last executing test programs: 10.358125379s ago: executing program 4 (id=449): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00) syz_usb_disconnect(r0) 9.911395656s ago: executing program 3 (id=453): socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000300)) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/75, 0x0}) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, './file0\x00'}}) socket$nl_generic(0x10, 0x3, 0x10) 8.755038167s ago: executing program 4 (id=463): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000080)={0x18, r1}) 8.604746343s ago: executing program 3 (id=464): r0 = syz_open_dev$vbi(&(0x7f0000000140), 0x1, 0x2) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) timer_create(0x0, 0x0, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 8.454744573s ago: executing program 4 (id=467): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x4e21, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xaed}, 0x1c) 8.348215463s ago: executing program 4 (id=468): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mknod$loop(&(0x7f0000000080)='./bus\x00', 0x1, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) dup2(r2, r0) 8.060467646s ago: executing program 4 (id=472): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newqdisc={0x5c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_BACKLOG_LIMIT={0x8}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xe, 0x1, 0x2, 0xffffff81, 0x1, 0x3, 0xffffffe2}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 7.667084276s ago: executing program 3 (id=477): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)="89e4192d92359cb3ee294530ae76ad6dc4ff20cc3ccc9d41018dd482ad1f395d4e38bd22b6fcae05c49fbdfdf66ae2994f191e9222effcb97205d0aaed4b29919f9e3bab7fdb276ca29501903c98de0b0cc8afca563f94fe69b6927ae594d1b53ad9f4a9f9f5c84a518d37939c84a5bd15048115ac421e9c56866ab6f91b0e8181d8999dd86c0177a971a39bf35b38eb0504bf70c02cc307c62d6f06c80b146153ca56a182831696c8cf46d2b065744e6dd4415ceff773e8d3a45aacc4fd8972cbe77878ce48d531066ec9e4790196e4a17b08ea09d4d3febf6721a44390383c7261e9e09f20c23f95e9c04d3c10220f3962d98b2bd98d5c3e50169a4c0c99f29c7a336489c26259957c4bdeae1c8cdf60d817db09336f680bbe954dc05669c9d48cb0a0488ed2385d935a7166b3187189e08d421903d546126289651db812f9c8754c0dc6f24a22ca988a2ac131cc52d724bb086a53a94e515e09fef354e9ca0daacaa347e96b3efd7c5c4063f6eb0cf55f08ff942780e6846d78410057ca2b845e69eeda4066de60a033e2f3c7e47b2f0c0c4c7da98b1d658c620f70dbe6eb8b5dd90216caa82c91db4c0f7ea02df5d5f8d6815d2d7868e6a6053f31a4fbe8732a1310ca7a79814177a981e5ab68dfeba4fe46ed4c51819be1308f73455e311f511ce4360cc7c24836c9b895ee5ce93cc42dd88f02d91b479c1748339024343700cce897087bbaae4fbd8e2ad5da016265ef097043acaf87504dde24216c805b40cf4d6edf2ae6564182acdf06580dde3fb66ab01625ffadc22f1ac7b97b9dec871edd96e86af127be1ef27548917a49476ce87f1719173369caf69d35d25637f0514e3e06069877968eb874a1c1adc92e760670e42b6cccd2fe0a5f9c543a44b382befc422d4486416b6fabe2f11944a3f08cded6fad9e3304a202d1c58841a6ab78b28a4162db2671d9ea74ee6f3b33a282f42abc911e3245531a34f5567cfcaa1cf762677c9f61d3aa2c4d76210edf440bf53e816d008ab2ea29cf42de9b88442d6b2eec4fbf23f7d23eaab316335dfc2dc10f9148df0b83d92c3a94fb0b49365af5ba599a1ea8e6fc7aea8df9208795cbbdf0af04f5f08fc828cb347a6e9daddbe514675b31e5134c7dfbb060dfc632ad82141ddea4e77e6c63c1843ca6fc820558b7355bae86e106c2be9c9b500c5134ab62444a8423d596bfe0e3b2df47dabf5abe271ae947f4878132915332e4fcc5b81ad6f12570de44f0fdd6a96397acebf95421c88ff274365be770edd1bd1f69bc2d2883fa70fa68828bddcb98f90b0b77e28f9c4726e5b0c52fa6f30a8d57321dfd2f2678bbc6511f39019f49d7dde6f19adeac78e4064b8288f5b4ac7d8ca35f7f70dfb376f5f3af98f02e76e57e21a00bac677703c8e2169816f5cf6c4d1bf803e0b2987544eeeffd197bcc10fe1d9a7b826a6693dc8bb32f19f25a88a15c3dcd30e7f48f0cda06ca99152bd1c892735598c32c6098ae12ef493334be720cb0ba3c710954fe0a80c3dec255f194761e5e904262118307bb49901808f9ca1af58648e9d57ffb744fd4f1d01b5ccaeaa5231def3f800cb8341d9109d93e3871c395892f8ffe25d6d9a7faa7073fd9c3b3aac94c554dab9c35667eb49d5f0e47fd6bb41ca4b2f420b1e3915fa653aaf8d842cc4b0fec5011bd0ba372601fb7930ce98402d2e3d64f8422550a621fa23b128e66b6afe1a74dab2b53de22214844e53441ab7998d4ac3557cca9ffe4997c778243c943ca2de0b1deba8468a5fe3c0f1fa93a9a7bb5dbc3ec2058ac7ad4ffa64966bbd90a5f3f53de5c44af6e93f248471ca09cabe6e6c0a87586ff04a5a8cea539d049d82929277cfba7e46fddcdc0f4c2995def4ac27d65bde4bb88dbed3b9cf9eb9501273ca533da1220422f6585bfa77f5df5faaf3250349b514f44bfd55f106792bc7c766eddde2267a12888db542803efcf48357368880fa7771a2d962ae0bb14934a93d28a18da7d39ed6be7d1897e33d3ba0f6db99325a12f64670f22c762a395c9c6ef4e8ef15c0798465b1c9d4", 0x5b7}], 0x1}}], 0x1, 0x40) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000480)=0x1df9, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0) 7.339363991s ago: executing program 3 (id=479): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x80, 0x7f, 0x7fff0002}]}) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00) close_range(r0, 0xffffffffffffffff, 0x0) 7.035401684s ago: executing program 4 (id=482): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003200), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x24, r2, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x24}}, 0x200000c0) 6.67284505s ago: executing program 32 (id=482): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003200), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x24, r2, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x24}}, 0x200000c0) 4.116635392s ago: executing program 1 (id=506): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) r3 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_G_FREQUENCY(r3, 0xc02c5638, &(0x7f0000000100)={0x8, 0x4, 0x1b6}) pread64(r2, &(0x7f00000002c0)=""/75, 0x4b, 0x0) ioctl$VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000140)={0xb}) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r4, 0x117, 0x6, 0x0, 0x5) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x1000}, [@CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1c}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffffffff}]}, 0x6c}, 0x1, 0x0, 0x0, 0xa42742cc92b640d6}, 0x0) 3.891332465s ago: executing program 2 (id=507): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 3.785337528s ago: executing program 1 (id=508): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='auto_da_alloc', 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x4, 0xc, 0x0, 0x5, 0xff, 0x1f, 0x0, 0x10000}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x9}, {0x0, 0x0, 0x3c, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 3.631437903s ago: executing program 1 (id=510): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x804c4700, &(0x7f0000000040)={0x8, 0x1, 0x9, 0x3, 0x1a, "3eccd2000500"}) 3.612994831s ago: executing program 2 (id=511): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='io\x00') preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000200)=""/218, 0xda}], 0x1, 0x0, 0x0) 3.51540859s ago: executing program 1 (id=513): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x18) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x101}) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}) 3.458240278s ago: executing program 2 (id=514): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) 3.398372504s ago: executing program 1 (id=515): r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0x0, 0x100000}) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r1) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/178, 0xb2) syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f00000000c0)="ad") syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) 3.082386279s ago: executing program 3 (id=519): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3800000055002f03020000000000000007000000", @ANYRES32=r1, @ANYBLOB="200001"], 0x38}}, 0x0) 1.129018079s ago: executing program 0 (id=532): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 1.035618279s ago: executing program 0 (id=533): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x9c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x6c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0xfffc, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x8}]}]}]}}]}, 0x9c}}, 0x0) 959.418694ms ago: executing program 1 (id=534): mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x118810, 0xffffffffffffffff, 0x2d74000) socket(0x22, 0x5, 0x6) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000280)=""/239, 0xef) writev(r2, &(0x7f0000000100)=[{&(0x7f0000000180)="b6", 0x1}], 0x1) syz_usb_disconnect(r1) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) syz_clone(0x200000, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x10) 929.670039ms ago: executing program 0 (id=535): setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x3}, 0x8) setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000080)={0xfe4, 0x9, 0x11, 