last executing test programs: 13.736072147s ago: executing program 4 (id=642): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045510, 0x0) 13.12136437s ago: executing program 2 (id=644): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000006c0)=ANY=[@ANYBLOB="140100001f000103000000004800000001010080190001"], 0x114}], 0x1}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4c014) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x400, 0x0) epoll_create(0x802) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x5437, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) mknod(&(0x7f0000000480)='./file0\x00', 0x8000, 0x3) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000600)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) mount(&(0x7f00000004c0)=@nullb, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='nilfs2\x00', 0x400, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000100)={0x2, 0x2, 0x0, "b42c1700000000000000000000001300", 0x494e4f4b}) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x1c}}, 0x4004000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000340)={{0x7, 0x80}, 'port1\x00', 0x98, 0x20000, 0x9f2, 0x0, 0x7f59, 0x4, 0x3, 0x0, 0x2, 0x40}) socket$netlink(0x10, 0x3, 0xc) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) r6 = userfaultfd(0x801) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) 11.843520958s ago: executing program 2 (id=645): r0 = socket(0x2, 0x3, 0xff) socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet(r0, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f00000008c0)='|', 0x1}], 0x1}}], 0x1, 0x901) 10.41479143s ago: executing program 2 (id=649): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) sendmsg$alg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x40}], 0x30}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000600), 0xfec8) recvmmsg(0xffffffffffffffff, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}, {&(0x7f0000000300)=""/225, 0xe1}], 0x2, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0) 10.225338622s ago: executing program 2 (id=652): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_tree(0xffffffffffffffff, &(0x7f00000001c0)='\x00', 0x89901) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x20, 0x3, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8080) 10.025366268s ago: executing program 3 (id=654): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000300)=ANY=[@ANYBLOB="400901000000f6523a9c4d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, 0x0, 0xfeec) 8.534166118s ago: executing program 1 (id=656): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x4e3, 0x0, &(0x7f0000000180)=0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) r4 = socket$inet(0xa, 0x801, 0x84) connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r4, 0xfffffffd) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000001000), 0x581, 0x4000001f, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x1, 0x2, 0xff, 0xa4, 0x0, 0x1, 0x0, 0x5, 0x8, 0x81, 0x0, 0x2, 0x20}, 0xe) write$dsp(0xffffffffffffffff, &(0x7f00000001c0)="5cba", 0x2) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) 6.996028342s ago: executing program 4 (id=660): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd70000000007b280000000c0001", @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884) 5.942542284s ago: executing program 4 (id=662): keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x17, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4"], &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0x10000}, 0x1c) close(0xffffffffffffffff) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) poll(0x0, 0x0, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x0, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='yeah\x00', 0x5) 5.477302897s ago: executing program 0 (id=663): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x2, 0x4, 0x4, 0x2, 0x108, 0x1}, 0x50) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r0, 0x0}, 0x20) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$kcm(0x2d, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0}, 0x18) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20180, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x14102, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_opts(r3, 0x0, 0x480, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x208400, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32=r4, @ANYRES32=r4, @ANYRES32=r4], 0x20) ioctl$PPPIOCSMRU1(r4, 0x40047452, &(0x7f0000000100)=0x6) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000080)) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000080001003f0000000c000200700f00000000ffff0c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) 5.476974932s ago: executing program 3 (id=664): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4020aeb2, &(0x7f0000000740)={0x0, 0x12c, @pic={0x0, 0x0, 0x0, 0x0, 0x1}}) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r3 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x89b8, 0x8, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x0, 0x2}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) ioctl$sock_inet_SIOCSIFADDR(r6, 0x891c, &(0x7f0000000080)={'wlan1\x00', {0x2, 0x4000, @empty=0xfe000000}}) mount$bpf(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x880, &(0x7f0000000800)={[], [{@smackfshat={'smackfshat', 0x3d, '.'}}]}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x8}}, [@NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x2e}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x2}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x84}}, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0) r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) writev(r9, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000280)={0xf0f022}) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000000c0)={0x2, @win={{0x2, 0xc, 0x40, 0xe0fd}, 0x9, 0x1, 0x0, 0xc, 0x0, 0x6}}) 4.768711334s ago: executing program 4 (id=665): open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x29c) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$MON_IOCX_GETX(r2, 0x4018920a, &(0x7f00000001c0)={&(0x7f00000012c0), &(0x7f0000002940)=""/4083, 0xff3}) 3.779388231s ago: executing program 4 (id=666): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000006c0)=ANY=[@ANYBLOB="140100001f000103000000004800000001010080190001"], 0x114}], 0x1}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4c014) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x400, 0x0) epoll_create(0x802) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x5437, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) mknod(&(0x7f0000000480)='./file0\x00', 0x8000, 0x3) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000600)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) mount(&(0x7f00000004c0)=@nullb, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='nilfs2\x00', 0x400, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000100)={0x2, 0x2, 0x0, "b42c1700000000000000000000001300", 0x494e4f4b}) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x1c}}, 0x4004000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000340)={{0x7, 0x80}, 'port1\x00', 0x98, 0x20000, 0x9f2, 0x0, 0x7f59, 0x4, 0x3, 0x0, 0x2, 0x40}) socket$netlink(0x10, 0x3, 0xc) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1f00}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) r6 = userfaultfd(0x801) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) 3.713433031s ago: executing program 1 (id=667): r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000c1"]) 3.639651263s ago: executing program 0 (id=668): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_SUBMITURB(r1, 0x802c550a, &(0x7f0000000280)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x2, 0x24, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x4, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) 2.723862495s ago: executing program 3 (id=669): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000180)=0x55b7, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x50) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) epoll_create1(0x80000) r4 = socket$alg(0x26, 0x5, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$TIOCSBRK(r5, 0x5427) bind$alg(r4, 0x0, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2", 0x14) accept4(r4, 0x0, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x3c880, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10) 2.723502108s ago: executing program 4 (id=670): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$USBDEVFS_SETINTERFACE(r0, 0x80045510, 0x0) 2.705883491s ago: executing program 2 (id=671): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200c0ed}, 0x20000004) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r1 = accept(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000011c40)=[{{0x0, 0x0, &(0x7f00000070c0)=[{&(0x7f0000005f40)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) 