][T26690] free:59746 free_pcp:510 free_cma:0 [ 447.400383][T26690] Node 0 active_anon:228kB inactive_anon:12kB active_file:16kB inactive_file:132kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9636kB pagetables:2188kB sec_pagetables:1144kB all_unreclaimable? yes Balloon:0kB [ 447.411189][T26690] Node 1 active_anon:6564kB inactive_anon:11716kB active_file:25152kB inactive_file:54504kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:97244kB dirty:1996kB writeback:0kB shmem:3968kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6020kB pagetables:6876kB sec_pagetables:64kB all_unreclaimable? no Balloon:0kB [ 447.421149][T26690] Node 0 DMA free:2600kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 447.430956][T26690] lowmem_reserve[]: 0 285 285 285 285 [ 447.432953][T26690] Node 0 DMA32 free:27712kB boost:6144kB min:19216kB low:22484kB high:25752kB reserved_highatomic:0KB free_highatomic:0KB active_anon:304kB inactive_anon:12kB active_file:12kB inactive_file:132kB unevictable:3536kB writepending:8kB zspages:244kB present:1032196kB managed:292544kB mlocked:0kB bounce:0kB free_pcp:868kB local_pcp:8kB free_cma:0kB [ 447.443657][T26690] lowmem_reserve[]: 0 0 0 0 0 [ 447.445310][T26690] Node 1 DMA32 free:209288kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:6064kB inactive_anon:11716kB active_file:25152kB inactive_file:54504kB unevictable:3536kB writepending:1996kB zspages:5652kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:3060kB local_pcp:384kB free_cma:0kB [ 447.456058][T26690] lowmem_reserve[]: 0 0 0 0 0 [ 447.457579][T26690] Node 0 DMA: 31*4kB (UE) 24*8kB (UE) 11*16kB (UE) 8*32kB (U) 3*64kB (UE) 1*128kB (E) 0*256kB 1*512kB (E) 1*1024kB (E) 0*2048kB 0*4096kB = 2604kB [ 447.462316][T26690] Node 0 DMA32: 905*4kB (UME) 486*8kB (UME) 272*16kB (UME) 196*32kB (UME) 62*64kB (UME) 16*128kB (UME) 5*256kB (M) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 27476kB [ 447.467574][T26690] Node 1 DMA32: 5015*4kB (UME) 4519*8kB (UME) 3719*16kB (UME) 678*32kB (UME) 170*64kB (UME) 95*128kB (UME) 39*256kB (UME) 16*512kB (UM) 18*1024kB (UM) 6*2048kB (UM) 0*4096kB = 209348kB [ 447.473321][T26690] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.476566][T26690] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 447.479846][T26690] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.482925][T26690] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 447.485913][T26690] 22704 total pagecache pages [ 447.487442][T26690] 878 pages in swap cache [ 447.488827][T26690] Free swap = 99964kB [ 447.490124][T26690] Total swap = 124996kB [ 447.491413][T26690] 524155 pages RAM [ 447.492610][T26690] 0 pages HighMem/MovableOnly [ 447.494442][T26690] 210126 pages reserved [ 447.496102][T26690] 0 pages cma reserved [ 447.741711][ T40] audit: type=1326 audit(1774157942.216:4940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706ef6c code=0x0 [ 447.792808][ T40] audit: type=1326 audit(1774157942.266:4941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000 [ 447.799588][ T40] audit: type=1326 audit(1774157942.266:4942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000 [ 447.806492][ T40] audit: type=1326 audit(1774157942.276:4943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71a5cab code=0x7ffc0000 [ 447.813192][ T40] audit: type=1326 audit(1774157942.276:4944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71a5cab code=0x7ffc0000 [ 447.820491][ T40] audit: type=1326 audit(1774157942.276:4945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71a5cab code=0x7ffc0000 [ 447.827347][ T40] audit: type=1326 audit(1774157942.276:4946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71a5cab code=0x7ffc0000 [ 447.834816][ T40] audit: type=1326 audit(1774157942.276:4947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71a5cab code=0x7ffc0000 [ 447.842257][ T40] audit: type=1326 audit(1774157942.276:4948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71a5cab code=0x7ffc0000 [ 447.849133][ T40] audit: type=1326 audit(1774157942.276:4949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26735 comm="syz.4.9132" exe="/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf71a5cab code=0x7ffc0000 [ 448.443363][T26767] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 448.809230][T26792] bond2: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 448.815856][T26792] bond2 (unregistering): Released all slaves [ 450.209442][T26848] A link change request failed with some changes committed already. Interface pimreg0 may have been left with an inconsistent configuration, please check. [ 450.243413][T26856] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9184'. [ 450.248420][T26856] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9184'. [ 450.513814][ T5695] usb 10-1: new high-speed USB device number 33 using dummy_hcd [ 450.675197][ T5695] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 450.678975][ T5695] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 450.682136][ T5695] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 450.687103][ T5695] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 450.690157][ T5695] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.696386][ T5695] usb 10-1: config 0 descriptor?? [ 451.107244][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.109779][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.112282][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.115131][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.117593][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.120075][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.122543][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.125701][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.128217][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.130697][ T5695] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 451.138957][ T5695] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 451.199240][T26873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9198'. [ 451.360528][T26881] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input67 [ 451.372560][ T5695] usb 10-1: USB disconnect, device number 33 [ 451.587060][ T9] usb 12-1: new high-speed USB device number 30 using dummy_hcd [ 451.683096][T26894] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 451.735327][ T9] usb 12-1: config 0 has an invalid interface number: 50 but max is 0 [ 451.737921][ T9] usb 12-1: config 0 has no interface number 0 [ 451.739888][ T9] usb 12-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 451.745047][ T9] usb 12-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 451.747912][ T9] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.750437][ T9] usb 12-1: Product: syz [ 451.751788][ T9] usb 12-1: Manufacturer: syz [ 451.753290][ T9] usb 12-1: SerialNumber: syz [ 451.757250][ T9] usb 12-1: config 0 descriptor?? [ 451.761546][ T9] yurex 12-1:0.50: USB YUREX device now attached to Yurex #0 [ 452.017880][ C0] usb 12-1: yurex_control_callback - control failed: -71 [ 452.018033][ T7775] usb 12-1: USB disconnect, device number 30 [ 452.024173][ T7775] yurex 12-1:0.50: USB YUREX #0 now disconnected [ 452.091411][T26915] netlink: 'syz.5.9211': attribute type 1 has an invalid length. [ 452.585799][T25248] Bluetooth: hci5: Frame reassembly failed (-84) [ 453.018687][T26961] pim6reg: entered allmulticast mode [ 453.024057][T26961] pim6reg: left allmulticast mode [ 453.613918][ T5947] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 453.614416][ T5294] Bluetooth: hci1: command 0x1003 tx timeout [ 453.713366][T26990] C: left promiscuous mode [ 453.716242][T26990] team_slave_1: left promiscuous mode [ 453.748205][T26990] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 453.754791][T26990] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 453.816532][T26990] bond2: left promiscuous mode [ 453.820961][T26990] veth1_vlan: left allmulticast mode [ 453.823296][T26990] macvtap1: left promiscuous mode [ 453.831657][T25248] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.834766][T25248] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.837734][T25248] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.841089][T25248] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.873913][T17762] usb 12-1: new high-speed USB device number 31 using dummy_hcd [ 454.034030][T17762] usb 12-1: Using ep0 maxpacket: 8 [ 454.037694][T17762] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 454.040743][T17762] usb 12-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 454.047069][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 454.051687][T17762] usb 12-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 454.056665][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 454.061305][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 454.067143][T17762] usb 12-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 454.072680][T17762] usb 12-1: config 168 interface 0 has no altsetting 0 [ 454.076876][T17762] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 454.079250][T17762] usb 12-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 454.083075][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 454.088326][T17762] usb 12-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 454.093228][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 454.097037][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 454.101180][T17762] usb 12-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 454.105918][T17762] usb 12-1: config 168 interface 0 has no altsetting 0 [ 454.108811][T17762] usb 12-1: config 168 descriptor has 1 excess byte, ignoring [ 454.111128][T17762] usb 12-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 454.115559][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 454.119103][T17762] usb 12-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 454.123176][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 454.127090][T17762] usb 12-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 454.130634][T17762] usb 12-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 454.135421][T17762] usb 12-1: config 168 interface 0 has no altsetting 0 [ 454.140164][T17762] usb 12-1: string descriptor 0 read error: -22 [ 454.142570][T17762] usb 12-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 454.146605][T17762] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.156842][T17762] adutux 