0xafb}, 0x8) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="d2", 0x1, 0x4005, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) 871.632478ms ago: executing program 0 (id=536): syz_emit_vhci(&(0x7f00000006c0)=ANY=[@ANYBLOB="0413290ac8"], 0x2c) 783.407683ms ago: executing program 0 (id=537): syz_usb_connect(0x1, 0x36, &(0x7f00000009c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, 0x0, 0x0) 705.127776ms ago: executing program 3 (id=538): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="f0e31345c429558ceebe6078ca6d60af51b89665e8"], 0x15) 702.686761ms ago: executing program 2 (id=539): openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101400, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) 443.282409ms ago: executing program 2 (id=540): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 94.384285ms ago: executing program 0 (id=541): r0 = syz_open_dev$vbi(&(0x7f0000000140), 0x1, 0x2) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 0s ago: executing program 2 (id=542): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x8c, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x65, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @broadcast, @device_a, @initial, {0xf, 0x5}}, 0x4, @default, 0x1000, @void, @val, @val={0x3, 0x1, 0x4}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x1}}, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x0, 0x0, 0x2f, 0x6}}}}]}, 0x8c}, 0x1, 0x0, 0x0, 0xc0}, 0x4000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.175' (ED25519) to the list of known hosts. [ 81.129005][ T5825] cgroup: Unknown subsys name 'net' [ 81.390570][ T5825] cgroup: Unknown subsys name 'cpuset' [ 81.446103][ T5825] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.237802][ T5825] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.339205][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.343738][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.346697][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.350818][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.351845][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.352993][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.353774][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.356240][ T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.358558][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.359596][ T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.375166][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.376780][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.378580][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.380942][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.394956][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.412594][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.414952][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.415262][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.465593][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.485633][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.527964][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.530425][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.531288][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.532465][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.533259][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.742366][ T9] cfg80211: failed to load regulatory.db [ 87.400036][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 87.485749][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 87.544447][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 87.792914][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 87.887201][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 88.388506][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.388668][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.389177][ T5836] bridge_slave_0: entered allmulticast mode [ 88.393168][ T5836] bridge_slave_0: entered promiscuous mode [ 88.406772][ T5156] Bluetooth: hci0: command tx timeout [ 88.485650][ T5156] Bluetooth: hci3: command tx timeout [ 88.485860][ T5156] Bluetooth: hci2: command tx timeout [ 88.566427][ T5156] Bluetooth: hci1: command tx timeout [ 88.591519][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.592117][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.592326][ T5836] bridge_slave_1: entered allmulticast mode [ 88.595099][ T5836] bridge_slave_1: entered promiscuous mode [ 88.621863][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.622000][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.622207][ T5841] bridge_slave_0: entered allmulticast mode [ 88.625105][ T5841] bridge_slave_0: entered promiscuous mode [ 88.645505][ T5156] Bluetooth: hci4: command tx timeout [ 88.806556][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.806660][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.806810][ T5841] bridge_slave_1: entered allmulticast mode [ 88.808315][ T5841] bridge_slave_1: entered promiscuous mode [ 88.809975][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.810068][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.810181][ T5844] bridge_slave_0: entered allmulticast mode [ 88.811620][ T5844] bridge_slave_0: entered promiscuous mode [ 89.036694][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.036879][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.037051][ T5844] bridge_slave_1: entered allmulticast mode [ 89.039177][ T5844] bridge_slave_1: entered promiscuous mode [ 89.192860][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.419042][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.419191][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.419363][ T5837] bridge_slave_0: entered allmulticast mode [ 89.421454][ T5837] bridge_slave_0: entered promiscuous mode [ 89.426195][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.430356][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.531873][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.532010][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.532188][ T5840] bridge_slave_0: entered allmulticast mode [ 89.533965][ T5840] bridge_slave_0: entered promiscuous mode [ 89.535331][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.538017][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.538207][ T5837] bridge_slave_1: entered allmulticast mode [ 89.540755][ T5837] bridge_slave_1: entered promiscuous mode [ 89.700961][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.703708][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.703947][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.704076][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.704234][ T5840] bridge_slave_1: entered allmulticast mode [ 89.716936][ T5840] bridge_slave_1: entered promiscuous mode [ 89.988299][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.143437][ T5836] team0: Port device team_slave_0 added [ 90.361096][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.363649][ T5836] team0: Port device team_slave_1 added [ 90.368157][ T5841] team0: Port device team_slave_0 added [ 90.462679][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.475512][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.485635][ T5156] Bluetooth: hci0: command tx timeout [ 90.539404][ T5841] team0: Port device team_slave_1 added [ 90.544015][ T5844] team0: Port device team_slave_0 added [ 90.548383][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.565476][ T5156] Bluetooth: hci2: command tx timeout [ 90.565505][ T5156] Bluetooth: hci3: command tx timeout [ 90.645574][ T5156] Bluetooth: hci1: command tx timeout [ 90.725518][ T5156] Bluetooth: hci4: command tx timeout [ 90.800725][ T5844] team0: Port device team_slave_1 added [ 91.148942][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.148953][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.148966][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.389004][ T5837] team0: Port device team_slave_0 added [ 91.392677][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.392691][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.392714][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.394300][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.394321][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.394344][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.401232][ T5840] team0: Port device team_slave_0 added [ 91.494418][ T5837] team0: Port device team_slave_1 added [ 91.511807][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.511823][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.511846][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.514956][ T5840] team0: Port device team_slave_1 added [ 