2.487196902s ago: executing program 1 (id=672): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd70000000007b280000000c0001", @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4044884) 2.429384401s ago: executing program 0 (id=673): pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r4 = epoll_create1(0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x26, 0x0, r4, 0x0, r0}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2.309677138s ago: executing program 3 (id=674): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x13) ptrace(0x10, r0) ptrace$setopts(0x4202, r0, 0xe96, 0x455b843fbdb64c65) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000) syz_emit_vhci(&(0x7f0000000080)=ANY=[], 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) r5 = socket$netlink(0x10, 0x3, 0x15) writev(r5, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) r6 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000130001"], 0xe0}}, 0x0) 2.241284547s ago: executing program 1 (id=675): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x2b, 0x1, 0x0) syz_io_uring_setup(0x110, &(0x7f0000001280)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=0x0, &(0x7f0000000100)) r3 = syz_open_dev$usbfs(&(0x7f0000000180), 0x200, 0x882) ioctl$USBDEVFS_GETDRIVER(r3, 0x41045508, &(0x7f0000000500)={0xfffffff8, "f89516e2cbefa3be82d4bc5db38b16862af7c823f78da082aa88f616dbddb0c928981b16390996abf80f526190266d6a4c27532f8122c6551ba6d82c1329ef6029b48ed93af95eb2a230106e97c0dd5cb24ec85804095139a668f8c3ff935a13b8fa1548d79533402dbf4acf530e848459153bce26aa1867f7b77d8ac4eb4b6118dd970409af22f28a9bbf300008eef73bc3fdbbff51faccce0c6344e3a76373eb88f837a43ee2eb2a5541c2dabab878b5e942b0bf213bcfebfff7c522763837c4c5187b81705db1d9e604ddeec72962bd9610e9f8ced3d704ee77db69fc0bd828419337e385c3ae06ad5d14c1ec9cdfbac0ba291596bb8f3c3a61a880b278a6"}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000140)={0x16f, @tick=0x7}) 1.189625276s ago: executing program 0 (id=676): open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x29c) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) syz_open_procfs(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r3 = dup3(r1, r2, 0x0) ioctl$MON_IOCX_GETX(r3, 0x4018920a, &(0x7f00000001c0)={&(0x7f00000012c0), &(0x7f0000002940)=""/4083, 0xff3}) 1.189251383s ago: executing program 2 (id=677): openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x8) socket$rds(0x15, 0x5, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) faccessat(0xffffffffffffffff, 0x0, 0x0) munlockall() munlockall() madvise(&(0x7f0000211000/0x3000)=nil, 0x3000, 0x15) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x7, &(0x7f0000000040), 0x0, 0x1, 0x0, 0x2, 0x0, 0x2}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) io_uring_setup(0x2e34, &(0x7f0000000180)) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB]) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000ac000000030a010300000000000000000100000014000480080002400000000008000140000000050900030073797a30000000000900010073797a310000000008000b4000000003640008800c00014000000000800000000c00014000000000000000010c00014000"], 0x92fc}}, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) 698.576505ms ago: executing program 1 (id=678): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 613.38442ms ago: executing program 3 (id=679): r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001280)={r0, 0x300, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) 601.96175ms ago: executing program 0 (id=680): ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) ioprio_get$pid(0x2, 0x0) 108.349355ms ago: executing program 3 (id=681): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_tree(0xffffffffffffffff, &(0x7f00000001c0)='\x00', 0x89901) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x20, 0x3, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x8080) 61.467406ms ago: executing program 0 (id=682): r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000c1"]) 0s ago: executing program 1 (id=683): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x10681, 0x20000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x20044002) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000001400b59500000000000000000a400000", @ANYRES32=r7, @ANYBLOB="140002000000000002"], 0x2c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r2, @ANYBLOB="01"], 0x3c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.226' (ED25519) to the list of known hosts. [ 74.270964][ T5820] cgroup: Unknown subsys name 'net' [ 74.464288][ T5820] cgroup: Unknown subsys name 'cpuset' [ 74.474202][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.008936][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.667769][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.677611][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.685707][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.693632][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.701423][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.709364][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.718238][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.726788][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.734678][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.745618][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.753198][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.761648][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.769725][ T5841] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.777364][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.787003][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.820653][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.831748][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.839215][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.848996][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.857539][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.872696][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.880654][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.888252][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.896544][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.904294][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.426748][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 79.538619][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 79.565897][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 79.680438][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 79.734041][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 79.829159][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.836604][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.844993][ T5834] bridge_slave_0: entered allmulticast mode [ 79.852302][ T5834] bridge_slave_0: entered promiscuous mode [ 79.869017][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.876930][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.884233][ T5834] bridge_slave_1: entered allmulticast mode [ 79.891792][ T5834] bridge_slave_1: entered promiscuous mode [ 79.905390][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.912816][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.920139][ T5830] bridge_slave_0: entered allmulticast mode [ 79.927737][ T5830] bridge_slave_0: entered promiscuous mode [ 79.996581][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.004725][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.012753][ T5830] bridge_slave_1: entered allmulticast mode [ 80.019841][ T5830] bridge_slave_1: entered promiscuous mode [ 80.051644][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.058806][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.066907][ T5846] bridge_slave_0: entered allmulticast mode [ 80.074554][ T5846] bridge_slave_0: entered promiscuous mode [ 80.089553][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.096796][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.104197][ T5846] bridge_slave_1: entered allmulticast mode [ 80.111874][ T5846] bridge_slave_1: entered promiscuous mode [ 80.147652][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.154894][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.162535][ T5842] bridge_slave_0: entered allmulticast mode [ 80.169706][ T5842] bridge_slave_0: entered promiscuous mode [ 80.224399][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.233866][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.241101][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.248252][ T5842] bridge_slave_1: entered allmulticast mode [ 80.257373][ T5842] bridge_slave_1: entered promiscuous mode [ 80.266758][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.285190][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.298966][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.322704][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.373474][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.415817][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.438456][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.446029][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.453650][ T5839] bridge_slave_0: entered allmulticast mode [ 80.461556][ T5839] bridge_slave_0: entered promiscuous mode [ 80.497156][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.508058][ T5830] team0: Port device team_slave_0 added [ 80.514218][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.521933][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.529100][ T5839] bridge_slave_1: entered allmulticast mode [ 80.536456][ T5839] bridge_slave_1: entered promiscuous mode [ 80.557755][ T5834] team0: Port device team_slave_0 added [ 80.579982][ T5830] team0: Port device team_slave_1 added [ 80.601767][ T5846] team0: Port device team_slave_0 added [ 80.622294][ T5834] team0: Port device team_slave_1 added [ 80.632383][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.667959][ T5846] team0: Port device team_slave_1 added [ 80.705038][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.729355][ T5842] team0: Port device team_slave_0 added [ 80.759543][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.767077][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.793546][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.821624][ T5842] team0: Port device team_slave_1 added [ 80.828787][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.836099][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.863172][ T5841] Bluetooth: hci2: command tx timeout [ 80.863192][ T5833] Bluetooth: hci0: command tx timeout [ 80.863542][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.874239][ T5841] Bluetooth: hci1: command tx timeout [ 80.906404][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.913882][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.940261][ T5841] Bluetooth: hci4: command tx timeout [ 80.944045][ T5833] Bluetooth: hci3: command tx timeout [ 80.946068][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.963799][ T5839] team0: Port device team_slave_0 added [ 81.003574][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.010598][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.037600][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.049201][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.056683][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.082644][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.096310][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.103305][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.129235][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.142229][ T5839] team0: Port device team_slave_1 added [ 81.155491][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.162638][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.188620][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.206247][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.213307][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.239339][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.320137][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.327736][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.354140][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.399329][ T5830] hsr_slave_0: entered promiscuous mode [ 81.406009][ T5830] hsr_slave_1: entered promiscuous mode [ 81.421340][ T5834] hsr_slave_0: entered promiscuous mode [ 81.427788][ T5834] hsr_slave_1: entered promiscuous mode [ 81.434214][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 81.440016][ T5834] Cannot create hsr debugfs directory [ 81.456209][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.463376][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.489506][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.524692][ T5846] hsr_slave_0: entered promiscuous mode [ 81.531067][ T5846] hsr_slave_1: entered promiscuous mode [ 81.537115][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 81.543136][ T5846] Cannot create hsr debugfs directory [ 81.615249][ T5842] hsr_slave_0: entered promiscuous mode [ 81.622650][ T5842] hsr_slave_1: entered promiscuous mode [ 81.629601][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 81.635568][ T5842] Cannot create hsr debugfs directory [ 81.717545][ T5839] hsr_slave_0: entered promiscuous mode [ 81.724186][ T5839] hsr_slave_1: entered promiscuous mode [ 81.730213][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 81.736391][ T5839] Cannot create hsr debugfs directory [ 82.199550][ T5830] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 82.211378][ T5830] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.239829][ T5830] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.251561][ T5830] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.316014][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.329572][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.340136][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.351342][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.439681][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.451650][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.472474][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.484639][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.576132][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.589391][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.599634][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.611143][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.650051][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.704971][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.716325][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.727072][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.753366][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.782039][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.824932][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.839024][ T3480] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.846246][ T3480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.879212][ T3480] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.886480][ T3480] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.921500][ T5833] Bluetooth: hci1: command tx timeout [ 82.922127][ T5841] Bluetooth: hci2: command tx timeout [ 82.927058][ T51] Bluetooth: hci0: command tx timeout [ 82.943532][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.965606][ T3437] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.972762][ T3437] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.001144][ T5833] Bluetooth: hci3: command tx timeout [ 83.006660][ T51] Bluetooth: hci4: command tx timeout [ 83.029557][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.041630][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.048746][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.106746][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.162464][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.169599][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.179689][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.186808][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.266037][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.336193][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.376370][ T3547] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.383559][ T3547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.431273][ T1106] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.438439][ T1106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.507116][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.594179][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.654562][ T3547] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.661735][ T3547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.677356][ T3547] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.684633][ T3547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.755858][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.809684][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.847805][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.904121][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.018290][ T5834] veth0_vlan: entered promiscuous mode [ 84.070159][ T5842] veth0_vlan: entered promiscuous mode [ 84.079259][ T5834] veth1_vlan: entered promiscuous mode [ 84.110473][ T5842] veth1_vlan: entered promiscuous mode [ 84.226150][ T5842] veth0_macvtap: entered promiscuous mode [ 84.253158][ T5834] veth0_macvtap: entered promiscuous mode [ 84.288619][ T5842] veth1_macvtap: entered promiscuous mode [ 84.305075][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.319602][ T5834] veth1_macvtap: entered promiscuous mode [ 