12-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 454.243948][ T40] kauditd_printk_skb: 523 callbacks suppressed [ 454.243964][ T40] audit: type=1326 audit(1774157948.726:5473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26975 comm="syz.5.9239" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7fc00000 [ 454.467613][T17762] usb 12-1: USB disconnect, device number 31 [ 454.643846][ T5947] Bluetooth: hci5: command 0x1003 tx timeout [ 454.644304][ T5933] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 455.174031][ T5695] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 455.336874][ T5695] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 455.340523][ T5695] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 455.344081][ T5695] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 455.347583][ T5695] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 455.351716][ T5695] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 455.363787][ T5695] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.368019][ T5695] usb 9-1: config 0 descriptor?? [ 455.784183][ T5695] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 455.953985][ T5695] usb 12-1: new high-speed USB device number 32 using dummy_hcd [ 455.973825][ T7766] usb 10-1: new high-speed USB device number 34 using dummy_hcd [ 456.018595][T27070] netlink: 'syz.9.9281': attribute type 11 has an invalid length. [ 456.037035][ T9] usb 9-1: USB disconnect, device number 27 [ 456.070117][T17762] IPVS: starting estimator thread 0... [ 456.103809][ T5695] usb 12-1: Using ep0 maxpacket: 8 [ 456.109704][ T5695] usb 12-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 456.115583][ T5695] usb 12-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.118881][ T5695] usb 12-1: Product: syz [ 456.120647][ T5695] usb 12-1: Manufacturer: syz [ 456.122635][ T5695] usb 12-1: SerialNumber: syz [ 456.130617][ T5695] usb 12-1: config 0 descriptor?? [ 456.134060][ T7766] usb 10-1: Using ep0 maxpacket: 8 [ 456.137219][ T7766] usb 10-1: config 0 has an invalid interface number: 1 but max is 0 [ 456.139878][ T7766] usb 10-1: config 0 has no interface number 0 [ 456.142077][ T7766] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 456.145623][ T7766] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 456.148562][ T7766] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.152788][ T7766] usb 10-1: config 0 descriptor?? [ 456.154637][T27073] IPVS: using max 25 ests per chain, 60000 per kthread [ 456.159266][ T7766] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 456.335330][ T5695] usb 12-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 456.341429][ T5695] dvb_usb_rtl28xxu 12-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 456.346146][ T5695] usb 12-1: USB disconnect, device number 32 [ 456.863310][T27104] batadv_slave_0: entered promiscuous mode [ 456.867790][T27103] batadv_slave_0: left promiscuous mode [ 456.921487][T27109] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9298'. [ 457.213842][T14762] usb 9-1: new full-speed USB device number 28 using dummy_hcd [ 457.375406][T14762] usb 9-1: config 0 has no interfaces? [ 457.377469][ T9] usb 10-1: USB disconnect, device number 34 [ 457.379765][T14762] usb 9-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 457.379780][T14762] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 457.379790][T14762] usb 9-1: Product: syz [ 457.386932][T14762] usb 9-1: Manufacturer: syz [ 457.388410][T14762] usb 9-1: SerialNumber: syz [ 457.391808][T14762] usb 9-1: config 0 descriptor?? [ 457.528792][ T1148] netdevsim netdevsim7 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.533308][ T1148] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.611359][T14762] usb 9-1: USB disconnect, device number 28 [ 457.644270][ T1148] netdevsim netdevsim7 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.648266][ T1148] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.709609][ T5947] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 457.715048][ T5947] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 457.715196][ T1148] netdevsim netdevsim7 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.719796][ T5947] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 457.720402][ T1148] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.725414][ T5947] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 457.728722][ T5947] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 457.807230][ T1148] netdevsim netdevsim7 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 457.810660][ T1148] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.851049][T27131] chnl_net:caif_netlink_parms(): no params data found [ 457.892287][T27131] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.895812][T27131] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.898452][T27131] bridge_slave_0: entered allmulticast mode [ 457.901070][T27131] bridge_slave_0: entered promiscuous mode [ 457.904503][T27131] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.908596][T27131] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.911734][T27131] bridge_slave_1: entered allmulticast mode [ 457.915714][T27131] bridge_slave_1: entered promiscuous mode [ 457.932031][T27131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 457.936791][T27131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 457.952728][T27131] team0: Port device team_slave_0 added [ 457.957738][T27131] team0: Port device team_slave_1 added [ 457.971008][T27131] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 457.973206][T27131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 457.982497][T27131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 458.006776][T27131] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 458.009010][T27131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 458.018439][T27131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 458.066366][ T1148] bridge_slave_1: left allmulticast mode [ 458.068827][ T1148] bridge_slave_1: left promiscuous mode [ 458.071345][ T1148] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.565158][ T1148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 458.570209][ T1148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 458.577314][ T1148] bond0 (unregistering): Released all slaves [ 458.623350][T27131] hsr_slave_0: entered promiscuous mode [ 458.626787][T27131] hsr_slave_1: entered promiscuous mode [ 458.629593][T27131] debugfs: 'hsr0' already exists in 'hsr' [ 458.632098][T27131] Cannot create hsr debugfs directory [ 459.251514][T27191] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9333'. [ 459.273307][ T70] Bluetooth: hci2: Frame reassembly failed (-84) [ 459.291530][ T5294] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 459.300263][ T5294] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 459.304800][ T5294] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 459.327629][ T5294] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 459.335238][ T5294] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 459.550001][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 459.553180][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.558368][ T1148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 459.562145][ T1148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 459.571020][ T1148] hsr0: left allmulticast mode [ 459.573440][ T1148] veth1_to_batadv: left promiscuous mode [ 459.579266][ T1148] team_slave_0: left promiscuous mode [ 459.582552][ T1148] team_slave_1: left promiscuous mode [ 459.588331][ T1148] veth1_macvtap: left promiscuous mode [ 459.590466][ T1148] veth0_macvtap: left promiscuous mode [ 459.592576][ T1148] veth1_vlan: left promiscuous mode [ 459.594680][ T1148] veth0_vlan: left promiscuous mode [ 459.763906][ T5941] Bluetooth: hci1: command tx timeout [ 459.819059][ T1148] team0 (unregistering): Port device team_slave_1 removed [ 459.830131][ T1148] team0 (unregistering): Port device team_slave_0 removed [ 459.994032][T27193] chnl_net:caif_netlink_parms(): no params data found [ 460.047952][T27193] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.050464][T27193] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.053044][T27193] bridge_slave_0: entered allmulticast mode [ 460.055987][T27193] bridge_slave_0: entered promiscuous mode [ 460.059514][T27193] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.061873][T27193] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.064746][T27193] bridge_slave_1: entered allmulticast mode [ 460.067850][T27193] bridge_slave_1: entered promiscuous mode [ 460.088048][T27193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.092776][T27193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.109332][T27193] team0: Port device team_slave_0 added [ 460.112738][T27193] team0: Port device team_slave_1 added [ 460.126908][T27222] gre0: entered promiscuous mode [ 460.128858][T27222] gre0: entered allmulticast mode [ 460.132695][T27193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.135216][T27193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 460.143299][T27193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.149515][T27193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 460.152253][T27193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 460.166231][T27193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 460.190583][T27193] hsr_slave_0: entered promiscuous mode [ 460.193024][T27193] hsr_slave_1: entered promiscuous mode [ 460.195563][T27193] debugfs: 'hsr0' already exists in 'hsr' [ 460.197507][T27193] Cannot create hsr debugfs directory [ 460.369266][ T1148] IPVS: stop unused estimator thread 0... [ 461.106588][T27274] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9346'. [ 461.110098][T27274] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9346'. [ 461.132879][T27193] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 461.143294][T27277] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9347'. [ 461.145501][T27193] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 461.152632][T27193] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 461.190042][T27193] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 461.232136][T27131] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 461.236939][T27131] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 461.250319][T27131] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 