91.517358][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.517371][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.517394][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.636687][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.636703][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.636726][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.945168][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.945184][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.945207][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.969856][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.969872][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.969895][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.098568][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.098584][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.098600][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.210037][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.210052][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.210076][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.219152][ T5836] hsr_slave_0: entered promiscuous mode [ 92.223614][ T5836] hsr_slave_1: entered promiscuous mode [ 92.417680][ T5841] hsr_slave_0: entered promiscuous mode [ 92.419055][ T5841] hsr_slave_1: entered promiscuous mode [ 92.420152][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 92.420270][ T5841] Cannot create hsr debugfs directory [ 92.521993][ T5844] hsr_slave_0: entered promiscuous mode [ 92.522963][ T5844] hsr_slave_1: entered promiscuous mode [ 92.523503][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 92.523521][ T5844] Cannot create hsr debugfs directory [ 92.565568][ T5156] Bluetooth: hci0: command tx timeout [ 92.645611][ T5156] Bluetooth: hci2: command tx timeout [ 92.645645][ T5156] Bluetooth: hci3: command tx timeout [ 92.725584][ T5156] Bluetooth: hci1: command tx timeout [ 92.805735][ T5156] Bluetooth: hci4: command tx timeout [ 93.076841][ T5837] hsr_slave_0: entered promiscuous mode [ 93.078652][ T5837] hsr_slave_1: entered promiscuous mode [ 93.079504][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 93.079527][ T5837] Cannot create hsr debugfs directory [ 93.176757][ T5840] hsr_slave_0: entered promiscuous mode [ 93.178167][ T5840] hsr_slave_1: entered promiscuous mode [ 93.178755][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 93.178777][ T5840] Cannot create hsr debugfs directory [ 94.646993][ T5156] Bluetooth: hci0: command tx timeout [ 94.709294][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.726548][ T5156] Bluetooth: hci3: command tx timeout [ 94.726574][ T5846] Bluetooth: hci2: command tx timeout [ 94.752188][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.784673][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.805636][ T5846] Bluetooth: hci1: command tx timeout [ 94.846626][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.885693][ T5846] Bluetooth: hci4: command tx timeout [ 94.991126][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.053818][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.083274][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.160762][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.343188][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.374860][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.415581][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.467714][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.650934][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.702531][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.703570][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.763159][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.800790][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.936201][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.959003][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.993101][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.037227][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.089993][ T3188] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.090595][ T3188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.093823][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.195823][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.201350][ T4192] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.201498][ T4192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.324548][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.371944][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.372157][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.424351][ T3188] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.424544][ T3188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.462792][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.599602][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.649264][ T3188] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.649539][ T3188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.664306][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.704769][ T3188] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.704917][ T3188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.857122][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.894151][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.921059][ T4192] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.921297][ T4192] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.021908][ T1163] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.025642][ T1163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.117966][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.148853][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.163996][ T3188] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.165812][ T3188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.250295][ T3188] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.250504][ T3188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.374271][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.599292][ T5836] veth0_vlan: entered promiscuous mode [ 97.618418][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.676347][ T5836] veth1_vlan: entered promiscuous mode [ 97.721357][ T5841] veth0_vlan: entered promiscuous mode [ 97.867048][ T5841] veth1_vlan: entered promiscuous mode [ 97.995203][ T5836] veth0_macvtap: entered promiscuous mode [ 98.043960][ T5836] veth1_macvtap: entered promiscuous mode [ 98.161304][ T5841] veth0_macvtap: entered promiscuous mode [ 98.208622][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.220616][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.226329][ T5841] veth1_macvtap: entered promiscuous mode [ 98.283117][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.356772][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.376041][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.384901][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.384989][ T1180] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.441869][ T1180] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.467201][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.515311][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.599957][ T4192] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.620309][ T4192] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.644052][ T4192] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.662138][ T4192] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.831777][ T5840] veth0_vlan: entered promiscuous mode [ 98.978782][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.978805][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.038428][ T5840] veth1_vlan: entered promiscuous mode [ 99.044209][ T5844] veth0_vlan: entered promiscuous mode [ 99.145276][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.145296][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.155703][ T5837] veth0_vlan: entered promiscuous mode [ 99.159728][ T5844] veth1_vlan: entered promiscuous mode [ 99.253948][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.253967][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.292485][ T5837] veth1_vlan: entered promiscuous mode [ 99.393611][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.393630][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.417652][ T5840] veth0_macvtap: entered promiscuous mode [ 99.460725][ T5840] veth1_macvtap: entered promiscuous mode [ 99.488147][ T5844] veth0_macvtap: entered promiscuous mode [ 99.526914][ T5844] veth1_macvtap: entered promiscuous mode [ 99.603625][ T5837] veth0_macvtap: entered promiscuous mode [ 99.651777][ T5958] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.725753][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.726824][ T5837] veth1_macvtap: entered