last executing test programs: 1m27.075489263s ago: executing program 4 (id=5): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGSTRING(r1, 0x81044804, 0x0) rt_sigqueueinfo(0x0, 0x21, 0x0) 1m23.759837746s ago: executing program 4 (id=24): syz_open_dev$evdev(&(0x7f0000000440), 0x0, 0x100) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0xfc) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x101fc, 0x0, 0x1000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) read(r3, &(0x7f0000000080)=""/146, 0x92) ioctl$TCSETS2(r3, 0x402c542b, &(0x7f0000000040)={0x6, 0x1006, 0xefcc, 0x0, 0x5, "f46fca54683cc267a000002000", 0x5, 0xb}) ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000)) 1m10.987396606s ago: executing program 4 (id=48): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace(0x10, 0x0) wait4(0x0, 0x0, 0x40000001, 0x0) r2 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000000000), 0x4) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000)=0xfffffffc, 0x4) r3 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) ioctl$TCXONC(r3, 0x540a, 0x2) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x1000000, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="571b6610cb2eca", @ANYRESHEX, @ANYBLOB=',\x00']) close_range(r0, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r5 = memfd_create(&(0x7f00000025c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1cs1F59\xcdR\xc1\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9b\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\xe7\xd6\xa3', 0x6) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r5, 0x0) 1m8.404278446s ago: executing program 4 (id=52): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x99) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) 1m8.051660371s ago: executing program 4 (id=54): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) 1m7.694387075s ago: executing program 4 (id=55): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket(0x18, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$nl_route(0x10, 0x3, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000002c0)="ae", 0x1, 0xfffffffffffffffd) keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) r2 = socket$nl_generic(0x10, 0x3, 0x10) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000280)=""/254) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x18, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x4, 0x18, 0x0, 0x0, @binary}]}, 0x18}}, 0x84) 1m5.408935588s ago: executing program 32 (id=55): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket(0x18, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$nl_route(0x10, 0x3, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000002c0)="ae", 0x1, 0xfffffffffffffffd) keyctl$read(0xb, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) r2 = socket$nl_generic(0x10, 0x3, 0x10) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000280)=""/254) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x18, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x4, 0x18, 0x0, 0x0, @binary}]}, 0x18}}, 0x84) 14.672657403s ago: executing program 0 (id=158): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000000000000000010000000900010073797a30000000000900020073797a300000000014000380080002400000000008000140000000002c000000180a0500000000000000000001000000090001007379"], 0xc8}}, 0x4000450) 11.705832907s ago: executing program 0 (id=162): r0 = io_uring_setup(0x1450, &(0x7f0000000180)={0x0, 0x73d5, 0x80, 0x3, 0x1f}) syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x85, 0x0, r0}, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = fsopen(&(0x7f00000001c0)='binder\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0xf) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000280)={'nr0\x00', @local}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_PARM(r4, 0xc0cc5615, &(0x7f0000000040)={0x6, @raw_data="6f59aa3f976c16c7bdd57ffe8e7afefa173fdb6ff8bcdc99e74b75193d0a1151ea5bab366440c581ecd948f3b6ebea331ed139eb4382856b3d0ce93ac60044f5be2d6ccaed67841ec2135a10cf911a226cedfc5e9b8ca04737cdda569503f21031b035eec19c04237299bb9a61e6d9d5eba649227634334f5a7d273e10e764415a598f4d06291d40e1cb196ea0bc4e276ec29a5408cf53c52e5f82d57c70ae50b92d84c2b1d1f46de379fc37600dc5e636ac5e7ee6e4ed896a54749dab74590d7a2555623f7edc03"}) 10.657417748s ago: executing program 0 (id=164): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x238, &(0x7f0000000740)={0x0, 0x21c2a, 0x10100, 0x0, 0x1fc, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r6, 0x0, 0x10) 10.652874925s ago: executing program 2 (id=165): io_setup(0x10000, &(0x7f0000000800)) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f00000003c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r5, 0xc03064b7, &(0x7f0000000200)={r6, r7, r8, 0x405, 0x752, 0x6, 0x10020000, 0x0, 0x0, 0xf, 0x200420, 0x200}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x4f, 0x0, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000500), 0x400, 0x0) getsockopt$sock_buf(r1, 0x1, 0x1f, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r4, 0xae80, 0x0) io_setup(0x9, &(0x7f0000002e40)) 10.573299824s ago: executing program 3 (id=166): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) r1 = syz_open_dev$evdev(0x0, 0x2, 0x80101) ioctl$EVIOCSMASK(r1, 0x40104593, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r3) 9.565465361s ago: executing program 3 (id=167): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$WG_CMD_SET_DEVICE(r0, 0x0, 0x0) syz_open_dev$rtc(0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) r2 = socket$xdp(0x2c, 0x3, 0x0) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$PTP_PEROUT_REQUEST2(r3, 0xc0603d0f, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000001c0)=0x100000, 0x4) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff00000003", 0x47}], 