461.257215][T27131] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 461.284209][ T5947] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 461.340782][T27193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.361938][T27193] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.371776][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.374214][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.385340][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.387680][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.392705][T27131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.411626][T27131] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.425297][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.427639][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.441985][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.444385][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.448327][ T5941] Bluetooth: hci4: command tx timeout [ 461.452944][T27193] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 461.589976][T27193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.619025][T27131] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.675711][T27193] veth0_vlan: entered promiscuous mode [ 461.679564][T27131] veth0_vlan: entered promiscuous mode [ 461.686144][T27193] veth1_vlan: entered promiscuous mode [ 461.690810][T27131] veth1_vlan: entered promiscuous mode [ 461.721081][T27131] veth0_macvtap: entered promiscuous mode [ 461.727552][T27131] veth1_macvtap: entered promiscuous mode [ 461.773459][T27131] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.778226][T27193] veth0_macvtap: entered promiscuous mode [ 461.794613][T27131] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.811066][T27193] veth1_macvtap: entered promiscuous mode [ 461.820034][ T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.822819][ T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.844342][ T5941] Bluetooth: hci1: command tx timeout [ 461.866430][ T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.870798][T27193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.878251][T27193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.900445][ T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.913546][ T46] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.925622][ T46] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.944032][ T46] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.949730][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.952228][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.970172][T25248] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.985339][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.988284][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.001939][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.005569][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.028643][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.032001][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.207890][T27369] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9361'. [ 462.211463][T27369] netlink: 'syz.5.9361': attribute type 20 has an invalid length. [ 462.214781][T27369] netlink: 'syz.5.9361': attribute type 21 has an invalid length. [ 462.255980][ T40] audit: type=1326 audit(1774157956.736:5474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000 [ 462.273905][ T40] audit: type=1326 audit(1774157956.736:5475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000 [ 462.282372][ T40] audit: type=1326 audit(1774157956.736:5476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000 [ 462.291539][ T40] audit: type=1326 audit(1774157956.736:5477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 462.300366][ T40] audit: type=1326 audit(1774157956.736:5478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000 [ 462.308586][ T40] audit: type=1326 audit(1774157956.736:5479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 462.316811][ T40] audit: type=1326 audit(1774157956.736:5480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef6c code=0x7ffc0000 [ 462.324883][ T40] audit: type=1326 audit(1774157956.736:5481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 462.333584][ T40] audit: type=1326 audit(1774157956.736:5482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 462.342430][ T40] audit: type=1326 audit(1774157956.736:5483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27372 comm="syz.5.9363" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 462.486235][T27388] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9365'. [ 462.603535][ T1324] kernel read not supported for file /swradio6 (pid: 1324 comm: kworker/0:2) [ 462.917499][T27437] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9381'. [ 463.091195][T27458] serio: Serial port ptm0 [ 463.523910][ T5941] Bluetooth: hci4: command tx timeout [ 463.706568][T27520] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 463.759108][T27524] input: syz1 as /devices/virtual/input/input68 [ 463.761158][T27524] input: failed to attach handler leds to device input68, error: -6 [ 463.865728][ T5342] block nbd1: Possible stuck request ffff888027470000: control (read@0,1024B). Runtime 270 seconds [ 463.869174][ T5342] block nbd1: Possible stuck request ffff888027470200: control (read@1024,1024B). Runtime 270 seconds [ 463.872567][ T5342] block nbd1: Possible stuck request ffff888027470400: control (read@2048,1024B). Runtime 270 seconds [ 463.877788][ T5342] block nbd1: Possible stuck request ffff888027470600: control (read@3072,1024B). Runtime 270 seconds [ 463.923856][ T5941] Bluetooth: hci1: command tx timeout [ 464.214331][T27567] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 465.019770][T27600] syzkaller1: entered promiscuous mode [ 465.021568][T27600] syzkaller1: entered allmulticast mode [ 465.603931][ T5941] Bluetooth: hci4: command tx timeout [ 466.003835][ T5941] Bluetooth: hci1: command tx timeout [ 466.437578][T27690] sch_tbf: peakrate 4371928080232180342 is lower than or equals to rate 17839573476630410903 ! [ 467.389987][T27723] rtc_cmos 00:05: Alarms can be up to one day in the future [ 467.400370][T27722] rtc_cmos 00:05: Alarms can be up to one day in the future [ 467.652177][T27738] pim6reg: entered allmulticast mode [ 467.658792][T27738] pim6reg: left allmulticast mode [ 467.704102][ T5941] Bluetooth: hci4: command tx timeout [ 467.720297][T27742] could not open pipe file descriptor [ 467.901358][ T7775] rtc_cmos 00:05: Alarms can be up to one day in the future [ 467.905070][ T7775] rtc_cmos 00:05: Alarms can be up to one day in the future [ 467.908341][ T7775] rtc_cmos 00:05: Alarms can be up to one day in the future [ 467.911437][ T7775] rtc_cmos 00:05: Alarms can be up to one day in the future [ 467.915459][ T7775] rtc rtc0: __rtc_set_alarm: err=-22 [ 468.016329][ T40] kauditd_printk_skb: 284 callbacks suppressed [ 468.016340][ T40] audit: type=1326 audit(1774157962.496:5768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.034040][ T40] audit: type=1326 audit(1774157962.516:5769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.043853][ T40] audit: type=1326 audit(1774157962.516:5770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.050524][ T40] audit: type=1326 audit(1774157962.516:5771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.073774][ T40] audit: type=1326 audit(1774157962.516:5772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.080502][ T40] audit: type=1326 audit(1774157962.516:5773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.093781][ T40] audit: type=1326 audit(1774157962.516:5774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.100458][ T40] audit: type=1326 audit(1774157962.516:5775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.113932][ T40] audit: type=1326 audit(1774157962.516:5776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.120781][ T40] audit: type=1326 audit(1774157962.516:5777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27745 comm="syz.3.9495" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf701ef88 code=0x7ffc0000 [ 468.255048][T27755] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input69 [ 468.339328][T27760] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 468.341440][T27760] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 468.345268][T27760] vhci_hcd vhci_hcd.0: Device attached [ 468.603833][ T60] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 468.610657][ T5343] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 468.722498][T27781] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 468.785613][ T5343] usb 5-1: config 0 has no interfaces? [ 468.788135][ T5343] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 468.792109][ T5343] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.810429][ T5343] usb 5-1: config 0 descriptor?? [ 468.967696][T27800] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.9515'. [ 469.030558][ T5343] usb 5-1: USB disconnect, device number 3 [ 469.033219][T27761] usbip_core: unknown command [ 469.043765][T27761] vhci_hcd: unknown pdu 0 [ 469.045104][T27761] usbip_core: unknown command [ 469.048042][ T1167] vhci_hcd vhci_hcd.0: stop threads [ 469.049690][ T1167] vhci_hcd vhci_hcd.0: release socket [ 469.051395][ T1167] vhci_hcd vhci_hcd.0: disconnect device [ 469.093833][ T60] vhci_hcd vhci_hcd.0: vhci_device speed not set [ 469.383287][T27819] bridge0: port 2(bridge_slave_1) entered disabled state [ 469.386248][T27819] bridge0: port 1(bridge_slave_0) entered disabled state [ 469.472472][T27819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 469.477998][T27819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.504097][ T10] usb 10-1: new high-speed USB device number 35 using dummy_hcd [ 469.582126][ T1167] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.585589][ T1167] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.589059][ T1167] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.591859][ T1167] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.653971][ T10] usb 10-1: Using ep0 maxpacket: 8 [ 469.657104][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 469.660891][ T10] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 469.663951][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.671284][ T10] usb 10-1: config 0 descriptor?? [ 469.710798][T27830] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9528'. [ 