promiscuous mode [ 99.805298][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.860308][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.862478][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.891690][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.923615][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.936173][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.957957][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.963606][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.037581][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.037872][ T43] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.061644][ T43] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.077191][ T43] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.077531][ T43] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.174686][ T1163] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.245086][ T1163] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.288392][ T1163] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.333600][ T3188] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.697969][ T4192] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.697990][ T4192] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.854434][ T3188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.854449][ T3188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.037494][ T4192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.037512][ T4192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.149019][ T5973] netlink: 'syz.2.9': attribute type 2 has an invalid length. [ 101.156467][ T3188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.156484][ T3188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.404950][ T3188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.404971][ T3188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.754618][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.754637][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.820143][ T6000] binder: 5997:6000 ioctl c0306201 200000000040 returned -14 [ 102.944117][ T5999] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 103.051998][ T6005] syz_tun: entered allmulticast mode [ 103.259437][ T6011] netlink: 'syz.1.17': attribute type 10 has an invalid length. [ 103.278505][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 103.474532][ T9] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 103.474561][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.474580][ T9] usb 4-1: Product: syz [ 103.474592][ T9] usb 4-1: Manufacturer: syz [ 103.474606][ T9] usb 4-1: SerialNumber: syz [ 103.589620][ T9] usb 4-1: config 0 descriptor?? [ 103.623220][ T6011] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 103.738177][ T4192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.738196][ T4192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.022218][ T9] usb 4-1: USB disconnect, device number 2 [ 104.442722][ T5907] udevd[5907]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.806204][ T5927] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 104.959570][ T5927] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 104.959726][ T5927] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 104.959750][ T5927] usb 5-1: config 0 interface 0 has no altsetting 0 [ 104.965330][ T5927] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 104.965635][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 104.965655][ T5927] usb 5-1: Product: syz [ 104.965669][ T5927] usb 5-1: Manufacturer: syz [ 104.965682][ T5927] usb 5-1: SerialNumber: syz [ 105.031624][ T5927] usb 5-1: config 0 descriptor?? [ 105.085051][ T5927] hub 5-1:0.0: bad descriptor, ignoring hub [ 105.085094][ T5927] hub 5-1:0.0: probe with driver hub failed with error -5 [ 105.151089][ T5927] usb 5-1: selecting invalid altsetting 0 [ 105.545790][ T5927] usb 5-1: USB disconnect, device number 2 [ 106.478284][ T5929] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 106.635452][ T5929] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 106.635486][ T5929] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 106.635523][ T5929] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 106.635544][ T5929] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.643771][ T6060] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 106.714417][ T5929] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 106.740126][ T6068] syz.4.37 uses obsolete (PF_INET,SOCK_PACKET) [ 106.917510][ T5929] usb 2-1: USB disconnect, device number 2 [ 107.097309][ T6078] netlink: 40 bytes leftover after parsing attributes in process `syz.2.39'. [ 107.104396][ T6064] udevd[6064]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 107.465585][ T5927] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 107.636022][ T5927] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 107.636066][ T5927] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 107.636108][ T5927] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 107.636134][ T5927] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 107.636160][ T5927] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 107.636186][ T5927] usb 4-1: config 0 interface 0 has no altsetting 0 [ 107.642910][ T5927] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 107.642938][ T5927] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 107.642956][ T5927] usb 4-1: Product: syz [ 107.642968][ T5927] usb 4-1: Manufacturer: syz [ 107.642980][ T5927] usb 4-1: SerialNumber: syz [ 107.652918][ T5927] usb 4-1: config 0 descriptor?? [ 107.752587][ T6082] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 107.801632][ T5927] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 107.894543][ T5927] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 108.417577][ T10] usb 4-1: USB disconnect, device number 3 [ 108.457713][ T10] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 108.666924][ T6107] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.673875][ T6107] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.164311][ T6126] netlink: 'syz.2.56': attribute type 1 has an invalid length. [ 109.164347][ T6126] netlink: 'syz.2.56': attribute type 1 has an invalid length. [ 109.190012][ T6126] netlink: 'syz.2.56': attribute type 1 has an invalid length. [ 109.265477][ T45] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 109.420270][ T45] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 109.420331][ T45] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 109.420354][ T45] usb 5-1: config 0 interface 0 has no altsetting 0 [ 109.460509][ T45] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 109.460539][ T45] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 109.460557][ T45] usb 5-1: Product: syz [ 109.460570][ T45] usb 5-1: Manufacturer: syz [ 109.460584][ T45] usb 5-1: SerialNumber: syz [ 109.503990][ T45] usb 5-1: config 0 descriptor?? [ 109.519669][ T45] hub 5-1:0.0: bad descriptor, ignoring hub [ 109.519708][ T45] hub 5-1:0.0: probe with driver hub failed with error -5 [ 109.524869][ T45] usb 5-1: selecting invalid altsetting 0 [ 110.060227][ T6123] syz.1.55 (6123) used greatest stack depth: 18968 bytes left [ 110.442579][ T6121] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 110.581175][ T6156] overlayfs: failed to clone upperpath [ 110.693351][ T6121] usb 5-1: device firmware changed [ 110.720459][ T5927] usb 5-1: USB disconnect, device number 3 [ 110.977155][ T6167] tipc: Started in network mode [ 110.977187][ T6167] tipc: Node identity eaff55744e47, cluster identity 4711 [ 110.977918][ T6167] tipc: Enabled bearer , priority 0 [ 110.999622][ T5927] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 111.008191][ T6171] syzkaller0: entered promiscuous mode [ 111.008219][ T6171] syzkaller0: entered allmulticast mode [ 111.158056][ T5927] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 111.158196][ T5927] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 111.158218][ T5927] usb 5-1: config 0 interface 0 has no altsetting 0 [ 111.164894][ T5927] usb 5-1: string descriptor 0 read error: -22 [ 111.165147][ T5927] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 111.165170][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 111.251655][ T5927] usb 5-1: config 0 descriptor?? [ 111.257876][ T6163] tipc: Resetting bearer [ 111.262843][ T5927] hub 5-1:0.0: bad descriptor, ignoring hub [ 111.262878][ T5927] hub 5-1:0.0: probe with driver hub failed with error -5 [ 111.291896][ T5927] usb 5-1: selecting invalid altsetting 0 [ 111.315780][ T6161] tipc: Resetting bearer [ 111.569814][ T6161] tipc: Disabling bearer [ 111.586580][ T5927] usb 5-1: USB disconnect, device number 4 [ 112.616343][ T5927] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 112.748354][ T6203] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 112.771556][ T5927] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 112.771590][ T5927] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 1268, setting to 1024 [ 112.771696][ T5927] usb 2-1: config 0 interface 0 has no altsetting 0 [ 112.783390][ T5927] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 112.783483][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 112.783503][ T5927] usb 2-1: Product: syz [ 112.783516][ T5927] usb 2-1: Manufacturer: syz [ 112.783529][ T5927] usb 2-1: SerialNumber: syz [ 112.896176][ T5927] usb 2-1: config 0 descriptor?? [ 113.045755][ T5927] usb 2-1: selecting invalid altsetting 0 [ 113.392830][ T5927] usb 2-1: USB disconnect, device number 3 [ 113.724056][ T5991] udevd[5991]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 114.515516][ T1232] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 114.614068][ T6226] can0: slcan on ttyS3. [ 114.682072][ T1232] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 114.682101][ T1232] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.682120][ T1232] usb 1-1: Product: syz [ 114.682134][ T1232] usb 1-1: Manufacturer: syz [ 114.682147][ T1232] usb 1-1: SerialNumber: syz [ 114.765641][ T1232] usb 1-1: config 0 descriptor?? [ 115.004964][ T9] usb 1-1: USB disconnect, device number 2 [ 115.029975][ T6225] can0 (unregistered): slcan off ttyS3. [ 115.166489][ T6079] udevd[6079]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 116.055404][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.055912][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.056641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.505387][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.680037][ T1232] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 116.781835][ T6261] Bluetooth: MGMT ver 1.23 [ 116.839221][ T1232] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.839270][ T1232] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 116.839292][ T1232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.853099][ T1232] usb 5-1: config 0 descriptor?? [ 117.069787][ T6263] netlink: 36 bytes leftover after parsing attributes in process `syz.1.108'. [ 117.069812][ T6263] netlink: 16 bytes leftover after parsing attributes in process `syz.1.108'. [ 117.069829][ T6263] netlink: 36 bytes leftover after parsing attributes in process `syz.1.108'. [ 117.069873][ T6263] netlink: 36 bytes leftover after parsing attributes in process `syz.1.108'. [ 117.169251][ T1232] usbhid 5-1:0.0: can't add hid device: -71 [ 117.169331][ T1232] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 117.205103][ T1232] usb 5-1: USB disconnect, device number 5 [ 117.467370][ T5846] Bluetooth: hci1: ACL packet too small [ 117.509663][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 117.746466][ T1232] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 117.955479][ T1232] usb 5-1: Using ep0 maxpacket: 32 [ 117.958355][ T1232] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.958400][ T1232] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 117.958423][ T1232] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.963624][ T1232] usb 5-1: config 0 descriptor?? [ 117.995407][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.055774][ T1232] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 118.106487][ T1232] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 118.438948][ T9] usb 5-1: USB disconnect, device number 6 [ 118.447498][ T9] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 118.855776][ T6291] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.230000][ T6304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.126'. [ 119.358679][ T6304] netlink: 5 bytes leftover after parsing attributes in process `syz.3.126'. [ 119.421853][ T5846] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 119.421906][ T5846] CPU: 0 UID: 0 PID: 5846 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 119.421931][ T5846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 119.421945][ T5846] Workqueue: hci3 hci_rx_work [ 119.421993][ T5846] Call Trace: [ 119.422001][ T5846] [ 119.422011][ T5846] dump_stack_lvl+0x189/0x250 [ 119.422051][ T5846] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.422080][ T5846] ? __pfx__printk+0x10/0x10 [ 119.422114][ T5846] ? kernfs_path_from_node+0x2c/0x280 [ 119.422139][ T5846] ? kernfs_path_from_node+0x243/0x280 [ 119.422157][ T5846] ? kernfs_path_from_node+0x2c/0x280 [ 119.422179][ T5846] sysfs_create_dir_ns+0x259/0x280 [ 119.422205][ T5846] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 119.422227][ T5846] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 119.422263][ T5846] ? rt_spin_unlock+0x65/0x80 [ 119.422291][ T5846] kobject_add_internal+0x5a5/0xb50 [ 119.422336][ T5846] kobject_add+0x155/0x220 [ 119.422380][ T5846] ? __pfx_kobject_add+0x10/0x10 [ 119.422416][ T5846] ? get_device_parent+0x370/0x3a0 [ 119.422450][ T5846] device_add+0x408/0xb50 [ 119.422486][ T5846] hci_conn_add_sysfs+0xd5/0x1e0 [ 119.422520][ T5846] le_conn_complete_evt+0xc3a/0x1220 [ 119.422562][ T5846] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 119.422588][ T5846] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 119.422615][ T5846] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.422646][ T5846] ? skb_pull_data+0xfb/0x200 [ 119.422672][ T5846] hci_le_enh_conn_complete_evt+0x189/0x470 [ 119.422698][ T5846] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 119.422728][ T5846] hci_event_packet+0x78f/0x1200 [ 119.422753][ T5846] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 119.422781][ T5846] ? __pfx_hci_event_packet+0x10/0x10 [ 119.422801][ T5846] ? __pfx_migrate_enable+0x10/0x10 [ 119.422834][ T5846] ? hci_send_to_monitor+0xe2/0x570 [ 119.422864][ T5846] hci_rx_work+0x46a/0xe80 [ 119.422894][ T5846] ? process_scheduled_works+0x9ef/0x17b0 [ 119.422921][ T5846] process_scheduled_works+0xade/0x17b0 [ 119.422978][ T5846] ? __pfx_process_scheduled_works+0x10/0x10 [ 119.423021][ T5846] worker_thread+0x8a0/0xda0 [ 119.423075][ T5846] kthread+0x70e/0x8a0 [ 119.423106][ T5846] ? __pfx_worker_thread+0x10/0x10 [ 119.423130][ T5846] ? __pfx_kthread+0x10/0x10 [ 119.423164][ T5846] ? __pfx_kthread+0x10/0x10 [ 119.423193][ T5846] ret_from_fork+0x3f9/0x770 [ 119.423222][ T5846] ? __pfx_ret_from_fork+0x10/0x10 [ 119.423261][ T5846] ? __switch_to_asm+0x39/0x70 [ 119.423279][ T5846] ? __switch_to_asm+0x33/0x70 [ 119.423297][ T5846] ? __pfx_kthread+0x10/0x10 [ 119.423328][ T5846] ret_from_fork_asm+0x1a/0x30 [ 119.423365][ T5846] [ 119.423399][ T5846] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 119.423440][ T5846] Bluetooth: hci3: failed to register connection device [ 120.623514][ T1163] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.198971][ T1163] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.296542][ T5156] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 121.318635][ T5156] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 121.320267][ T5156] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 121.321413][ T5156] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 121.322551][ T5156] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 121.911436][ T1163] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.627748][ T1163] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.071599][ T6390] syzkaller1: entered promiscuous mode [ 123.071629][ T6390] syzkaller1: entered allmulticast mode [ 123.365977][ T5156] Bluetooth: hci1: command tx timeout [ 123.658916][ T6342] chnl_net:caif_netlink_parms(): no params data found [ 124.045595][ T1163] bridge_slave_1: left allmulticast mode [ 124.045786][ T1163] bridge_slave_1: left promiscuous mode [ 124.049088][ T1163] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.188016][ T1163] bridge_slave_0: left allmulticast mode [ 124.188049][ T1163] bridge_slave_0: left promiscuous mode [ 124.188325][ T1163] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.532592][ T6437] ======================================================= [ 124.532592][ T6437] WARNING: The mand mount option has been deprecated and [ 124.532592][ T6437] and is ignored by this kernel. Remove the mand [ 124.532592][ T6437] option from the mount to silence this warning. [ 124.532592][ T6437] ======================================================= [ 124.533076][ T6437] 9pnet_virtio: no channels available for device syz [ 125.445547][ T5156] Bluetooth: hci1: command tx timeout [ 126.626302][ T1163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.688093][ T1163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.746445][ T1163] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 126.953721][ T1163] bond0 (unregistering): Released all slaves [ 127.048271][ T6420] kthread_run failed with err -4 [ 127.102598][ T6443] syzkaller0: mtu greater than device maximum [ 127.525530][ T5156] Bluetooth: hci1: command tx timeout [ 127.601268][ T1163] tipc: Left network mode [ 128.333724][ T6342] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.333856][ T6342] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.334239][ T6342] bridge_slave_0: entered allmulticast mode [ 128.359699][ T6342] bridge_slave_0: entered promiscuous mode [ 128.377165][ T6342] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.377318][ T6342] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.377550][ T6342] bridge_slave_1: entered allmulticast mode [ 128.391247][ T6342] bridge_slave_1: entered promiscuous mode [ 129.499986][ T6342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.548521][ T6342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.606244][ T5156] Bluetooth: hci1: command tx timeout [ 129.875968][ T1163] hsr_slave_0: left promiscuous mode [ 129.975017][ T1163] hsr_slave_1: left promiscuous mode [ 129.976829][ T1163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 129.976908][ T1163] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 130.091202][ T1163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.091235][ T1163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 130.233320][ T5156] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1 [ 130.276750][ T1163] veth1_macvtap: left promiscuous mode [ 130.277056][ T1163] veth0_macvtap: left promiscuous mode [ 130.277388][ T1163] veth1_vlan: left promiscuous mode [ 130.278574][ T1163] veth0_vlan: left promiscuous mode [ 130.464794][ T6577] tmpfs: Cannot enable quota on remount [ 132.812856][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.812954][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.062533][ T1163] team0 (unregistering): Port device team_slave_1 removed [ 133.258539][ T1163] team0 (unregistering): Port device team_slave_0 removed [ 134.256560][ T5156] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 134.256678][ T5156] Bluetooth: hci2: Injecting HCI hardware error event [ 134.258371][ T5846] Bluetooth: hci2: hardware error 0x00 [ 135.347201][ T6577] : renamed from bridge_slave_1 (while UP) [ 135.409481][ T6342] team0: Port device team_slave_0 added [ 135.436328][ T6342] team0: Port device team_slave_1 added [ 135.814897][ T6342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 135.814913][ T6342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.814935][ T6342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 135.876560][ T6342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 135.876575][ T6342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.876599][ T6342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.041914][ T37] audit: type=1800 audit(1756914717.154:2): pid=6622 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.254" name="nullb0" dev="tmpfs" ino=459 res=0 errno=0 [ 136.045264][ T37] audit: type=1326 audit(1756914717.194:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6619 comm="syz.3.253" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8de46eebe9 code=0x0 [ 136.381668][ T6342] hsr_slave_0: entered promiscuous mode [ 136.388040][ T6342] hsr_slave_1: entered promiscuous mode [ 136.388949][ T6342] debugfs: 'hsr0' already exists in 'hsr' [ 136.388971][ T6342] Cannot create hsr debugfs directory [ 136.495553][ T5846] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 137.331844][ T6665] 9pnet_virtio: no channels available for device syz [ 137.442113][ T6663] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 138.008452][ T6681] tipc: Enabling of bearer rejected, failed to enable media [ 140.036244][ T6342] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 140.129897][ T6342] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 140.220107][ T6342] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 140.312692][ T6342] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 140.880760][ T6342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.981444][ T6342] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.061776][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.061929][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.140020][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.140231][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.751811][ T6342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.829126][ T6823] 9pnet_virtio: no channels available for device syz [ 143.097559][ T6342] veth0_vlan: entered promiscuous mode [ 143.168311][ T6342] veth1_vlan: entered promiscuous mode [ 143.446026][ T6342] veth0_macvtap: entered promiscuous mode [ 143.475023][ T6342] veth1_macvtap: entered promiscuous mode [ 143.631060][ T6342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.692959][ T6342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.770620][ T57] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.770940][ T57] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.770977][ T57] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.771012][ T57] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.504547][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.504567][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.797370][ T6858] can0: slcan on ptm0. [ 145.017427][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.017449][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.049029][ T6856] can0 (unregistered): slcan off ptm0. [ 145.538677][ T6881] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.333'. [ 146.155564][ T6034] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 146.305489][ T6034] usb 2-1: Using ep0 maxpacket: 8 [ 146.307835][ T6034] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 146.307895][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.307922][ T6034] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.307946][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.307971][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 146.309463][ T6034] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 146.309521][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.309547][ T6034] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.309570][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.309594][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 146.311114][ T6034] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 146.311188][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 146.311214][ T6034] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 146.311239][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 146.311270][ T6034] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 146.348974][ T6907] tipc: Enabling of bearer rejected, failed to enable media [ 146.467313][ T6034] usb 2-1: string descriptor 0 read error: -22 [ 146.467471][ T6034] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 146.467494][ T6034] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.556313][ T6034] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 146.808887][ T5929] usb 2-1: USB disconnect, device number 4 [ 147.662409][ T6927] 9pnet_virtio: no channels available for device syz [ 147.978124][ T5846] Bluetooth: hci4: unexpected cc 0x204b length: 9 > 3 [ 148.525564][ T5929] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 148.692124][ T5929] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 148.692152][ T5929] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 148.692170][ T5929] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 148.692222][ T5929] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 148.692247][ T5929] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 148.692269][ T5929] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 148.748852][ T5929] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 148.748880][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 148.748898][ T5929] usb 2-1: Product: syz [ 148.748912][ T5929] usb 2-1: Manufacturer: syz [ 148.789886][ T6945] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 148.836575][ T5929] cdc_wdm 2-1:1.0: skipping garbage [ 148.836596][ T5929] cdc_wdm 2-1:1.0: skipping garbage [ 148.881453][ T5929] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 148.881483][ T5929] cdc_wdm 2-1:1.0: Unknown control protocol [ 149.036131][ T6960] syz_tun: entered allmulticast mode [ 149.095597][ T6960] syz_tun: left allmulticast mode [ 