84.396335][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.411422][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.433016][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.444962][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.477835][ T3437] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.489799][ T3437] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.514142][ T3437] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.523955][ T3547] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.534689][ T3547] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.571095][ T3547] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.591297][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.608955][ T3547] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.618032][ T3547] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.658104][ T5846] veth0_vlan: entered promiscuous mode [ 84.685302][ T5846] veth1_vlan: entered promiscuous mode [ 84.725666][ T5830] veth0_vlan: entered promiscuous mode [ 84.779074][ T3547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.782395][ T5830] veth1_vlan: entered promiscuous mode [ 84.798031][ T3547] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.868956][ T5846] veth0_macvtap: entered promiscuous mode [ 84.918156][ T5839] veth0_vlan: entered promiscuous mode [ 84.921652][ T1106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.943341][ T1106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.949609][ T5846] veth1_macvtap: entered promiscuous mode [ 84.961809][ T3547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.972915][ T3547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.987857][ T5830] veth0_macvtap: entered promiscuous mode [ 84.999920][ T5839] veth1_vlan: entered promiscuous mode [ 85.005736][ T51] Bluetooth: hci0: command tx timeout [ 85.006084][ T5833] Bluetooth: hci1: command tx timeout [ 85.012906][ T5841] Bluetooth: hci2: command tx timeout [ 85.057702][ T5830] veth1_macvtap: entered promiscuous mode [ 85.081105][ T5841] Bluetooth: hci4: command tx timeout [ 85.086595][ T51] Bluetooth: hci3: command tx timeout [ 85.089479][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 85.104278][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.123428][ T3547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.152928][ T3547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.177200][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.195579][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.224863][ T30] audit: type=1804 audit(1751584836.153:2): pid=5946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1" name="/newroot/0/file0" dev="tmpfs" ino=18 res=1 errno=0 [ 85.237266][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.300749][ T3521] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.339294][ T5839] veth0_macvtap: entered promiscuous mode [ 85.371933][ T5839] veth1_macvtap: entered promiscuous mode [ 85.407634][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.438237][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.554755][ T3521] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.564480][ T3521] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.147533][ T3521] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.274211][ T3521] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.289502][ T3521] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.356345][ T3521] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.374645][ T3521] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.520238][ T3547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.534443][ T3547] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.686920][ T3521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.769077][ T3521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.792205][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.792536][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 86.930195][ T3547] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.997502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 87.090147][ T51] Bluetooth: hci1: command tx timeout [ 87.096886][ T51] Bluetooth: hci0: command tx timeout [ 87.102525][ T5841] Bluetooth: hci2: command tx timeout [ 87.117623][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.126735][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.139803][ T3547] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.171078][ T51] Bluetooth: hci3: command tx timeout [ 87.171088][ T5833] Bluetooth: hci4: command tx timeout [ 87.249532][ T3547] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.291916][ T3547] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.324850][ T3547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.340358][ T3547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.631379][ T3547] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.678006][ T3547] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.766415][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.781588][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.021985][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 88.031822][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.041218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 88.049939][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.200941][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 88.414464][ T43] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 88.791018][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.544930][ T5983] netlink: 64 bytes leftover after parsing attributes in process `syz.3.11'. [ 89.630981][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 89.664038][ T43] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30 [ 89.700585][ T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 89.738282][ T43] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 89.739213][ T30] audit: type=1804 audit(1751584840.663:3): pid=5985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.12" name="/newroot/1/file0" dev="tmpfs" ino=23 res=1 errno=0 [ 89.771785][ T43] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 89.811557][ T43] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127 [ 89.840833][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 90.332645][ T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 90.332720][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 90.332776][ T43] usb 1-1: SerialNumber: syz [ 93.187574][ T5835] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 93.390056][ T24] cfg80211: failed to load regulatory.db [ 93.714340][ T5835] usb 3-1: Using ep0 maxpacket: 8 [ 93.924952][ T5835] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 94.163019][ T5835] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 94.376966][ T5835] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 94.394624][ T43] usb 1-1: can't set config #1, error -71 [ 94.455206][ T5835] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 94.475119][ T43] usb 1-1: USB disconnect, device number 2 [ 94.565487][ T6006] tipc: Started in network mode [ 94.573945][ T6006] tipc: Node identity ac141425, cluster identity 4711 [ 94.598286][ T6006] tipc: New replicast peer: 0.0.0.0 [ 94.612000][ T6006] tipc: Enabled bearer , priority 10 [ 94.763535][ T5835] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 94.900771][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.019938][ T6005] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.093322][ T5835] usb 3-1: can't set config #16, error -71 [ 95.132223][ T5835] usb 3-1: USB disconnect, device number 2 [ 96.093425][ T5928] tipc: Node number set to 2886997029 [ 98.778301][ T30] audit: type=1804 audit(1751584849.693:4): pid=6040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.26" name="/newroot/4/file0" dev="tmpfs" ino=38 res=1 errno=0 [ 101.011355][ T6061] syz.4.31: attempt to access beyond end of device [ 101.011355][ T6061] loop4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 101.024616][ T6061] gfs2: error -5 reading superblock [ 102.698206][ T6075] capability: warning: `syz.0.35' uses deprecated v2 capabilities in a way that may be insecure [ 102.712764][ T6075] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.618908][ T6084] mkiss: ax0: crc mode is auto. [ 106.845165][ T6085] mmap: syz.3.38 (6085) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 107.502218][ T6091] Bluetooth: MGMT ver 1.23 [ 108.859671][ T6103] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1 [ 108.870565][ T6103] ref_ctr increment failed for inode: 0x4a offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888071b2c600 [ 108.892610][ T30] audit: type=1804 audit(1751584859.783:5): pid=6103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.43" name="/newroot/11/file0" dev="tmpfs" ino=74 res=1 errno=0 [ 111.462719][ T6131] syz.3.49 uses obsolete (PF_INET,SOCK_PACKET) [ 116.158750][ T30] audit: type=1804 audit(1751584866.933:6): pid=6155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.58" name="/newroot/12/file0" dev="tmpfs" ino=83 