469.904218][ T10] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 469.945319][T27848] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 470.047084][T27860] netlink: 212336 bytes leftover after parsing attributes in process `syz.0.9541'. [ 470.307278][ T6019] usb 10-1: USB disconnect, device number 35 [ 470.663655][T27903] netlink: 'syz.0.9557': attribute type 11 has an invalid length. [ 470.667141][T27903] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9557'. [ 470.708597][T27910] input: syz0 as /devices/virtual/input/input70 [ 470.958924][T27931] netlink: 41 bytes leftover after parsing attributes in process `syz.5.9570'. [ 470.961936][T27931] netlink: 140 bytes leftover after parsing attributes in process `syz.5.9570'. [ 470.965620][T27931] netlink: 41 bytes leftover after parsing attributes in process `syz.5.9570'. [ 471.000866][T27934] syzkaller1: entered promiscuous mode [ 471.002690][T27934] syzkaller1: entered allmulticast mode [ 471.016071][T27936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9572'. [ 471.924244][ T1324] usb 14-1: new low-speed USB device number 6 using dummy_hcd [ 471.983798][ T5695] usb 10-1: new high-speed USB device number 36 using dummy_hcd [ 472.075028][ T1324] usb 14-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 472.078228][ T1324] usb 14-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 472.081158][ T1324] usb 14-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30062, setting to 8 [ 472.084884][ T1324] usb 14-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 472.087740][ T1324] usb 14-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.092540][T27972] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 472.095836][ T1324] hub 14-1:1.0: bad descriptor, ignoring hub [ 472.097748][ T1324] hub 14-1:1.0: probe with driver hub failed with error -5 [ 472.100210][ T1324] cdc_wdm 14-1:1.0: skipping garbage [ 472.102111][ T1324] cdc_wdm 14-1:1.0: skipping garbage [ 472.106238][ T1324] cdc_wdm 14-1:1.0: cdc-wdm0: USB WDM device [ 472.108162][ T1324] cdc_wdm 14-1:1.0: Unknown control protocol [ 472.155066][ T5695] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 472.158844][ T5695] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 472.161908][ T5695] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 472.165091][ T5695] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.169966][T27974] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 472.174507][ T5695] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 472.243828][ T5941] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 472.389691][ T5695] usb 10-1: USB disconnect, device number 36 [ 472.696644][T28005] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9603'. [ 472.885603][T27972] usb 14-1: reset low-speed USB device number 6 using dummy_hcd [ 473.208022][T27985] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 473.524341][ T5695] usb 14-1: USB disconnect, device number 6 [ 474.551442][ T5947] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 474.555234][ T5947] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 474.558207][ T5947] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 474.562299][ T5947] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 474.567350][ T5947] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 474.716755][T28071] chnl_net:caif_netlink_parms(): no params data found [ 474.774215][T28071] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.778348][T28071] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.781172][T28071] bridge_slave_0: entered allmulticast mode [ 474.784883][T28071] bridge_slave_0: entered promiscuous mode [ 474.789064][T28071] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.791981][T28071] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.795102][T28071] bridge_slave_1: entered allmulticast mode [ 474.797983][T28071] bridge_slave_1: entered promiscuous mode [ 474.829061][T28071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 474.835421][T28071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 474.880764][T28071] team0: Port device team_slave_0 added [ 474.885721][T28071] team0: Port device team_slave_1 added [ 474.894013][ T1167] bridge_slave_1: left allmulticast mode [ 474.896474][ T1167] bridge_slave_1: left promiscuous mode [ 474.899081][ T1167] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.910978][ T1167] bridge_slave_0: left allmulticast mode [ 474.913441][ T1167] bridge_slave_0: left promiscuous mode [ 474.916585][ T1167] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.058301][ T1167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 475.062341][ T1167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 475.065779][ T1167] bond0 (unregistering): Released all slaves [ 475.078153][T28071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 475.080378][T28071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 475.088509][T28071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 475.094328][T28071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 475.096529][T28071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 475.104753][T28071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 475.135278][T28071] hsr_slave_0: entered promiscuous mode [ 475.137632][T28071] hsr_slave_1: entered promiscuous mode [ 475.140637][T28071] debugfs: 'hsr0' already exists in 'hsr' [ 475.143066][T28071] Cannot create hsr debugfs directory [ 475.165364][T28093] netlink: 4 bytes leftover after parsing attributes in process `syz.9.9641'. [ 475.517250][ T1167] hsr_slave_0: left promiscuous mode [ 475.519391][ T1167] hsr_slave_1: left promiscuous mode [ 475.521383][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 475.524278][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 475.613705][ T1167] team0 (unregistering): Port device team_slave_1 removed [ 475.620342][ T1167] team0 (unregistering): Port device team_slave_0 removed [ 476.644213][ T5947] Bluetooth: hci2: command tx timeout [ 476.648040][ T1280] block nbd3: Possible stuck request ffff888027550000: control (read@0,4096B). Runtime 180 seconds [ 477.031937][T28071] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 477.044750][T28071] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 477.048920][T28071] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 477.052940][T28071] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 477.096953][T28071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 477.106519][T28071] 8021q: adding VLAN 0 to HW filter on device team0 [ 477.121227][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.124187][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 477.135815][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.138843][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 477.252446][T28071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 477.281020][T28071] veth0_vlan: entered promiscuous mode [ 477.287924][T28071] veth1_vlan: entered promiscuous mode [ 477.302506][T28071] veth0_macvtap: entered promiscuous mode [ 477.307001][T28071] veth1_macvtap: entered promiscuous mode [ 477.315206][T28071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 477.320748][T28071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 477.333443][ T70] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.338122][ T70] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.342838][ T70] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.350789][ T70] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.397141][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.399636][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 477.421637][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.424923][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 477.483902][T14638] hid_parser_main: 20 callbacks suppressed [ 477.483915][T14638] hid-generic 0000:0000:0000.0014: unknown main item tag 0x0 [ 477.494921][T14638] hid-generic 0000:0000:0000.0014: hidraw1: HID v0.00 Device [syz1] on syz0 [ 477.500122][T28224] netlink: 212916 bytes leftover after parsing attributes in process `syz.5.9655'. [ 477.777508][ T5947] Bluetooth: hci2: hcon ffff888014058000 sent 1 < count 24576 [ 477.788589][ T5947] Bluetooth: hci2: hcon ffff888014058000 sent 0 < count 64 [ 478.724048][ T5947] Bluetooth: hci2: command tx timeout [ 479.863373][T28366] binder: 28365:28366 ioctl c0306201 80000640 returned -14 [ 480.165190][ T1140] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.301381][ T1140] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.335670][ T5941] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 480.339789][ T5941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 480.344463][ T5941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 480.348147][ T5941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 480.358962][ T5941] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 480.365186][ T1140] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.463897][ T1140] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.501044][T28377] chnl_net:caif_netlink_parms(): no params data found [ 480.614090][T28377] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.616339][T28377] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.621223][T28377] bridge_slave_0: entered allmulticast mode [ 480.624678][T28377] bridge_slave_0: entered promiscuous mode [ 480.641109][T28377] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.643495][T28377] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.650190][T28377] bridge_slave_1: entered allmulticast mode [ 480.654691][T28377] bridge_slave_1: entered promiscuous mode [ 480.773121][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 480.782463][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 480.792658][ T1140] bond0 (unregistering): Released all slaves [ 480.800521][T28377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 480.803561][T28388] netlink: 212916 bytes leftover after parsing attributes in process `syz.0.9706'. [ 480.806618][ T5941] Bluetooth: hci2: command tx timeout [ 480.839952][T28377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 480.861188][T28377] team0: Port device team_slave_0 added [ 480.866227][T28377] team0: Port device team_slave_1 added [ 480.879892][T28377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 