0x1) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000040), 0x4) 9.461853218s ago: executing program 0 (id=168): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x8) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) sysfs$1(0x1, &(0x7f0000000300)='\\\'+$#\x00') syz_open_procfs(0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$inet(0xa, 0x1, 0x100) listen(r2, 0x8) unlink(&(0x7f00000000c0)='./cgroup/cgroup.procs\x00') syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="f7", @ANYRESDEC], 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r4 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000080)={0x10000004}) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(r5, 0xc02c5625, &(0x7f0000000180)={0x0, 0x9, @value=0x4}) socket$netlink(0x10, 0x3, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0) mq_open(0x0, 0x0, 0x0, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) 9.150006764s ago: executing program 1 (id=169): r0 = syz_open_dev$vcsn(&(0x7f0000000b40), 0x1ff, 0x400) read$FUSE(r0, &(0x7f0000001c80)={0x2020}, 0x2020) 9.075164936s ago: executing program 2 (id=170): socket$netlink(0x10, 0x3, 0x0) socket(0x400000000010, 0x3, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x80400, 0x0) socket(0x10, 0x803, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000000009040000150300000009214000000122"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0x8, "9e3ce079"}]}}, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[], 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0) pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x9, 0x4, 0x0, 0xffffffff, 0x8}, 0x0, &(0x7f0000000080)={0x7fc, 0x2, 0x4000000000800000, 0xfffffffffffffffc, 0x0, 0xc3ad}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8.877545323s ago: executing program 1 (id=171): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bd2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000002000)=""/102400, 0x19000) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @loopback}, 0x10) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x400c844) 8.643348221s ago: executing program 1 (id=172): openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x8000) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) keyctl$clear(0x5, 0xffffffffffffffff) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) syz_usb_connect(0x6, 0x75, &(0x7f0000000780)=ANY=[@ANYBLOB="1201010240d85bc7b1131100345c010203010902630002040800070904880400c192fa280724060000d2cf0524001c620d240f0100000000020005f29011cc03080353ee97050a2401f90a0002010209240306070302020809050810200009090c020109050f0300040609fe09050d00000402070e"], &(0x7f0000000280)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x9, 0x2, 0xf4, 0x20, 0x93}, 0x27, 0x0, 0x1, [{0x0, 0x0}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x5a) sched_setaffinity(0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x1f) setns(r2, 0x24020000) syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) socket$inet_tcp(0x2, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48) 7.565319169s ago: executing program 5 (id=173): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000000000000000010000000900010073797a30000000000900020073797a300000000014000380080002400000000008000140000000002c000000180a05000000000000000000010000000900010073797a30000000"], 0xc8}}, 0x4000450) 7.356491799s ago: executing program 5 (id=174): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket(0x2b, 0x1, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f0000001280)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2}) io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000000)={0xfeffffff, r2, 0x23, {0x3b4, 0x6d3}, 0x6}, 0x1) 6.881828537s ago: executing program 5 (id=175): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x101000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) semop(0x0, &(0x7f00000003c0), 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x400000009) socket(0x10, 0x3, 0x0) getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x9, 0x0, &(0x7f0000000040)) mount$tmpfs(0x0, 0x0, 0x0, 0x20080a0, &(0x7f0000000200)=ANY=[]) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3, 0x4}}, './file0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='mr_integ_alloc\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[], 0x34}}, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) ioprio_get$pid(0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 6.200833209s ago: executing program 3 (id=176): socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='limits\x00') setxattr$incfs_size(&(0x7f0000000140)='./cgroup\x00', &(0x7f0000000180), 0x0, 0x0, 0x2) 5.186307755s ago: executing program 3 (id=177): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) r1 = syz_open_dev$evdev(0x0, 0x2, 0x80101) ioctl$EVIOCSMASK(r1, 0x40104593, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r3) 5.043288298s ago: executing program 1 (id=178): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), r4) sendmsg$NLBL_MGMT_C_LISTALL(r4, 0x0, 0x20040880) fsmount(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) readv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000180)=""/151, 0x97}], 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r5) sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002dbd7000fedbdf252c000000180001801400020064756d6d7930"], 0x2c}, 0x1, 0x0, 0x0, 0x20048881}, 0x2000c800) syz_usb_connect(0x0, 0x24, 0x0, 0x0) 5.042355007s ago: executing program 2 (id=179): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={0x0}) r1 = syz_open_dev$dri(0x0, 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) socket$kcm(0x10, 0x2, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_SPLICE={0x1e, 0x10, 0x0, @fd_index=0x9, 0x5, {0x0, r2}, 0xf, 0x0, 0x1}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$6lowpan_control(r3, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) 