149.811966][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.812101][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.812441][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.812461][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.812700][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.812719][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.812951][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.812976][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.813571][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.813593][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.813824][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.813844][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.814073][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.814091][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.814320][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.814338][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.814571][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.814589][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 149.814818][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 149.814837][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 151.403373][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 151.410706][ T5929] usb 2-1: USB disconnect, device number 5 [ 151.719491][ C1] Unknown status report in ack skb [ 151.900507][ T37] audit: type=1326 audit(1756914733.054:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7015 comm="syz.2.384" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcceea7ebe9 code=0x0 [ 152.395547][ T5929] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 152.555572][ T5929] usb 5-1: Using ep0 maxpacket: 8 [ 152.563573][ T5929] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 152.563603][ T5929] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 152.563623][ T5929] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 152.563643][ T5929] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 152.563676][ T5929] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 152.563694][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.835665][ T5929] usb 5-1: GET_CAPABILITIES returned 0 [ 152.835721][ T5929] usbtmc 5-1:16.0: can't read capabilities [ 152.936187][ T7042] tipc: Started in network mode [ 152.936214][ T7042] tipc: Node identity 7f000001, cluster identity 4711 [ 152.939155][ T7042] tipc: Enabled bearer , priority 10 [ 152.979375][ T7042] tipc: Enabled bearer , priority 10 [ 152.992653][ T7042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.394'. [ 153.007111][ T7042] tipc: Bearer : already 2 bearers with priority 10 [ 153.007130][ T7042] tipc: Bearer : trying with adjusted priority [ 153.007218][ T7042] tipc: Enabling of bearer rejected, failed to enable media [ 153.053966][ T5929] usb 5-1: USB disconnect, device number 7 [ 154.049398][ T7082] 9pnet_virtio: no channels available for device syz [ 154.065928][ T5914] tipc: Node number set to 2130706433 [ 154.745584][ T5929] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 154.989928][ T5929] usb 4-1: config 0 has no interfaces? [ 154.989966][ T5929] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 154.989989][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.998046][ T5929] usb 4-1: config 0 descriptor?? [ 155.343408][ T6034] usb 4-1: USB disconnect, device number 4 [ 155.975788][ T7126] Zero length message leads to an empty skb [ 156.516103][ T7146] smc: net device bond0 applied user defined pnetid SYZ2 [ 156.519481][ T7146] netlink: 14 bytes leftover after parsing attributes in process `syz.1.437'. [ 156.939313][ T7159] delete_channel: no stack [ 157.279029][ T7165] process 'syz.0.444' launched '/dev/fd/3' with NULL argv: empty string added [ 158.263467][ T7146] smc: removing net device bond0 with user defined pnetid SYZ2 [ 158.318639][ T7146] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 158.389355][ T7146] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 158.464164][ T7146] bond0 (unregistering): Released all slaves [ 158.589307][ T6034] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 158.773143][ T6034] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 158.773204][ T6034] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 158.773227][ T6034] usb 5-1: config 0 interface 0 has no altsetting 0 [ 158.788468][ T6034] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 158.788495][ T6034] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 158.788514][ T6034] usb 5-1: Product: syz [ 158.788527][ T6034] usb 5-1: Manufacturer: syz [ 158.788540][ T6034] usb 5-1: SerialNumber: syz [ 158.798050][ T6034] usb 5-1: config 0 descriptor?? [ 158.837551][ T6034] hub 5-1:0.0: bad descriptor, ignoring hub [ 158.837588][ T6034] hub 5-1:0.0: probe with driver hub failed with error -5 [ 158.842666][ T6034] usb 5-1: selecting invalid altsetting 0 [ 159.053608][ T7185] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 159.053635][ T7185] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 159.155425][ T6034] usb 5-1: USB disconnect, device number 8 [ 159.244318][ T6604] udevd[6604]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 159.859100][ T7211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.462'. [ 159.859989][ T7211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.462'. [ 160.496122][ T6034] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 160.645575][ T6034] usb 2-1: Using ep0 maxpacket: 8 [ 160.648545][ T6034] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 160.648572][ T6034] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 160.648595][ T6034] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 160.648617][ T6034] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 160.648659][ T6034] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 160.648680][ T6034] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.894234][ T6034] usb 2-1: GET_CAPABILITIES returned 0 [ 160.894283][ T6034] usbtmc 2-1:16.0: can't read capabilities [ 161.101683][ T6034] usb 2-1: USB disconnect, device number 6 [ 161.645540][ T6034] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 161.814793][ T6034] usb 4-1: config index 0 descriptor too short (expected 39, got 27) [ 161.814855][ T6034] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 161.814877][ T6034] usb 4-1: config 0 interface 0 has no altsetting 0 [ 161.847769][ T6034] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 161.847797][ T6034] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 161.847816][ T6034] usb 4-1: Product: syz [ 161.847830][ T6034] usb 4-1: Manufacturer: syz [ 161.847844][ T6034] usb 4-1: SerialNumber: syz [ 161.884870][ T6034] usb 4-1: config 0 descriptor?? [ 161.908526][ T6034] hub 4-1:0.0: bad descriptor, ignoring hub [ 161.908562][ T6034] hub 4-1:0.0: probe with driver hub failed with error -5 [ 161.913794][ T6034] usb 4-1: selecting invalid altsetting 0 [ 161.936915][ T7262] netlink: 8 bytes leftover after parsing attributes in process `syz.0.483'. [ 161.936928][ T7262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.483'. [ 162.450911][ T1163] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.832539][ T1163] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.910202][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 162.926986][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 162.932738][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 162.934892][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 162.938886][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 163.016441][ T7284] tipc: Enabling of bearer rejected, failed to enable media [ 163.310886][ T1163] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.724932][ T1163] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.359058][ T7318] overlayfs: failed to clone upperpath [ 164.475631][ T7320] tipc: Enabling of bearer rejected, failed to enable media [ 164.818582][ T1163] bridge_slave_1: left allmulticast mode [ 164.818615][ T1163] bridge_slave_1: left promiscuous mode [ 164.818887][ T1163] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.980063][ T1163] bridge_slave_0: left allmulticast mode [ 164.980093][ T1163] bridge_slave_0: left promiscuous mode [ 164.980355][ T1163] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.046791][ T5846] Bluetooth: hci3: command tx timeout [ 165.481903][ T6034] usb 4-1: USB disconnect, device number 5 [ 165.537133][ T45] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 165.700978][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.701026][ T45] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 165.701048][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.707516][ T45] usb 2-1: config 0 descriptor?? [ 165.942319][ T45] usbhid 2-1:0.0: can't add hid device: -71 [ 165.942443][ T45] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 165.980911][ T45] usb 2-1: USB disconnect, device number 7 [ 166.465490][ T45] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 166.620611][ T45] usb 2-1: Using ep0 maxpacket: 32 [ 