480.882160][T28377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 480.890704][T28377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 480.903964][T28377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 480.906943][T28377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 480.916120][T28392] netlink: 16 bytes leftover after parsing attributes in process `syz.5.9708'. [ 480.920661][T28377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 480.991987][T28377] hsr_slave_0: entered promiscuous mode [ 480.997856][T28377] hsr_slave_1: entered promiscuous mode [ 481.000768][T28377] debugfs: 'hsr0' already exists in 'hsr' [ 481.003164][T28377] Cannot create hsr debugfs directory [ 481.239729][ T1140] hsr_slave_0: left promiscuous mode [ 481.252853][ T1140] hsr_slave_1: left promiscuous mode [ 481.259506][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 481.262967][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 481.269540][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 481.271912][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 481.288222][ T1140] veth1_macvtap: left promiscuous mode [ 481.290014][ T1140] veth0_macvtap: left promiscuous mode [ 481.291675][ T1140] veth1_vlan: left promiscuous mode [ 481.293401][ T1140] veth0_vlan: left promiscuous mode [ 481.416948][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 481.425883][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 481.974533][ T1140] IPVS: stop unused estimator thread 0... [ 482.413859][ T5941] Bluetooth: hci3: command tx timeout [ 482.478399][T28377] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 482.482764][T28377] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 482.488933][T28377] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 482.493824][T28377] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 482.549892][T28377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 482.560347][T28377] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.569688][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.572736][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 482.579879][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.582095][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.714731][T28377] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 482.897418][ T5941] Bluetooth: hci2: command tx timeout [ 482.940209][T28377] veth0_vlan: entered promiscuous mode [ 482.946702][T28377] veth1_vlan: entered promiscuous mode [ 482.976805][T28377] veth0_macvtap: entered promiscuous mode [ 482.986149][T28377] veth1_macvtap: entered promiscuous mode [ 483.008012][T28377] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 483.015767][T28377] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 483.032366][ T1167] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.035848][T23003] sr 2:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive. [ 483.044443][ T1167] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.052449][ T1167] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.088668][ T1167] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.125832][T28527] syzkaller1: entered promiscuous mode [ 483.127578][T28527] syzkaller1: entered allmulticast mode [ 483.170638][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.173320][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.192990][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.197618][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.395838][T28559] syzkaller1: entered promiscuous mode [ 483.397624][T28559] syzkaller1: entered allmulticast mode [ 483.965630][T28577] syzkaller1: entered promiscuous mode [ 483.967409][T28577] syzkaller1: entered allmulticast mode [ 484.494303][ T5941] Bluetooth: hci3: command tx timeout [ 485.144741][ T40] kauditd_printk_skb: 800 callbacks suppressed [ 485.144753][ T40] audit: type=1326 audit(1774157979.626:6578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.153286][ T40] audit: type=1326 audit(1774157979.626:6579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.161736][ T40] audit: type=1326 audit(1774157979.626:6580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.173795][ T40] audit: type=1326 audit(1774157979.626:6581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.180369][ T40] audit: type=1326 audit(1774157979.626:6582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.188721][ T40] audit: type=1326 audit(1774157979.626:6583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.195683][ T40] audit: type=1326 audit(1774157979.626:6584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.202511][ T40] audit: type=1326 audit(1774157979.626:6585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.209638][ T40] audit: type=1326 audit(1774157979.626:6586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.216729][ T40] audit: type=1326 audit(1774157979.626:6587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28646 comm="syz.5.9768" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf702ef88 code=0x7ffc0000 [ 485.972284][T28663] netlink: 'syz.2.9775': attribute type 2 has an invalid length. [ 486.574042][ T5941] Bluetooth: hci3: command tx timeout [ 488.110487][T28740] Bluetooth: hci0: load_link_keys: too big key_count value 53767 [ 488.644184][ T5941] Bluetooth: hci3: command tx timeout [ 488.724403][T28776] netlink: 'syz.6.9826': attribute type 10 has an invalid length. [ 488.794743][T28780] vcan0: tx address claim with different name [ 489.001835][T28799] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9832'. [ 489.107264][T28812] overlayfs: invalid origin (000000790066696c6530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 489.730341][T28869] netlink: 20 bytes leftover after parsing attributes in process `syz.6.9856'. [ 490.166321][T28896] netlink: 'syz.5.9867': attribute type 10 has an invalid length. [ 490.440166][T28912] netlink: 8 bytes leftover after parsing attributes in process `syz.5.9873'. [ 490.484448][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 490.489348][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 490.532852][T28917] all (unregistering): Released all slaves [ 491.670444][T28950] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 491.745997][T28954] netlink: 'syz.2.9891': attribute type 4 has an invalid length. [ 492.088010][T28980] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.9903'. [ 492.202466][T28996] syzkaller1: entered promiscuous mode [ 492.205582][T28996] syzkaller1: entered allmulticast mode [ 492.396364][T29010] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9917'. [ 492.401225][T29010] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9917'. [ 492.436403][T29010] netlink: 60 bytes leftover after parsing attributes in process `syz.0.9917'. [ 493.285124][ T6001] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.288360][ T5695] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.468894][T29080] netlink: 212348 bytes leftover after parsing attributes in process `syz.5.9940'. [ 493.524898][ T5695] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 493.541732][T29086] netlink: 28 bytes leftover after parsing attributes in process `syz.5.9943'. [ 493.544979][T29086] netlink: 'syz.5.9943': attribute type 7 has an invalid length. [ 493.548093][T29086] netlink: 'syz.5.9943': attribute type 8 has an invalid length. [ 493.556387][T29086] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9943'. [ 493.568078][T29086] gretap0: entered promiscuous mode [ 493.571422][T29086] gretap0: left promiscuous mode [ 493.955518][ T5342] block nbd1: Possible stuck request ffff888027470000: control (read@0,1024B). Runtime 300 seconds [ 493.958893][ T5342] block nbd1: Possible stuck request ffff888027470200: control (read@1024,1024B). Runtime 300 seconds [ 493.962713][ T5342] block nbd1: Possible stuck request ffff888027470400: control (read@2048,1024B). Runtime 300 seconds [ 493.967052][ T5342] block nbd1: Possible stuck request ffff888027470600: control (read@3072,1024B). Runtime 300 seconds [ 494.008341][T29124] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.013421][T29124] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.017019][T29124] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.574463][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 494.713844][ T6001] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 494.850593][T29152] syzkaller1: entered promiscuous mode [ 494.852330][T29152] syzkaller1: entered allmulticast mode [ 494.868229][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.871611][ T6001] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.875399][ T6001] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 494.880001][ T6001] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 494.883181][ T6001] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.887709][ T6001] usb 5-1: config 0 descriptor?? [ 495.205523][ T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.306773][ T6001] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 495.614143][ T10] net_ratelimit: 2 callbacks suppressed [ 495.614154][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.844524][ T6001] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 495.921019][T29208] netlink: 27 bytes leftover after parsing attributes in process `syz.5.9991'. [ 496.050548][T29214] loop8: detected capacity change from 0 to 8 [ 496.053031][T29214] Dev loop8: unable to read RDB block 8 [ 496.055006][T29214] loop8: unable to read partition table [ 496.056898][T29214] loop8: partition table beyond EOD, truncated [ 496.058975][T29214] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 496.223387][T29222] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1500) ! [ 496.484598][ T6001] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.561731][ T9] Process accounting resumed [ 496.581849][T29234] Process accounting resumed [ 496.623896][ T10] usb 10-1: new high-speed USB device number 37 using dummy_hcd [ 496.650601][T29244] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 496.653970][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 496.793781][ T10] usb 10-1: Using ep0 maxpacket: 8 [ 496.798414][ T10] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 496.801436][ T10] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 496.804714][ T10] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 496.807737][ T10] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 496.811780][ T10] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 496.815244][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.031003][ T10] usb 10-1: GET_CAPABILITIES returned 0 [ 497.033199][ T10] usbtmc 10-1:16.0: can't read capabilities [ 497.116072][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.123953][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.128304][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.131492][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.134780][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.137873][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.140989][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.144578][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.147663][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.150731][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.154824][ T6001] hid-generic 00A0:0006:0003.0016: unknown main item tag 0x0 [ 497.168322][ T6001] hid-generic 00A0:0006:0003.0016: hidraw2: HID v0.05 Device [syz1] on syz0 [ 497.296158][ T5343] usb 10-1: USB disconnect, device number 37 [ 497.331785][ T6938] usb 5-1: USB disconnect, device number 4 [ 497.499074][ T40] kauditd_printk_skb: 598 callbacks suppressed [ 497.499086][ T40] audit: type=1326 audit(1774157991.976:7186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29294 comm="syz.6.10030" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x0 [ 497.684002][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 497.984815][T29301] Bluetooth: MGMT ver 1.23 [ 498.273860][ T6001] usb 10-1: new high-speed USB device number 38 using dummy_hcd [ 498.423782][ T6001] usb 10-1: Using ep0 maxpacket: 32 [ 498.426780][ T6001] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 498.430196][ T6001] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 498.433595][ T6001] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 498.437962][ T6001] usb 10-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 498.440800][ T6001] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.445771][ T6001] usb 10-1: config 0 descriptor?? [ 498.464551][T29315] tipc: Started in network mode [ 498.466587][T29315] tipc: Node identity ac14140f, cluster identity 4711 [ 498.470052][T29315] tipc: New replicast peer: 255.255.255.255 [ 498.473424][T29315] tipc: Enabled bearer , priority 10 [ 498.727333][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.748924][T29327] syz_tun: entered allmulticast mode [ 498.752511][T29327] syz_tun: left allmulticast mode [ 498.795465][T29329] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.799036][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.863862][ T6001] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/0003:0458:5011.0017/input/input72 [ 498.884001][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 498.949252][ T6001] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/0003:0458:5011.0017/input/input73 [ 499.009329][ T6001] kye 0003:0458:5011.0017: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 499.075805][ T39] usb 10-1: USB disconnect, device number 38 [ 499.194606][ T5343] usb 11-1: new high-speed USB device number 2 using dummy_hcd [ 499.343784][ T5343] usb 11-1: Using ep0 maxpacket: 8 [ 499.346942][ T5343] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 499.350471][ T5343] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 499.353810][ T5343] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 499.356898][ T5343] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 499.361206][ T5343] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 499.364197][ T5343] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.413874][ T34] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 499.483889][ T10] tipc: Node number set to 2886997007 [ 499.563792][ T34] usb 5-1: Using ep0 maxpacket: 16 [ 499.566958][ T34] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 499.570334][ T34] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 499.573355][ T34] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 499.577743][ T5343] usb 11-1: GET_CAPABILITIES returned 0 [ 499.579468][ T5343] usbtmc 11-1:16.0: can't read capabilities [ 499.581301][ T34] usb 5-1: config 1 interface 0 has no altsetting 0 [ 499.587057][ T34] usb 5-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 499.590630][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.593281][ T34] usb 5-1: Product: syz [ 499.594763][ T34] usb 5-1: Manufacturer: syz [ 499.596177][ T34] usb 5-1: SerialNumber: syz [ 499.624137][T29346] netlink: 'syz.5.10053': attribute type 13 has an invalid length. [ 499.780540][ T5343] usb 11-1: USB disconnect, device number 2 [ 499.808556][ T34] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 499.826371][T29348] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.10054'. [ 500.011558][ T5343] usb 5-1: USB disconnect, device number 5 [ 500.218486][T29343] usblp0: removed [ 500.382386][T29373] syzkaller1: entered promiscuous mode [ 500.385500][T29373] syzkaller1: entered allmulticast mode [ 500.803919][ T5695] net_ratelimit: 1 callbacks suppressed [ 500.803931][ T5695] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 500.858170][ T10] usb 10-1: new high-speed USB device number 39 using dummy_hcd [ 501.010213][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 501.014907][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.018956][ T10] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 501.024670][ T10] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 501.027793][ T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.032949][ T10] usb 10-1: config 0 descriptor?? [ 501.180426][ T40] audit: type=1326 audit(1774157995.656:7187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29407 comm="syz.0.10082" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x0 [ 501.455751][ T10] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 501.732143][ T40] audit: type=1326 audit(1774157996.206:7188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29426 comm="syz.2.10090" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f07f6c code=0x0 [ 501.844645][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 501.924271][ T6001] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.128360][T29447] netlink: 56 bytes leftover after parsing attributes in process `syz.0.10099'. [ 502.179108][T29450] syzkaller1: entered promiscuous mode [ 502.181263][T29450] syzkaller1: entered allmulticast mode [ 502.527190][T29462] syzkaller1: entered promiscuous mode [ 502.531763][T29462] syzkaller1: entered allmulticast mode [ 502.748485][ T39] usb 10-1: USB disconnect, device number 39 [ 502.814121][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.817513][ C2] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 502.885850][ T5695] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 503.390093][T29517] netlink: 27 bytes leftover after parsing attributes in process `syz.6.10132'. [ 503.524943][T29526] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input74 [ 503.712821][T29541] syzkaller1: entered promiscuous mode [ 503.716673][T29541] syzkaller1: entered allmulticast mode [ 504.134466][ T6938] usb 10-1: new high-speed USB device number 40 using dummy_hcd [ 504.303866][ T6938] usb 10-1: Using ep0 maxpacket: 8 [ 504.306878][ T6938] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 504.310299][ T6938] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 504.313549][ T6938] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 504.317169][ T6938] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 504.321696][ T6938] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 504.324910][ T6938] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.535452][ T6938] usb 10-1: usb_control_msg returned -32 [ 504.537908][ T6938] usbtmc 10-1:16.0: can't read capabilities [ 504.542725][ T6938] usb 10-1: USB disconnect, device number 40 [ 505.292522][T29585] ceph: No mds server is up or the cluster is laggy [ 505.417035][T29606] netlink: 4 bytes leftover after parsing attributes in process `syz.6.10170'. [ 505.659129][T29619] netlink: 40 bytes leftover after parsing attributes in process `syz.5.10176'. [ 506.086825][ T1415] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.725925][ T1280] block nbd3: Possible stuck request ffff888027550000: control (read@0,4096B). Runtime 210 seconds [ 506.760864][T29667] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10194'. [ 506.773890][T29667] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.797643][T29667] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 507.022503][T29684] binder: 29683:29684 ioctl c0306201 0 returned -14 [ 507.033944][ T5695] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 507.194990][ T5695] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 507.197666][ T5695] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 507.201366][ T5695] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 507.215722][ T5695] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 507.219557][ T5695] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 507.230751][ T5695] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 507.233637][ T5695] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.243090][ T5695] usb 5-1: config 0 descriptor?? [ 507.246069][T29669] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 507.336685][T29705] pim6reg1: entered promiscuous mode [ 507.338830][T29705] pim6reg1: entered allmulticast mode [ 507.505159][T29714] sit0: entered promiscuous mode [ 507.510307][T29714] netlink: 'syz.6.10215': attribute type 1 has an invalid length. [ 507.512856][T29714] netlink: 1 bytes leftover after parsing attributes in process `syz.6.10215'. [ 507.634422][ T29] libceph: connect (1)[c::]:6789 error -101 [ 507.636419][ T29] libceph: mon0 (1)[c::]:6789 connect error [ 507.655398][T29729] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 507.659644][ T5695] hid_parser_main: 4 callbacks suppressed [ 507.659656][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.666313][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.668713][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.671394][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.673847][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.676770][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.679213][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.682270][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.686271][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.690191][ T5695] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 507.698858][ T5695] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 507.762033][T29720] ceph: No mds server is up or the cluster is laggy [ 507.824210][T29737] input: syz1 as /devices/virtual/input/input75 [ 507.828134][T29739] netlink: 256 bytes leftover after parsing attributes in process `syz.6.10224'. [ 507.832163][T29739] netlink: 256 bytes leftover after parsing attributes in process `syz.6.10224'. [ 507.915977][ T5695] usb 5-1: USB disconnect, device number 6 [ 508.136310][T29759] netlink: 8 bytes leftover after parsing attributes in process `syz.5.10234'. [ 508.139160][T29759] netlink: 'syz.5.10234': attribute type 21 has an invalid length. [ 508.188454][T29764] netlink: 256 bytes leftover after parsing attributes in process `syz.2.10235'. [ 508.191994][T29764] netlink: 256 bytes leftover after parsing attributes in process `syz.2.10235'. [ 508.519308][T29784] tipc: Started in network mode [ 508.521484][T29784] tipc: Node identity ac14142f, cluster identity 4711 [ 508.525407][T29784] tipc: New replicast peer: 0.0.0.0 [ 508.527394][T29784] tipc: Enabled bearer , priority 10 [ 508.531145][T29784] tipc: New replicast peer: 255.255.255.255 [ 508.562084][T29787] netlink: 84 bytes leftover after parsing attributes in process `syz.0.10246'. [ 508.568099][ T39] usb 11-1: new high-speed USB device number 3 using dummy_hcd [ 508.573506][T29787] netlink: 84 bytes leftover after parsing attributes in process `syz.0.10246'. [ 508.736536][ T39] usb 11-1: Using ep0 maxpacket: 32 [ 508.740650][ T39] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 508.744767][ T39] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 508.748672][ T39] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 508.754465][ T39] usb 11-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 508.758356][ T39] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.764899][ T39] usb 11-1: config 0 descriptor?? [ 509.099742][T29805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10255'. [ 509.105626][T29805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10255'. [ 509.195973][ T39] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5011.001A/input/input76 [ 509.294272][T29819] input: syz1 as /devices/virtual/input/input78 [ 509.297355][ T39] input: HID 0458:5011 as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.0/0003:0458:5011.001A/input/input77 [ 509.318412][ T39] kye 0003:0458:5011.001A: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.6-1/input0 [ 509.524007][ T39] tipc: Node number set to 2886997039 [ 509.995021][T29855] input: syz1 as /devices/virtual/input/input79 [ 510.316257][ C2] kye 0003:0458:5011.001A: usb_submit_urb(ctrl) failed: -1 [ 510.476210][ T5941] block nbd5: Receive control failed (result -107) [ 510.856603][T29870] netlink: 'syz.6.10284': attribute type 10 has an invalid length. [ 510.863101][T29870] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 510.867310][T29870] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 510.880481][T29870] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 510.882910][T29870] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 510.887959][T29870] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 510.890530][T29870] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 510.896307][T29870] bond0: (slave batadv0): Releasing backup interface [ 511.107981][ T5343] usb 11-1: USB disconnect, device number 3 [ 511.313670][T29882] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 511.652806][ T40] audit: type=1326 audit(1774158006.126:7189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.663133][ T40] audit: type=1326 audit(1774158006.126:7190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.673183][ T40] audit: type=1326 audit(1774158006.126:7191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.681786][ T40] audit: type=1326 audit(1774158006.126:7192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.690475][ T40] audit: type=1326 audit(1774158006.126:7193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.699309][ T40] audit: type=1326 audit(1774158006.126:7194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.708100][ T40] audit: type=1326 audit(1774158006.126:7195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.716882][ T40] audit: type=1326 audit(1774158006.126:7196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.725530][ T40] audit: type=1326 audit(1774158006.126:7197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.734783][ T40] audit: type=1326 audit(1774158006.126:7198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29897 comm="syz.0.10296" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf70bef6c code=0x7ffc0000 [ 511.863829][T29891] nbd6: detected capacity change from 0 to 63 [ 511.880919][ T5294] block nbd6: Receive control failed (result -32) [ 511.884141][ T5933] block nbd6: Receive control failed (result -104) [ 511.884735][ T5941] block nbd6: Receive control failed (result -32) [ 511.887983][ T5947] block nbd6: Receive control failed (result -32) [ 511.892867][T29904] block nbd6: Receive control failed (result -32) [ 511.972385][T29914] [ 511.973372][T29914] ====================================================== [ 511.975917][T29914] WARNING: possible circular locking dependency detected [ 511.978773][T29914] syzkaller #0 Tainted: G L [ 511.981281][T29914] ------------------------------------------------------ [ 511.983805][T29914] syz.6.10302/29914 is trying to acquire lock: [ 511.986660][T29914] ffffffff8e9aa340 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_noprof+0x4c/0x6e0 [ 511.990538][T29914] [ 511.990538][T29914] but task is already holding lock: [ 511.993608][T29914] ffffffff8e977f08 (slab_mutex){+.+.}-{4:4}, at: __kmem_cache_create_args+0x44/0x420 [ 511.997497][T29914] [ 511.997497][T29914] which lock already depends on the new lock. [ 511.997497][T29914] [ 512.001714][T29914] [ 512.001714][T29914] the existing dependency chain (in reverse order) is: [ 512.005727][T29914] [ 512.005727][T29914] -> #8 (slab_mutex){+.+.}-{4:4}: [ 512.008697][T29914] __mutex_lock+0x1a2/0x1b90 [ 512.010582][T29914] kmem_cache_destroy+0x59/0x180 [ 512.013499][T29914] p9_client_destroy+0x20c/0x3a0 [ 512.016099][T29914] v9fs_session_close+0x49/0x2d0 [ 512.018466][T29914] v9fs_kill_super+0x4d/0xa0 [ 512.020667][T29914] deactivate_locked_super+0xc1/0x1b0 [ 512.023204][T29914] deactivate_super+0xe7/0x110 [ 512.025475][T29914] cleanup_mnt+0x21f/0x450 [ 512.027569][T29914] task_work_run+0x150/0x240 [ 512.029766][T29914] exit_to_user_mode_loop+0x100/0x4a0 [ 512.032250][T29914] __do_fast_syscall_32+0x578/0x8c0 [ 512.034728][T29914] do_fast_syscall_32+0x32/0x70 [ 512.036862][T29914] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 512.039181][T29914] [ 512.039181][T29914] -> #7 (cpu_hotplug_lock){++++}-{0:0}: [ 512.041681][T29914] cpus_read_lock+0x42/0x170 [ 512.043544][T29914] static_key_disable+0x12/0x20 [ 512.045909][T29914] __inet_hash_connect+0x1378/0x1e40 [ 512.048446][T29914] tcp_v4_connect+0xeb0/0x1b40 [ 512.050375][T29914] __inet_stream_connect+0x208/0xfa0 [ 512.052230][T29914] inet_stream_connect+0x57/0xa0 [ 512.054038][T29914] __sys_connect_file+0x141/0x1a0 [ 512.055883][T29914] __sys_connect+0x141/0x170 [ 512.057535][T29914] __ia32_compat_sys_socketcall+0x45e/0x770 [ 512.059877][T29914] __do_fast_syscall_32+0xe3/0x8c0 [ 512.062339][T29914] do_fast_syscall_32+0x32/0x70 [ 512.064327][T29914] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 512.066467][T29914] [ 512.066467][T29914] -> #6 (sk_lock-AF_INET){+.+.}-{0:0}: [ 512.068855][T29914] lock_sock_nested+0x41/0xf0 [ 512.071046][T29914] inet_shutdown+0x67/0x410 [ 512.073266][T29914] nbd_mark_nsock_dead+0xae/0x5c0 [ 512.075725][T29914] recv_work+0x5fb/0x8c0 [ 512.077928][T29914] process_one_work+0xa23/0x19a0 [ 512.080316][T29914] worker_thread+0x5ef/0xe50 [ 512.082538][T29914] kthread+0x370/0x450 [ 512.084574][T29914] ret_from_fork+0x754/0xd80 [ 512.086899][T29914] ret_from_fork_asm+0x1a/0x30 [ 512.089252][T29914] [ 512.089252][T29914] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 512.092510][T29914] __mutex_lock+0x1a2/0x1b90 [ 512.094261][T29914] nbd_queue_rq+0x428/0x1080 [ 512.095918][T29914] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 512.097968][T29914] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 512.100263][T29914] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 512.102853][T29914] blk_mq_run_hw_queue+0x23c/0x670 [ 512.104851][T29914] blk_mq_dispatch_list+0x51d/0x1360 [ 512.106803][T29914] blk_mq_flush_plug_list+0x130/0x600 [ 512.108781][T29914] __blk_flush_plug+0x2c4/0x4b0 [ 512.111105][T29914] __submit_bio+0x584/0x6c0 [ 512.112774][T29914] submit_bio_noacct_nocheck+0x562/0xc10 [ 512.114833][T29914] submit_bio_noacct+0xd17/0x2010 [ 512.116693][T29914] submit_bh_wbc+0x59c/0x770 [ 512.118425][T29914] block_read_full_folio+0x264/0x8e0 [ 512.120377][T29914] filemap_read_folio+0xfc/0x3b0 [ 512.122181][T29914] do_read_cache_folio+0x2d7/0x6b0 [ 512.124063][T29914] read_part_sector+0xd1/0x370 [ 512.125848][T29914] adfspart_check_ICS+0x93/0x910 [ 512.127697][T29914] bdev_disk_changed+0x7f8/0xc80 [ 512.129570][T29914] blkdev_get_whole+0x187/0x290 [ 512.131379][T29914] bdev_open+0x2c7/0xe40 [ 512.132965][T29914] blkdev_open+0x34e/0x4f0 [ 512.134643][T29914] do_dentry_open+0x6d8/0x1660 [ 512.136401][T29914] vfs_open+0x82/0x3f0 [ 512.138005][T29914] path_openat+0x208c/0x31a0 [ 512.139781][T29914] do_file_open+0x20e/0x430 [ 512.141481][T29914] do_sys_openat2+0x10d/0x1e0 [ 512.143231][T29914] __x64_sys_openat+0x12d/0x210 [ 512.145041][T29914] do_syscall_64+0x106/0xf80 [ 512.146759][T29914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.148968][T29914] [ 512.148968][T29914] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 512.151370][T29914] __mutex_lock+0x1a2/0x1b90 [ 512.153077][T29914] nbd_queue_rq+0xba/0x1080 [ 512.154762][T29914] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 512.156793][T29914] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 512.159138][T29914] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 512.161316][T29914] blk_mq_run_hw_queue+0x23c/0x670 [ 512.163199][T29914] blk_mq_dispatch_list+0x51d/0x1360 [ 512.165159][T29914] blk_mq_flush_plug_list+0x130/0x600 [ 512.167147][T29914] __blk_flush_plug+0x2c4/0x4b0 [ 512.168997][T29914] __submit_bio+0x584/0x6c0 [ 512.170710][T29914] submit_bio_noacct_nocheck+0x562/0xc10 [ 512.172790][T29914] submit_bio_noacct+0xd17/0x2010 [ 512.174646][T29914] submit_bh_wbc+0x59c/0x770 [ 512.176369][T29914] block_read_full_folio+0x264/0x8e0 [ 512.178344][T29914] filemap_read_folio+0xfc/0x3b0 [ 512.180193][T29914] do_read_cache_folio+0x2d7/0x6b0 [ 512.182063][T29914] read_part_sector+0xd1/0x370 [ 512.183783][T29914] adfspart_check_ICS+0x93/0x910 [ 512.185547][T29914] bdev_disk_changed+0x7f8/0xc80 [ 512.187362][T29914] blkdev_get_whole+0x187/0x290 [ 512.189210][T29914] bdev_open+0x2c7/0xe40 [ 512.190763][T29914] blkdev_open+0x34e/0x4f0 [ 512.192375][T29914] do_dentry_open+0x6d8/0x1660 [ 512.194129][T29914] vfs_open+0x82/0x3f0 [ 512.195738][T29914] path_openat+0x208c/0x31a0 [ 512.197398][T29914] do_file_open+0x20e/0x430 [ 512.199068][T29914] do_sys_openat2+0x10d/0x1e0 [ 512.200710][T29914] __x64_sys_openat+0x12d/0x210 [ 512.202418][T29914] do_syscall_64+0x106/0xf80 [ 512.204070][T29914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.206099][T29914] [ 512.206099][T29914] -> #3 (set->srcu){.