4.852063171s ago: executing program 3 (id=180): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r2 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r3 = socket(0x40000000015, 0x5, 0x0) getpid() r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0xfffffffd, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4, 0x2d}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x44000}, 0x0) socket$igmp(0x2, 0x3, 0x2) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), r3) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r5, 0x100, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x89b8622cb3938d6}, 0x40) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) close_range(r6, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERYCAP(0xffffffffffffffff, 0x80685600, &(0x7f0000000000)) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000027000100000000000000000a01"], 0x50}}, 0x0) r8 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r8, 0x80045530, &(0x7f00000000c0)=""/111) 3.573752512s ago: executing program 2 (id=181): syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x0, 0xff, 0x5a, 0xa3}}]}}]}}, 0x0) 3.362159938s ago: executing program 5 (id=182): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) 3.032348437s ago: executing program 5 (id=183): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003740)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000280)="475ae6fd433161fd8e420b6d6fa9d61a6c129d4d1a750e8bcefea03dba493863a39e7871b5a356c7d6206c942de4c7e0b1e12b8a7de71fb26a181c00586a8b4b3587dfa721f78a317cfd0026b335cbccccef7d7181ba750aa88e004efbc3e49a62147f4c4367a47b340213d81a54329bfa2466204233e6e4d19a0bc55b2f686e9fb6e5bd2f10d7481bf8701282d17d4ded1efc08d08eeb7bb314f7ff4bf6f20763", 0xa1}], 0x1}}], 0x1, 0xd0) openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000100)=ANY=[@ANYRESHEX=r3, @ANYRES8=r4, @ANYRESHEX=r1], 0x0, 0x3}, 0x94) r5 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) write$P9_RREMOVE(r5, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0xa}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xffffffffffffff71, 0x2, 0x0, 0x1, [@NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x70}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_coalesce={0xf, 0x80, 0x10000, 0x6, 0xc6, 0x8001, 0xb28e, 0x46, 0x6, 0x81, 0x6, 0x3, 0x8, 0x8008, 0x8000, 0xae, 0x101, 0x2, 0xfff, 0x4d, 0x1000000, 0x1000001, 0x15b}}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x68, 0x14, 0xf0b, 0xfffffffe, 0x0, {0x2, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xfff1, 0x5}, {0x6, 0xffff}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}}, {0x4}}, {{0x1c, 0x1, {0xd, 0x4, 0xc, 0x487, 0x1, 0x0, 0xfffffffc}}, {0x4}}]}]}, 0x68}}, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) 2.7990151s ago: executing program 0 (id=184): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000000000000000010000000900010073797a30000000000900020073797a300000000014000380080002400000000008000140000000002c000000180a05000000000000000000010000000900010073797a30000000"], 0xc8}}, 0x4000450) 2.435932619s ago: executing program 0 (id=185): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000b5443340861a22753635010203010902120001000000000904"], 0x0) syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000540)={0x34, &(0x7f0000000000)={0x40, 0x11, 0x2, "6604"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000240)={0x40, 0x12, 0x2, "500e"}, 0x0, 0x0, 0x0, 0x0}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000680)=ANY=[@ANYRES32=r1, @ANYRES16=0x0], &(0x7f0000000000)='GPL\x00', 0x80000001, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='mm_khugepaged_scan_pmd\x00', r4, 0x0, 0x2}, 0x18) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) clock_settime(0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$PPPIOCSMRU1(0xffffffffffffffff, 0x40047452, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4}}]}, 0x34}}, 0x0) 2.025759243s ago: executing program 3 (id=186): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0) read$msr(r1, &(0x7f0000019540)=""/102400, 0x19000) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x2, &(0x7f0000000000)=0x6, 0x4) bind$inet6(r2, &(0x7f0000000400)={0xa, 0x2, 0xac3, @loopback, 0x9}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 1.643224955s ago: executing program 1 (id=187): socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='limits\x00') setxattr$incfs_size(&(0x7f0000000140)='./cgroup\x00', &(0x7f0000000180), 0x0, 0x0, 0x2) 1.507559225s ago: executing program 5 (id=188): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) msgget$private(0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000280)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x10}}, 0x10) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) 281.471709ms ago: executing program 1 (id=189): openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x8000) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) keyctl$clear(0x5, 0xffffffffffffffff) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) syz_usb_connect(0x6, 0x75, &(0x7f0000000780)=ANY=[@ANYBLOB="1201010240d85bc7b1131100345c010203010902630002040800070904880400c192fa280724060000d2cf0524001c620d240f0100000000020005f29011cc03080353ee97050a2401f90a0002010209240306070302020809050810200009090c020109050f0300040609fe09050d00000402070e"], &(0x7f0000000280)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x9, 0x2, 0xf4, 0x20, 0x93}, 0x27, 0x0, 0x1, [{0x0, 0x0}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x5a) sched_setaffinity(0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f) setns(r2, 0x24020000) syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0) preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) socket$inet_tcp(0x2, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48) 