166.623070][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.623116][ T45] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 166.623139][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.657960][ T45] usb 2-1: config 0 descriptor?? [ 166.662331][ T45] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 166.684892][ T45] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 167.075113][ T5914] usb 2-1: USB disconnect, device number 8 [ 167.111445][ T5914] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 167.125848][ T5846] Bluetooth: hci3: command tx timeout [ 167.217932][ T7377] overlayfs: failed to clone upperpath [ 167.688703][ T1163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.767171][ T1163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.818419][ T1163] bond0 (unregistering): Released all slaves [ 167.905924][ T7281] chnl_net:caif_netlink_parms(): no params data found [ 167.975478][ T5927] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 168.157279][ T5927] usb 2-1: Using ep0 maxpacket: 8 [ 168.159838][ T5927] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 168.159919][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 168.159945][ T5927] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 168.159969][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 168.159994][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 168.162730][ T5927] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 168.162783][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 168.162808][ T5927] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 168.162833][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 168.162857][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 168.193066][ T5927] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 168.193129][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 168.193155][ T5927] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 168.193178][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 168.193202][ T5927] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 168.213896][ T5927] usb 2-1: string descriptor 0 read error: -22 [ 168.214058][ T5927] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 168.214079][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.464244][ T5927] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 168.646540][ C0] ------------[ cut here ]------------ [ 168.646566][ C0] WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 [ 168.646602][ C0] Modules linked in: [ 168.646622][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 168.646644][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 168.646656][ C0] RIP: 0010:est_timer+0x6dc/0x9f0 [ 168.646678][ C0] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 ed 22 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 d5 e7 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff [ 168.646695][ C0] RSP: 0000:ffffc900001577a0 EFLAGS: 00010246 [ 168.646713][ C0] RAX: ffffffff88dc772b RBX: 0000000000000001 RCX: ffff88801c295940 [ 168.646728][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 168.646739][ C0] RBP: ffffc900001578b0 R08: 0000000000000000 R09: 0000000000000100 [ 168.646752][ C0] R10: dffffc0000000000 R11: fffff5200002af0a R12: 0000000000000007 [ 168.646767][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88802ac85c68 [ 168.646780][ C0] FS: 0000000000000000(0000) GS:ffff8881268c1000(0000) knlGS:0000000000000000 [ 168.646797][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 168.646811][ C0] CR2: 00007f820b4935a2 CR3: 0000000030e16000 CR4: 00000000003526f0 [ 168.646828][ C0] Call Trace: [ 168.646836][ C0] [ 168.646861][ C0] ? __pfx_est_timer+0x10/0x10 [ 168.646898][ C0] call_timer_fn+0x17e/0x5f0 [ 168.646925][ C0] ? __pfx_est_timer+0x10/0x10 [ 168.646946][ C0] ? call_timer_fn+0xbe/0x5f0 [ 168.646971][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 168.647007][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.647033][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.647056][ C0] ? __pfx_est_timer+0x10/0x10 [ 168.647080][ C0] __run_timer_base+0x648/0x970 [ 168.647121][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 168.647164][ C0] run_timer_softirq+0xb7/0x180 [ 168.647187][ C0] handle_softirqs+0x22f/0x710 [ 168.647222][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 168.647256][ C0] run_ktimerd+0xcf/0x190 [ 168.647277][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 168.647299][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 168.647320][ C0] ? smpboot_thread_fn+0x5f4/0xa60 [ 168.647340][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 168.647358][ C0] smpboot_thread_fn+0x53f/0xa60 [ 168.647382][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 168.647416][ C0] kthread+0x70e/0x8a0 [ 168.647450][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 168.647474][ C0] ? __pfx_kthread+0x10/0x10 [ 168.647507][ C0] ? __pfx_kthread+0x10/0x10 [ 168.647530][ C0] ret_from_fork+0x3f9/0x770 [ 168.647560][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 168.647590][ C0] ? __switch_to_asm+0x39/0x70 [ 168.647608][ C0] ? __switch_to_asm+0x33/0x70 [ 168.647624][ C0] ? __pfx_kthread+0x10/0x10 [ 168.647653][ C0] ret_from_fork_asm+0x1a/0x30 [ 168.647690][ C0] [ 168.647705][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 168.647720][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 168.647740][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 168.647749][ C0] Call Trace: [ 168.647756][ C0] [ 168.647762][ C0] dump_stack_lvl+0x99/0x250 [ 168.647787][ C0] ? __asan_memcpy+0x40/0x70 [ 168.647808][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.647831][ C0] ? __pfx__printk+0x10/0x10 [ 168.647861][ C0] vpanic+0x281/0x750 [ 168.647884][ C0] ? __pfx__printk+0x10/0x10 [ 168.647905][ C0] ? __pfx_vpanic+0x10/0x10 [ 168.647933][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 168.647974][ C0] panic+0xb9/0xc0 [ 168.648000][ C0] ? __pfx_panic+0x10/0x10 [ 168.648045][ C0] __warn+0x31b/0x4b0 [ 168.648071][ C0] ? est_timer+0x6dc/0x9f0 [ 168.648095][ C0] ? est_timer+0x6dc/0x9f0 [ 168.648116][ C0] report_bug+0x2be/0x4f0 [ 168.648138][ C0] ? est_timer+0x6dc/0x9f0 [ 168.648156][ C0] ? est_timer+0x6dc/0x9f0 [ 168.648175][ C0] ? est_timer+0x6de/0x9f0 [ 168.648193][ C0] handle_bug+0x84/0x160 [ 168.648222][ C0] exc_invalid_op+0x1a/0x50 [ 168.648249][ C0] asm_exc_invalid_op+0x1a/0x20 [ 168.648268][ C0] RIP: 0010:est_timer+0x6dc/0x9f0 [ 168.648282][ C0] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 ed 22 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 d5 e7 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff [ 168.648293][ C0] RSP: 0000:ffffc900001577a0 EFLAGS: 00010246 [ 168.648308][ C0] RAX: ffffffff88dc772b RBX: 0000000000000001 RCX: ffff88801c295940 [ 168.648323][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 168.648335][ C0] RBP: ffffc900001578b0 R08: 0000000000000000 R09: 0000000000000100 [ 168.648348][ C0] R10: dffffc0000000000 R11: fffff5200002af0a R12: 0000000000000007 [ 168.648361][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88802ac85c68 [ 168.648383][ C0] ? est_timer+0x6db/0x9f0 [ 168.648430][ C0] ? __pfx_est_timer+0x10/0x10 [ 168.648466][ C0] call_timer_fn+0x17e/0x5f0 [ 168.648492][ C0] ? __pfx_est_timer+0x10/0x10 [ 168.648513][ C0] ? call_timer_fn+0xbe/0x5f0 [ 168.648539][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 168.648583][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 168.648609][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.648633][ C0] ? __pfx_est_timer+0x10/0x10 [ 168.648658][ C0] __run_timer_base+0x648/0x970 [ 168.648702][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 168.648746][ C0] run_timer_softirq+0xb7/0x180 [ 168.648772][ C0] handle_softirqs+0x22f/0x710 [ 168.648810][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 168.648848][ C0] run_ktimerd+0xcf/0x190 [ 168.648875][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 168.648905][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 168.648931][ C0] ? smpboot_thread_fn+0x5f4/0xa60 [ 168.648957][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 168.648981][ C0] smpboot_thread_fn+0x53f/0xa60 [ 168.649008][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 168.649044][ C0] kthread+0x70e/0x8a0 [ 168.649077][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 168.649102][ C0] ? __pfx_kthread+0x10/0x10 [ 168.649137][ C0] ? __pfx_kthread+0x10/0x10 [ 168.649168][ C0] ret_from_fork+0x3f9/0x770 [ 168.649197][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 168.649231][ C0] ? __switch_to_asm+0x39/0x70 [ 168.649250][ C0] ? __switch_to_asm+0x33/0x70 [ 168.649268][ C0] ? __pfx_kthread+0x10/0x10 [ 168.649298][ C0] ret_from_fork_asm+0x1a/0x30 [ 168.649337][ C0] [ 168.649575][ C0] Kernel Offset: disabled