+.+}-{0:0}: [ 512.208375][T29914] __synchronize_srcu+0xa1/0x2a0 [ 512.210141][T29914] blk_mq_quiesce_queue+0x149/0x1c0 [ 512.211934][T29914] elevator_switch+0x17b/0x7e0 [ 512.213637][T29914] elevator_change+0x352/0x530 [ 512.215317][T29914] elevator_set_default+0x29e/0x360 [ 512.217128][T29914] blk_register_queue+0x412/0x590 [ 512.218938][T29914] __add_disk+0x73f/0xe40 [ 512.220567][T29914] add_disk_fwnode+0x118/0x5c0 [ 512.222256][T29914] nbd_dev_add+0x77a/0xb10 [ 512.223832][T29914] nbd_init+0x291/0x2b0 [ 512.225301][T29914] do_one_initcall+0x11d/0x760 [ 512.227005][T29914] kernel_init_freeable+0x6e5/0x7a0 [ 512.228872][T29914] kernel_init+0x1f/0x1e0 [ 512.230584][T29914] ret_from_fork+0x754/0xd80 [ 512.232220][T29914] ret_from_fork_asm+0x1a/0x30 [ 512.233889][T29914] [ 512.233889][T29914] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 512.236345][T29914] __mutex_lock+0x1a2/0x1b90 [ 512.238021][T29914] elevator_change+0x1bc/0x530 [ 512.239713][T29914] elevator_set_none+0x92/0xf0 [ 512.241393][T29914] blk_mq_update_nr_hw_queues+0x4c1/0x15f0 [ 512.243409][T29914] nbd_start_device+0x1a6/0xbd0 [ 512.245125][T29914] nbd_genl_connect+0xff2/0x1a40 [ 512.246849][T29914] genl_family_rcv_msg_doit+0x214/0x300 [ 512.248768][T29914] genl_rcv_msg+0x560/0x800 [ 512.250425][T29914] netlink_rcv_skb+0x159/0x420 [ 512.252072][T29914] genl_rcv+0x28/0x40 [ 512.253496][T29914] netlink_unicast+0x5aa/0x870 [ 512.255133][T29914] netlink_sendmsg+0x8b0/0xda0 [ 512.256801][T29914] ____sys_sendmsg+0x9e1/0xb70 [ 512.258500][T29914] ___sys_sendmsg+0x190/0x1e0 [ 512.260183][T29914] __sys_sendmsg+0x170/0x220 [ 512.261818][T29914] __do_fast_syscall_32+0xe3/0x8c0 [ 512.263602][T29914] do_fast_syscall_32+0x32/0x70 [ 512.265305][T29914] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 512.267498][T29914] [ 512.267498][T29914] -> #1 (&q->q_usage_counter(io)#53){++++}-{0:0}: [ 512.270254][T29914] blk_alloc_queue+0x610/0x790 [ 512.271941][T29914] blk_mq_alloc_queue+0x174/0x290 [ 512.273722][T29914] __blk_mq_alloc_disk+0x29/0x120 [ 512.275472][T29914] nbd_dev_add+0x492/0xb10 [ 512.277045][T29914] nbd_init+0x291/0x2b0 [ 512.278578][T29914] do_one_initcall+0x11d/0x760 [ 512.280280][T29914] kernel_init_freeable+0x6e5/0x7a0 [ 512.282087][T29914] kernel_init+0x1f/0x1e0 [ 512.283640][T29914] ret_from_fork+0x754/0xd80 [ 512.285283][T29914] ret_from_fork_asm+0x1a/0x30 [ 512.286960][T29914] [ 512.286960][T29914] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 512.289278][T29914] __lock_acquire+0x14b8/0x2630 [ 512.290996][T29914] lock_acquire+0x1cf/0x380 [ 512.292602][T29914] fs_reclaim_acquire+0xc4/0x100 [ 512.294362][T29914] kmem_cache_alloc_noprof+0x4c/0x6e0 [ 512.296249][T29914] __kmem_cache_create_args+0x366/0x420 [ 512.298182][T29914] ieee80211_mesh_init_sdata+0x596/0x690 [ 512.300166][T29914] ieee80211_setup_sdata+0xabd/0xcf0 [ 512.302039][T29914] ieee80211_if_add+0xa30/0x1860 [ 512.303765][T29914] ieee80211_add_iface+0xaf/0x5d0 [ 512.305520][T29914] nl80211_new_interface+0x65f/0x11d0 [ 512.307379][T29914] genl_family_rcv_msg_doit+0x214/0x300 [ 512.309305][T29914] genl_rcv_msg+0x560/0x800 [ 512.310862][T29914] netlink_rcv_skb+0x159/0x420 [ 512.312456][T29914] genl_rcv+0x28/0x40 [ 512.313916][T29914] netlink_unicast+0x5aa/0x870 [ 512.315601][T29914] netlink_sendmsg+0x8b0/0xda0 [ 512.317290][T29914] ____sys_sendmsg+0x9e1/0xb70 [ 512.318989][T29914] ___sys_sendmsg+0x190/0x1e0 [ 512.320642][T29914] __sys_sendmsg+0x170/0x220 [ 512.322288][T29914] __do_fast_syscall_32+0xe3/0x8c0 [ 512.324066][T29914] do_fast_syscall_32+0x32/0x70 [ 512.325784][T29914] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 512.327930][T29914] [ 512.327930][T29914] other info that might help us debug this: [ 512.327930][T29914] [ 512.331108][T29914] Chain exists of: [ 512.331108][T29914] fs_reclaim --> cpu_hotplug_lock --> slab_mutex [ 512.331108][T29914] [ 512.334839][T29914] Possible unsafe locking scenario: [ 512.334839][T29914] [ 512.337148][T29914] CPU0 CPU1 [ 512.338868][T29914] ---- ---- [ 512.340614][T29914] lock(slab_mutex); [ 512.341910][T29914] lock(cpu_hotplug_lock); [ 512.344103][T29914] lock(slab_mutex); [ 512.346159][T29914] lock(fs_reclaim); [ 512.347467][T29914] [ 512.347467][T29914] *** DEADLOCK *** [ 512.347467][T29914] [ 512.350008][T29914] 4 locks held by syz.6.10302/29914: [ 512.351677][T29914] #0: ffffffff906c0d50 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 512.354259][T29914] #1: ffffffff90614a28 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0xb4/0xae0 [ 512.357141][T29914] #2: ffff888056dd8788 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: nl80211_new_interface+0xac/0x11d0 [ 512.360367][T29914] #3: ffffffff8e977f08 (slab_mutex){+.+.}-{4:4}, at: __kmem_cache_create_args+0x44/0x420 [ 512.363411][T29914] [ 512.363411][T29914] stack backtrace: [ 512.365282][T29914] CPU: 0 UID: 0 PID: 29914 Comm: syz.6.10302 Tainted: G L syzkaller #0 PREEMPT(full) [ 512.365299][T29914] Tainted: [L]=SOFTLOCKUP [ 512.365302][T29914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 512.365309][T29914] Call Trace: [ 512.365314][T29914] [ 512.365318][T29914] dump_stack_lvl+0x100/0x190 [ 512.365335][T29914] print_circular_bug.cold+0x178/0x1c7 [ 512.365353][T29914] check_noncircular+0x146/0x160 [ 512.365368][T29914] __lock_acquire+0x14b8/0x2630 [ 512.365383][T29914] ? __kmem_cache_create_args+0x44/0x420 [ 512.365399][T29914] lock_acquire+0x1cf/0x380 [ 512.365412][T29914] ? kmem_cache_alloc_noprof+0x4c/0x6e0 [ 512.365430][T29914] fs_reclaim_acquire+0xc4/0x100 [ 512.365443][T29914] ? kmem_cache_alloc_noprof+0x4c/0x6e0 [ 512.365459][T29914] kmem_cache_alloc_noprof+0x4c/0x6e0 [ 512.365475][T29914] ? __kmem_cache_create_args+0x366/0x420 [ 512.365491][T29914] __kmem_cache_create_args+0x366/0x420 [ 512.365508][T29914] ieee80211_mesh_init_sdata+0x596/0x690 [ 512.365521][T29914] ? __pfx_ieee80211_mesh_init_sdata+0x10/0x10 [ 512.365532][T29914] ? __pfx___debug_object_init+0x10/0x10 [ 512.365545][T29914] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 512.365556][T29914] ? lockdep_init_map_type+0x5c/0x250 [ 512.365570][T29914] ieee80211_setup_sdata+0xabd/0xcf0 [ 512.365600][T29914] ieee80211_if_add+0xa30/0x1860 [ 512.365616][T29914] ieee80211_add_iface+0xaf/0x5d0 [ 512.365632][T29914] ? __pfx_ieee80211_add_iface+0x10/0x10 [ 512.365647][T29914] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 512.365659][T29914] nl80211_new_interface+0x65f/0x11d0 [ 512.365673][T29914] ? __pfx_nl80211_new_interface+0x10/0x10 [ 512.365688][T29914] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 512.365701][T29914] ? nl80211_pre_doit+0x19a/0xae0 [ 512.365714][T29914] genl_family_rcv_msg_doit+0x214/0x300 [ 512.365727][T29914] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 512.365739][T29914] ? genl_get_cmd+0x3ef/0x720 [ 512.365750][T29914] ? bpf_lsm_capable+0x9/0x10 [ 512.365761][T29914] ? security_capable+0x80/0x260 [ 512.365778][T29914] ? ns_capable+0xd2/0xf0 [ 512.365789][T29914] genl_rcv_msg+0x560/0x800 [ 512.365800][T29914] ? __pfx_genl_rcv_msg+0x10/0x10 [ 512.365811][T29914] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 512.365824][T29914] ? __pfx_nl80211_new_interface+0x10/0x10 [ 512.365841][T29914] ? __pfx_nl80211_post_doit+0x10/0x10 [ 512.365857][T29914] netlink_rcv_skb+0x159/0x420 [ 512.365867][T29914] ? __pfx_genl_rcv_msg+0x10/0x10 [ 512.365878][T29914] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 512.365890][T29914] ? netlink_deliver_tap+0x1ae/0xcc0 [ 512.365906][T29914] genl_rcv+0x28/0x40 [ 512.365916][T29914] netlink_unicast+0x5aa/0x870 [ 512.365933][T29914] ? __pfx_netlink_unicast+0x10/0x10 [ 512.365952][T29914] netlink_sendmsg+0x8b0/0xda0 [ 512.365970][T29914] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.365987][T29914] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 512.366005][T29914] ____sys_sendmsg+0x9e1/0xb70 [ 512.366016][T29914] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.366034][T29914] ? __pfx_____sys_sendmsg+0x10/0x10 [ 512.366046][T29914] ? __pfx_futex_wake_mark+0x10/0x10 [ 512.366064][T29914] ___sys_sendmsg+0x190/0x1e0 [ 512.366077][T29914] ? __pfx____sys_sendmsg+0x10/0x10 [ 512.366096][T29914] __sys_sendmsg+0x170/0x220 [ 512.366112][T29914] ? __pfx___sys_sendmsg+0x10/0x10 [ 512.366127][T29914] ? __ia32_sys_futex_time32+0x2f4/0x470 [ 512.366146][T29914] __do_fast_syscall_32+0xe3/0x8c0 [ 512.366163][T29914] do_fast_syscall_32+0x32/0x70 [ 512.366172][T29914] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 512.366186][T29914] RIP: 0023:0xf70bef6c [ 512.366195][T29914] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8 [ 512.366206][T29914] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 512.366216][T29914] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 512.366223][T29914] RDX: 0000000024044884 RSI: 0000000000000000 RDI: 0000000000000000 [ 512.366229][T29914] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 512.366236][T29914] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 512.366242][T29914] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 512.366251][T29914] [ 516.085815][ T5344] udevd[5344]: worker [5942] /devices/virtual/block/nbd3 timeout; kill it [ 516.088735][ T5344] udevd[5344]: seq 19540 '/devices/virtual/block/nbd3' killed