res=1 errno=0 [ 117.446106][ T6171] fuse: Bad value for 'group_id' [ 117.451229][ T6171] fuse: Bad value for 'group_id' [ 117.951234][ T6169] syz.2.60: attempt to access beyond end of device [ 117.951234][ T6169] loop2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 117.969739][ T6169] gfs2: error -5 reading superblock [ 121.673069][ T30] audit: type=1804 audit(1751584872.593:7): pid=6195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.70" name="/newroot/15/file0" dev="tmpfs" ino=98 res=1 errno=0 [ 122.706122][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.72'. [ 123.774873][ T6216] ptrace attach of "./syz-executor exec"[5842] was attempted by " [ 127.688315][ T6237] tipc: Started in network mode [ 127.792220][ T6237] tipc: Node identity ac141425, cluster identity 4711 [ 127.809654][ T6237] tipc: New replicast peer: 0.0.0.0 [ 127.819922][ T6237] tipc: Enabled bearer , priority 10 [ 128.193376][ T30] audit: type=1804 audit(1751584879.123:8): pid=6242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.83" name="/newroot/13/file0" dev="tmpfs" ino=86 res=1 errno=0 [ 129.431126][ T10] tipc: Node number set to 2886997029 [ 132.735984][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.742549][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.767232][ T6276] could not allocate digest TFM handle sha256-neon [ 133.284435][ T6299] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 135.725069][ T6321] capability: warning: `syz.4.106' uses 32-bit capabilities (legacy support in use) [ 135.836038][ T6322] ptrace attach of "./syz-executor exec"[5846] was attempted by " [ 139.300375][ T5928] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 139.902828][ T5928] usb 2-1: unable to get BOS descriptor or descriptor too short [ 139.911508][ T5928] usb 2-1: not running at top speed; connect to a high speed hub [ 139.921566][ T5928] usb 2-1: config 253 has an invalid interface number: 140 but max is 0 [ 139.930046][ T5928] usb 2-1: config 253 has an invalid descriptor of length 204, skipping remainder of the config [ 139.946262][ T5928] usb 2-1: config 253 has no interface number 0 [ 139.959715][ T5928] usb 2-1: config 253 interface 140 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 140.047070][ T5928] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=3e.5b [ 140.057630][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.090336][ T5928] usb 2-1: Product: syz [ 140.094556][ T5928] usb 2-1: Manufacturer: syz [ 140.128318][ T5928] usb 2-1: SerialNumber: syz [ 141.095647][ T30] audit: type=1804 audit(1751584891.283:9): pid=6358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.117" name="/newroot/24/file0" dev="tmpfs" ino=143 res=1 errno=0 [ 141.123952][ T6338] delete_channel: no stack [ 141.133174][ T5928] usbtest 2-1:253.140: couldn't get endpoints, -22 [ 141.140602][ T5928] usbtest 2-1:253.140: probe with driver usbtest failed with error -22 [ 141.177815][ T5928] usb 2-1: USB disconnect, device number 2 [ 143.727858][ T6387] netlink: 12 bytes leftover after parsing attributes in process `syz.4.123'. [ 146.490559][ T6400] delete_channel: no stack [ 148.099707][ T6423] netlink: 'syz.4.136': attribute type 6 has an invalid length. [ 148.332233][ T6429] netlink: 20 bytes leftover after parsing attributes in process `syz.0.139'. [ 149.064481][ T6429] workqueue: Failed to create a rescuer kthread for wq "nbd63-recv": -EINTR [ 149.210981][ T6429] block (null): Could not allocate knbd recv work queue. [ 149.309963][ T6429] nbd: failed to add new device [ 157.250120][ T6466] netlink: 20 bytes leftover after parsing attributes in process `syz.4.151'. [ 161.295119][ T24] libceph: connect (1)[c::]:6789 error -101 [ 161.765940][ T6506] ceph: No mds server is up or the cluster is laggy [ 161.989949][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 162.577780][ T6521] netlink: 20 bytes leftover after parsing attributes in process `syz.0.167'. [ 162.836424][ T30] audit: type=1804 audit(1751584913.693:10): pid=6522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.166" name="/newroot/38/file0" dev="tmpfs" ino=218 res=1 errno=0 [ 164.826364][ T6544] nbd4: detected capacity change from 0 to 63 [ 164.880596][ T6547] block nbd4: NBD_DISCONNECT [ 164.896012][ T6550] mkiss: ax0: crc mode is auto. [ 164.922295][ T6547] block nbd4: Disconnected due to user request. [ 164.955557][ T6547] block nbd4: shutting down sockets [ 164.985521][ C0] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 164.994743][ C0] Buffer I/O error on dev nbd4, logical block 0, async page read [ 165.002534][ C0] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.011585][ C0] Buffer I/O error on dev nbd4, logical block 1, async page read [ 165.019325][ C0] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.028360][ C0] Buffer I/O error on dev nbd4, logical block 2, async page read [ 165.036167][ C0] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.045240][ C0] Buffer I/O error on dev nbd4, logical block 3, async page read [ 165.080629][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.098736][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 165.264874][ T5848] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.548377][ T5848] Buffer I/O error on dev nbd4, logical block 1, async page read [ 165.627808][ T5848] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.671309][ T5848] Buffer I/O error on dev nbd4, logical block 2, async page read [ 165.692928][ T5848] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.732869][ T5848] Buffer I/O error on dev nbd4, logical block 3, async page read [ 165.753473][ T5848] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.800398][ T5848] Buffer I/O error on dev nbd4, logical block 0, async page read [ 165.825874][ T5848] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 165.860050][ T5848] Buffer I/O error on dev nbd4, logical block 1, async page read [ 165.883753][ T5848] ldm_validate_partition_table(): Disk read failed. [ 165.919768][ T5848] Dev nbd4: unable to read RDB block 0 [ 165.958608][ T5848] nbd4: unable to read partition table [ 166.023002][ T5848] ldm_validate_partition_table(): Disk read failed. [ 166.061584][ T5848] Dev nbd4: unable to read RDB block 0 [ 166.081123][ T5848] nbd4: unable to read partition table [ 166.373542][ T6567] netlink: 'syz.2.182': attribute type 1 has an invalid length. [ 166.382000][ T6567] netlink: 228 bytes leftover after parsing attributes in process `syz.2.182'. [ 166.391011][ T6567] NCSI netlink: No device for ifindex 0 [ 166.498832][ T6568] NILFS (nullb0): couldn't find nilfs on the device [ 170.675418][ T6594] mkiss: ax0: crc mode is auto. [ 179.478699][ T6667] batman_adv: batadv0: Adding interface: dummy0 [ 179.485014][ T6667] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.510312][ T6667] batman_adv: batadv0: Interface activated: dummy0 [ 179.524785][ T6667] batadv0: mtu less than device minimum [ 179.531330][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.542755][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.553991][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.565194][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.576605][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.587837][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.599030][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.610522][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.621800][ T6667] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 182.717985][ T6697] 9pnet_fd: Insufficient options for proto=fd [ 184.883351][ T5928] IPVS: starting estimator thread 0... [ 185.000470][ T6714] IPVS: using max 27 ests per chain, 64800 per kthread [ 185.896780][ T6728] mkiss: ax0: crc mode is auto. [ 185.933063][ T30] audit: type=1804 audit(1751584936.833:11): pid=6732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.228" name="/newroot/44/file0" dev="tmpfs" ino=259 res=1 errno=0 [ 189.317482][ T6792] net_ratelimit: 10 callbacks suppressed [ 189.317514][ T6792] sctp: failed to load transform for md5: -2 [ 189.649476][ T6810] batman_adv: batadv0: Adding interface: dummy0 [ 189.655841][ T6810] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.681907][ T6810] batman_adv: batadv0: Interface activated: dummy0 [ 189.725154][ T6810] batadv0: mtu less than device minimum [ 189.732251][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 189.744112][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 189.755893][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 189.767755][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 189.779554][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 189.791292][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 189.803078][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 189.814789][ T6810] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 192.257583][ T5928] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 