233.906632ms ago: executing program 2 (id=190): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) r1 = syz_open_dev$evdev(0x0, 0x2, 0x80101) ioctl$EVIOCSMASK(r1, 0x40104593, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r3) 0s ago: executing program 2 (id=191): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r2}, 0x10) r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x800) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, 0x0, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x418, 0x0, 0x940c, 0x3002, 0x210, 0x2c0, 0x348, 0x3d8, 0x3d8, 0x348, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x2, 0x1, 0x0, 'syz0\x00'}}, @common=@eui64={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@loopback, @empty, [0xffffff00, 0xffff00, 0xff, 0xffffff00], [0xff, 0xff000000, 0x0, 0xff000000], 'syzkaller1\x00', 'macvtap0\x00', {}, {}, 0x1, 0x9, 0x1, 0x8}, 0x0, 0xd0, 0x138, 0x0, {0x700}, [@common=@inet=@socket2={{0x28}, 0x2}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x478) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.223' (ED25519) to the list of known hosts. [ 84.229897][ T5822] cgroup: Unknown subsys name 'net' [ 84.367244][ T5822] cgroup: Unknown subsys name 'cpuset' [ 84.376716][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.077753][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.806504][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.814335][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.817042][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.823290][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.837092][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.844698][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.846048][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.852493][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.860850][ T5847] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.866883][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.874495][ T5847] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.881556][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.887778][ T5847] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.894505][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.914456][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.914616][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.932965][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.934375][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.948206][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.961739][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.985374][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.010723][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.023377][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.062304][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.078173][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.693131][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 91.759465][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 91.869561][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 91.991518][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 92.020500][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 92.065288][ T9] cfg80211: failed to load regulatory.db [ 92.187375][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.195416][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.202926][ T5832] bridge_slave_0: entered allmulticast mode [ 92.210315][ T5832] bridge_slave_0: entered promiscuous mode [ 92.219050][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.228609][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.236999][ T5835] bridge_slave_0: entered allmulticast mode [ 92.246530][ T5835] bridge_slave_0: entered promiscuous mode [ 92.279630][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.287488][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.295375][ T5834] bridge_slave_0: entered allmulticast mode [ 92.303945][ T5834] bridge_slave_0: entered promiscuous mode [ 92.312017][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.319302][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.326542][ T5834] bridge_slave_1: entered allmulticast mode [ 92.334648][ T5834] bridge_slave_1: entered promiscuous mode [ 92.342384][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.349838][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.357081][ T5832] bridge_slave_1: entered allmulticast mode [ 92.365066][ T5832] bridge_slave_1: entered promiscuous mode [ 92.371968][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.379282][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.386543][ T5835] bridge_slave_1: entered allmulticast mode [ 92.395455][ T5835] bridge_slave_1: entered promiscuous mode [ 92.530621][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.544637][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.587647][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.599854][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.638399][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.645729][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.653993][ T5849] bridge_slave_0: entered allmulticast mode [ 92.661316][ T5849] bridge_slave_0: entered promiscuous mode [ 92.671323][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.683486][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.724673][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.731843][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.739238][ T5849] bridge_slave_1: entered allmulticast mode [ 92.747184][ T5849] bridge_slave_1: entered promiscuous mode [ 92.807192][ T5835] team0: Port device team_slave_0 added [ 92.816383][ T5835] team0: Port device team_slave_1 added [ 