192.323276][ T6821] netlink: 52 bytes leftover after parsing attributes in process `syz.4.240'. [ 192.359846][ T6821] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 192.439700][ T5928] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 192.467848][ T5928] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 192.596070][ T5928] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 192.611272][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.791576][ T43] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 192.842995][ T5928] usb 4-1: usb_control_msg returned -32 [ 192.848959][ T5928] usbtmc 4-1:16.0: can't read capabilities [ 193.384504][ T43] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 193.488458][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 193.524738][ T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 193.995234][ T43] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 194.048167][ T43] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 194.087861][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.124317][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.130867][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.173209][ T43] usb 3-1: config 0 descriptor?? [ 194.484084][ T6839] 9pnet_fd: Insufficient options for proto=fd [ 194.642755][ T43] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 194.723863][ T43] plantronics 0003:047F:FFFF.0001: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 194.743628][ T30] audit: type=1804 audit(1751584945.673:12): pid=6845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.249" name="/newroot/55/file0" dev="tmpfs" ino=318 res=1 errno=0 [ 194.835302][ T5835] usb 4-1: USB disconnect, device number 2 [ 194.936057][ T43] usb 3-1: USB disconnect, device number 3 [ 197.203292][ T6861] tipc: Started in network mode [ 197.208172][ T6861] tipc: Node identity ac141425, cluster identity 4711 [ 197.215187][ T6861] tipc: New replicast peer: 0.0.0.0 [ 197.221413][ T6861] tipc: Enabled bearer , priority 10 [ 198.418937][ T5928] tipc: Node number set to 2886997029 [ 199.390768][ T30] audit: type=1804 audit(1751584950.303:13): pid=6919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.261" name="/newroot/51/file0" dev="tmpfs" ino=286 res=1 errno=0 [ 201.683269][ T6918] Bluetooth: hci3: command 0x0406 tx timeout [ 201.690972][ T6918] Bluetooth: hci4: command 0x0406 tx timeout [ 201.718375][ T6918] Bluetooth: hci2: command 0x0406 tx timeout [ 201.724487][ T6918] Bluetooth: hci1: command 0x0406 tx timeout [ 201.730599][ T6918] Bluetooth: hci0: command 0x0406 tx timeout [ 202.439605][ T6977] netlink: 'syz.3.269': attribute type 5 has an invalid length. [ 202.448831][ T6977] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.269'. [ 204.501400][ T6992] syz.2.272: attempt to access beyond end of device [ 204.501400][ T6992] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0 [ 204.694264][ T6992] syz.2.272: attempt to access beyond end of device [ 204.694264][ T6992] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0 [ 204.729687][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 204.792641][ T6992] syz.2.272: attempt to access beyond end of device [ 204.792641][ T6992] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0 [ 204.875891][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 204.890167][ T6992] syz.2.272: attempt to access beyond end of device [ 204.890167][ T6992] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 204.923716][ T6992] syz.2.272: attempt to access beyond end of device [ 204.923716][ T6992] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 204.955164][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 204.984801][ T5892] IPVS: starting estimator thread 0... [ 205.023262][ T6992] syz.2.272: attempt to access beyond end of device [ 205.023262][ T6992] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 205.088349][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 205.100349][ T7004] IPVS: using max 31 ests per chain, 74400 per kthread [ 205.184136][ T30] audit: type=1804 audit(1751584956.113:14): pid=7007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.276" name="/newroot/50/file0" dev="tmpfs" ino=282 res=1 errno=0 [ 205.205718][ T6992] syz.2.272: attempt to access beyond end of device [ 205.205718][ T6992] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 205.296941][ T6992] syz.2.272: attempt to access beyond end of device [ 205.296941][ T6992] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 205.312462][ T7008] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 205.468680][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 205.523632][ T6992] syz.2.272: attempt to access beyond end of device [ 205.523632][ T6992] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 205.582791][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 205.629279][ T6992] syz.2.272: attempt to access beyond end of device [ 205.629279][ T6992] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 205.667131][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 205.677386][ T6992] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 205.692382][ T6992] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 208.657479][ T7048] 9pnet_fd: Insufficient options for proto=fd [ 210.938328][ T7070] netlink: 16 bytes leftover after parsing attributes in process `syz.4.299'. [ 211.088426][ T7073] random: crng reseeded on system resumption [ 211.259356][ T7073] Restarting kernel threads ... [ 211.267984][ T7073] Done restarting kernel threads. [ 211.514932][ T7075] tipc: Enabling of bearer rejected, already enabled [ 211.878840][ T7085] netlink: 12 bytes leftover after parsing attributes in process `syz.4.304'. [ 212.303041][ T7087] netlink: 'syz.0.303': attribute type 10 has an invalid length. [ 213.033466][ T7087] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 214.044344][ T7087] syz.0.303 (7087) used greatest stack depth: 19896 bytes left [ 214.986502][ T7109] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 216.061028][ T30] audit: type=1804 audit(1751584966.993:15): pid=7126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.315" name="/newroot/60/file0" dev="tmpfs" ino=337 res=1 errno=0 [ 217.283852][ T7140] net_ratelimit: 11 callbacks suppressed [ 217.283870][ T7140] netlink: zone id is out of range [ 217.391140][ T7140] netlink: zone id is out of range [ 217.737724][ T7140] netlink: set zone limit has 4 unknown bytes [ 220.745345][ T7177] random: crng reseeded on system resumption [ 220.890530][ T7177] Restarting kernel threads ... [ 220.897868][ T7177] Done restarting kernel threads. [ 222.334228][ T7185] rtc_cmos 00:00: Alarms can be up to one day in the future [ 227.841638][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 227.853706][ T30] audit: type=1804 audit(1751584978.783:16): pid=7225 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.344" name="/newroot/66/file0" dev="tmpfs" ino=367 res=1 errno=0 [ 227.976196][ T7227] Zero length message leads to an empty skb [ 228.035688][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 228.074613][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 228.089939][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 228.245461][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 228.255994][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 228.269111][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 228.286796][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.156610][ T24] usb 2-1: usb_control_msg returned -71 [ 229.170459][ T24] usbtmc 2-1:16.0: can't read capabilities [ 229.183946][ T24] usb 2-1: USB disconnect, device number 3 [ 230.083802][ T78] Bluetooth: hci5: Frame reassembly failed (-84) [ 231.571774][ T7261] tipc: Enabling of bearer rejected, already enabled [ 232.121859][ T5836] Bluetooth: hci5: command 0x1003 tx timeout [ 232.129118][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 232.684622][ T30] audit: type=1804 audit(1751584983.613:17): pid=7270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.358" name="/newroot/69/file0" dev="tmpfs" ino=383 res=1 errno=0 [ 234.247812][ T7287] random: crng reseeded on system resumption [ 236.645003][ T7314] tipc: Enabling of bearer rejected, already enabled [ 236.730623][ T30] audit: type=1804 audit(1751584987.643:18): pid=7317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.371" name="/newroot/73/file0" dev="tmpfs" ino=412 res=1 errno=0 [ 238.235085][ T6780] Bluetooth: hci5: Frame reassembly failed (-84) [ 240.201439][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 240.462010][ T7356] tipc: Started in network mode [ 240.466908][ T7356] tipc: Node identity ac141425, cluster identity 4711 [ 240.473887][ T7356] tipc: New replicast peer: 0.0.0.0 [ 240.479655][ T7356] tipc: Enabled bearer , priority 10 [ 241.473131][ T5892] tipc: Node number set to 2886997029 [ 242.710324][ T5892] IPVS: starting estimator thread 0... [ 243.050579][ T7384] IPVS: using max 24 ests per chain, 57600 per kthread [ 243.446032][ T7393] bio_check_eod: 2 callbacks suppressed [ 243.446073][ T7393] syz.2.393: attempt to access beyond end of device [ 243.446073][ T7393] loop2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 243.465568][ T7393] gfs2: error -5 reading superblock [ 244.614372][ T7405] mkiss: ax0: crc mode is auto. [ 249.446878][ T7448] syz.0.406: attempt to access beyond end of device [ 249.446878][ T7448] loop0: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 249.460166][ T7448] gfs2: error -5 reading superblock [ 250.211461][ T7452] netem: incorrect ge model size [ 250.216811][ T7452] netem: change failed [ 253.611755][ T7477] netlink: 128 bytes leftover after parsing attributes in process `syz.0.417'. [ 255.431298][ T7494] syz.2.421: attempt to access beyond end of device [ 255.431298][ T7494] loop2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 255.444590][ T7494] gfs2: error -5 reading superblock [ 255.578022][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.586614][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.102615][ T7497] ceph: No mds server is up or the cluster is laggy [ 256.110443][ T5900] libceph: connect (1)[c::]:6789 error -101 [ 256.116530][ T5900] libceph: mon0 (1)[c::]:6789 connect error [ 258.189736][ T7526] netlink: 128 bytes leftover after parsing attributes in process `syz.1.430'. [ 260.635243][ T7545] syz.3.435: attempt to access beyond end of device [ 260.635243][ T7545] loop3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 260.648550][ T7545] gfs2: error -5 reading superblock [ 261.898328][ T7554] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 262.629593][ T30] audit: type=1804 audit(1751585013.543:19): pid=7560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.439" name="/newroot/94/file0" dev="tmpfs" ino=523 res=1 errno=0 [ 263.035411][ T7566] program syz.0.442 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.057521][ T7569] netlink: 128 bytes leftover after parsing attributes in process `syz.1.443'. [ 266.796945][ T5928] libceph: connect (1)[c::]:6789 error -101 [ 266.821853][ T7593] netlink: 'syz.2.450': attribute type 1 has an invalid length. [ 266.829545][ T7593] netlink: 228 bytes leftover after parsing attributes in process `syz.2.450'. [ 266.838565][ T7596] ceph: No mds server is up or the cluster is laggy [ 266.846099][ T7593] NCSI netlink: No device for ifindex 0 [ 267.075650][ T7602] NILFS (nullb0): couldn't find nilfs on the device [ 267.271875][ T5928] libceph: mon0 (1)[c::]:6789 connect error [ 268.067663][ T7612] netlink: 128 bytes leftover after parsing attributes in process `syz.1.454'. [ 268.342930][ T7617] netlink: 16 bytes leftover after parsing attributes in process `syz.1.457'. [ 272.233820][ T7649] netlink: 'syz.4.463': attribute type 1 has an invalid length. [ 272.242789][ T7649] netlink: 228 bytes leftover after parsing attributes in process `syz.4.463'. [ 272.251851][ T7649] NCSI netlink: No device for ifindex 0 [ 272.338785][ T7652] NILFS (nullb0): couldn't find nilfs on the device [ 273.947781][ T7665] netlink: 128 bytes leftover after parsing attributes in process `syz.0.467'. [ 284.915065][ T7728] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 285.768029][ T7744] random: crng reseeded on system resumption [ 287.027136][ T7742] Restarting kernel threads ... [ 287.032397][ T7742] Done restarting kernel threads. [ 288.894169][ T7770] syz.4.496: attempt to access beyond end of device [ 288.894169][ T7770] loop4: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 288.987557][ T7770] gfs2: error -5 reading superblock [ 292.820418][ T5892] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 293.277484][ T5892] usb 3-1: Using ep0 maxpacket: 8 [ 293.290893][ T5892] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 293.290930][ T5892] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 293.290981][ T5892] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 293.291022][ T5892] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 293.291108][ T5892] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 293.291157][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.850963][ T5892] usb 3-1: can't set config #16, error -71 [ 294.858256][ T5892] usb 3-1: USB disconnect, device number 4 [ 305.570321][ T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 305.742081][ T24] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 305.751313][ T24] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 305.765743][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 305.829076][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 305.881259][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 305.919052][ T24] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 305.940023][ T24] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 305.957084][ T24] usb 3-1: Product: syz [ 305.975006][ T24] usb 3-1: Manufacturer: syz [ 306.015238][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 306.020638][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 306.053384][ T24] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 306.064460][ T24] cdc_wdm 3-1:1.0: Unknown control protocol [ 306.360633][ T7920] tipc: Enabling of bearer rejected, already enabled [ 307.063692][ T5913] usb 3-1: USB disconnect, device number 5 [ 307.179845][ T7932] trusted_key: syz.1.552 sent an empty control message without MSG_MORE. [ 307.739683][ T7938] netlink: 'syz.3.553': attribute type 12 has an invalid length. [ 310.924754][ T7971] vivid-000: disconnect [ 311.163675][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 311.372388][ T7953] vivid-000: reconnect [ 311.400389][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 311.410099][ T24] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30 [ 311.430347][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 311.430372][ T24] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 311.430396][ T24] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 311.430417][ T24] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127 [ 311.494789][ T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 311.506919][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 311.519943][ T24] usb 3-1: SerialNumber: syz [ 311.535808][ T7969] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 311.549146][ T24] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 311.569560][ T24] cdc_acm 3-1:1.0: This needs exactly 3 endpoints [ 311.579276][ T24] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22 [ 313.137467][ T7990] netlink: 'syz.1.565': attribute type 12 has an invalid length. [ 313.643975][ T5913] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 313.822064][ T24] usb 3-1: USB disconnect, device number 6 [ 313.854834][ T5913] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 313.893281][ T5913] usb 1-1: config 0 has no interfaces? [ 313.953925][ T5913] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 313.985448][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.022902][ T5913] usb 1-1: Product: syz [ 314.072227][ T5913] usb 1-1: Manufacturer: syz [ 314.097158][ T5913] usb 1-1: SerialNumber: syz [ 314.174760][ T5913] usb 1-1: config 0 descriptor?? [ 315.593084][ T5892] usb 1-1: USB disconnect, device number 3 [ 315.897219][ T8009] tipc: Enabling of bearer rejected, already enabled [ 316.540839][ T30] audit: type=1804 audit(1751585067.473:20): pid=8015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.573" name="/newroot/126/file0" dev="tmpfs" ino=684 res=1 errno=0 [ 317.052796][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.052872][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.573637][ T5892] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 319.209525][ T5892] usb 3-1: Using ep0 maxpacket: 8 [ 319.584545][ T8033] netlink: 'syz.4.578': attribute type 12 has an invalid length. [ 320.106435][ T5892] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 320.117094][ T5892] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 320.127048][ T5892] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 320.137029][ T5892] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 320.150188][ T5892] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 320.159311][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.400528][ T5913] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 320.660563][ T5913] usb 4-1: Using ep0 maxpacket: 32 [ 320.749344][ T5913] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30 [ 320.961075][ T5913] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 321.097224][ T5892] usb 3-1: usb_control_msg returned -71 [ 321.113263][ T5913] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 321.280386][ T5892] usbtmc 3-1:16.0: can't read capabilities [ 321.306413][ T5913] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 322.041373][ T5892] usb 3-1: USB disconnect, device number 7 [ 322.140329][ T5913] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127 [ 322.250281][ T5913] usb 4-1: string descriptor 0 read error: -71 [ 322.256531][ T5913] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 322.323637][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 322.398573][ T5913] usb 4-1: can't set config #1, error -71 [ 322.429475][ T5913] usb 4-1: USB disconnect, device number 3 [ 325.646997][ T8077] netlink: 'syz.4.591': attribute type 12 has an invalid length. [ 327.626916][ T6000] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 327.836264][ T3572] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 328.668957][ T6000] usb 4-1: Using ep0 maxpacket: 8 [ 328.980342][ T6000] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 329.058059][ T6000] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 329.068094][ T3572] usb 5-1: Using ep0 maxpacket: 32 [ 329.096455][ T3572] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30 [ 329.130792][ T6000] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 329.152351][ T3572] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 329.180419][ T6000] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 329.203831][ T3572] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 329.228482][ T6000] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 329.258963][ T3572] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 329.271233][ T6000] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.300074][ T3572] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127 [ 329.358191][ T3572] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 329.378691][ T3572] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 329.398942][ T3572] usb 5-1: SerialNumber: syz [ 329.454531][ T8085] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 329.561545][ T6000] usb 4-1: GET_CAPABILITIES returned 0 [ 329.575340][ T6000] usbtmc 4-1:16.0: can't read capabilities [ 329.643537][ T3572] usb 5-1: can't set config #1, error -71 [ 329.721032][ T3572] usb 5-1: USB disconnect, device number 2 [ 329.771993][ T43] usb 4-1: USB disconnect, device number 4 [ 332.543554][ T8126] netlink: 'syz.4.606': attribute type 12 has an invalid length. [ 333.980330][ T43] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 334.385505][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 334.401284][ T43] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 127, using maximum allowed: 30 [ 334.420259][ T43] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 334.430012][ T43] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 334.440334][ T43] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64 [ 334.457801][ T43] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 127 [ 334.481433][ T43] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 334.492609][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 334.510826][ T43] usb 4-1: SerialNumber: syz [ 334.546678][ T8132] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 334.570075][ T43] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 334.610523][ T43] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 334.616991][ T43] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22 [ 334.688035][ T8136] syz.2.610 (8136) used greatest stack depth: 19728 bytes left [ 336.458388][ T8161] netlink: 'syz.2.618': attribute type 12 has an invalid length. [ 337.080474][ T43] usb 4-1: USB disconnect, device number 5 [ 339.180463][ T8195] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 339.884576][ T8202] block device autoloading is deprecated and will be removed. [ 339.887398][ T8202] syz.1.630: attempt to access beyond end of device [ 339.887398][ T8202] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 340.094793][ T8207] syz_tun: entered allmulticast mode [ 340.097336][ T8206] syz_tun: left allmulticast mode [ 343.368558][ T8246] netlink: 'syz.2.644': attribute type 1 has an invalid length. [ 343.378679][ T8246] netlink: 228 bytes leftover after parsing attributes in process `syz.2.644'. [ 343.387746][ T8246] NCSI netlink: No device for ifindex 0 [ 343.467443][ T8247] NILFS (nullb0): couldn't find nilfs on the device [ 346.319193][ T8274] netlink: 'syz.1.655': attribute type 1 has an invalid length. [ 346.326944][ T8274] netlink: 228 bytes leftover after parsing attributes in process `syz.1.655'. [ 346.336111][ T8274] NCSI netlink: No device for ifindex 0 [ 346.420954][ T8277] NILFS (nullb0): couldn't find nilfs on the device [ 347.204204][ T8278] tipc: Enabling of bearer rejected, already enabled [ 347.680359][ T5892] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 347.892486][ T5892] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 347.930587][ T5892] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 347.990294][ T5892] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 348.019956][ T5892] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 348.061654][ T5892] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 348.157554][ T5892] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 348.195520][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 348.803694][ T5892] usb 4-1: Product: syz [ 348.807924][ T5892] usb 4-1: Manufacturer: syz [ 348.891322][ T5892] cdc_wdm 4-1:1.0: skipping garbage [ 348.896665][ T5892] cdc_wdm 4-1:1.0: skipping garbage [ 349.020444][ T5892] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 349.026400][ T5892] cdc_wdm 4-1:1.0: Unknown control protocol [ 350.562507][ T5892] usb 4-1: USB disconnect, device number 6 [ 351.666589][ T8313] netlink: 20 bytes leftover after parsing attributes in process `syz.0.663'. [ 352.605611][ T8317] netlink: 'syz.4.666': attribute type 1 has an invalid length. [ 352.616450][ T8317] netlink: 228 bytes leftover after parsing attributes in process `syz.4.666'. [ 352.629278][ T8317] NCSI netlink: No device for ifindex 0 [ 352.693466][ T8320] NILFS (nullb0): couldn't find nilfs on the device [ 353.602477][ T8326] usb usb8: usbfs: process 8326 (syz.0.668) did not claim interface 0 before use [ 355.790033][ T8358] Invalid logical block size (768) [ 356.177231][ T8362] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 356.187469][ T8362] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 8362, name: syz.2.677 [ 356.209093][ T8362] preempt_count: 0, expected: 0 [ 356.222785][ T8362] RCU nest depth: 1, expected: 0 [ 356.227940][ T8362] 2 locks held by syz.2.677/8362: [ 356.233096][ T8362] #0: ffffffff8e13bf60 (rcu_read_lock){....}-{1:3}, at: query_vma_setup+0x18/0x110 [ 356.242796][ T8362] #1: ffff888032558a88 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0 [ 356.275008][ T8362] CPU: 0 UID: 0 PID: 8362 Comm: syz.2.677 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) [ 356.275038][ T8362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 356.275059][ T8362] Call Trace: [ 356.275069][ T8362] [ 356.275079][ T8362] dump_stack_lvl+0x189/0x250 [ 356.275121][ T8362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 356.275162][ T8362] ? print_lock_name+0xde/0x100 [ 356.275192][ T8362] __might_resched+0x495/0x610 [ 356.275229][ T8362] ? __pfx___might_resched+0x10/0x10 [ 356.275271][ T8362] ? __kmalloc_noprof+0xa3/0x4f0 [ 356.275307][ T8362] __kmalloc_noprof+0xbc/0x4f0 [ 356.275337][ T8362] ? procfs_procmap_ioctl+0x877/0xd10 [ 356.275377][ T8362] procfs_procmap_ioctl+0x877/0xd10 [ 356.275417][ T8362] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 356.275465][ T8362] ? __fget_files+0x2a/0x420 [ 356.275488][ T8362] ? __fget_files+0x2a/0x420 [ 356.275507][ T8362] ? __fget_files+0x3a0/0x420 [ 356.275525][ T8362] ? __fget_files+0x2a/0x420 [ 356.275549][ T8362] ? bpf_lsm_file_ioctl+0x9/0x20 [ 356.275577][ T8362] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 356.275610][ T8362] __se_sys_ioctl+0xfc/0x170 [ 356.275641][ T8362] do_syscall_64+0xfa/0x3b0 [ 356.275662][ T8362] ? lockdep_hardirqs_on+0x9c/0x150 [ 356.275694][ T8362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.275715][ T8362] ? clear_bhb_loop+0x60/0xb0 [ 356.275742][ T8362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.275762][ T8362] RIP: 0033:0x7f6ffd98e929 [ 356.275787][ T8362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.275805][ T8362] RSP: 002b:00007f6ffaf6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 356.275836][ T8362] RAX: ffffffffffffffda RBX: 00007f6ffdbb6320 RCX: 00007f6ffd98e929 [ 356.275852][ T8362] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 000000000000000a [ 356.275867][ T8362] RBP: 00007f6ffda10b39 R08: 0000000000000000 R09: 0000000000000000 [ 356.275882][ T8362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.275895][ T8362] R13: 0000000000000000 R14: 00007f6ffdbb6320 R15: 00007fffae736ae8 [ 356.275930][ T8362] [ 356.569050][ T8368] netlink: 28 bytes leftover after parsing attributes in process `syz.1.683'. [ 357.218978][ T8361] netlink: 60 bytes leftover after parsing attributes in process `syz.2.677'.