92.822409][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.829959][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.838951][ T5833] bridge_slave_0: entered allmulticast mode [ 92.846416][ T5833] bridge_slave_0: entered promiscuous mode [ 92.854968][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.862266][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.869707][ T5833] bridge_slave_1: entered allmulticast mode [ 92.877033][ T5833] bridge_slave_1: entered promiscuous mode [ 92.912202][ T5832] team0: Port device team_slave_0 added [ 92.943738][ T5843] Bluetooth: hci3: command tx timeout [ 92.944669][ T5837] Bluetooth: hci2: command tx timeout [ 92.991218][ T5834] team0: Port device team_slave_0 added [ 93.000217][ T5834] team0: Port device team_slave_1 added [ 93.008200][ T5832] team0: Port device team_slave_1 added [ 93.015169][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.022124][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.048214][ T5837] Bluetooth: hci0: command tx timeout [ 93.048893][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.082894][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.103103][ T5837] Bluetooth: hci1: command tx timeout [ 93.124599][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.131590][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.157585][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.171475][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.182796][ T5837] Bluetooth: hci4: command tx timeout [ 93.185662][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.234548][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.284867][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.291863][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.318394][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.330258][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.337587][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.363738][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.376541][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.384038][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.410377][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.461018][ T5849] team0: Port device team_slave_0 added [ 93.467814][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.475044][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.502607][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.546287][ T5833] team0: Port device team_slave_0 added [ 93.554930][ T5849] team0: Port device team_slave_1 added [ 93.562597][ T5833] team0: Port device team_slave_1 added [ 93.608587][ T5835] hsr_slave_0: entered promiscuous mode [ 93.618127][ T5835] hsr_slave_1: entered promiscuous mode [ 93.674746][ T5832] hsr_slave_0: entered promiscuous mode [ 93.681171][ T5832] hsr_slave_1: entered promiscuous mode [ 93.687598][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.695454][ T5832] Cannot create hsr debugfs directory [ 93.704328][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.711296][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.737298][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.764519][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.771503][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.798403][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.859211][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.866653][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.892864][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.919601][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.926651][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.952772][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.015951][ T5834] hsr_slave_0: entered promiscuous mode [ 94.022584][ T5834] hsr_slave_1: entered promiscuous mode [ 94.031661][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.039528][ T5834] Cannot create hsr debugfs directory [ 94.149361][ T5833] hsr_slave_0: entered promiscuous mode [ 94.156749][ T5833] hsr_slave_1: entered promiscuous mode [ 94.163403][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.171008][ T5833] Cannot create hsr debugfs directory [ 94.260747][ T5849] hsr_slave_0: entered promiscuous mode [ 94.269869][ T5849] hsr_slave_1: entered promiscuous mode [ 94.276500][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.284900][ T5849] Cannot create hsr debugfs directory [ 94.725854][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.740127][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.769977][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.783139][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.844329][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.871360][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.884740][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.898756][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.981093][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.008895][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.029101][ T5837] Bluetooth: hci2: command tx timeout [ 95.029153][ T5843] Bluetooth: hci3: command tx timeout [ 95.037741][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.070481][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.103154][ T5843] Bluetooth: hci0: command tx timeout [ 95.185593][ T5843] Bluetooth: hci1: command tx timeout [ 95.191975][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.221423][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.230568][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.257565][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.265940][ T5843] Bluetooth: hci4: command tx timeout [ 95.299674][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.340167][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.380919][ T5849] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.397502][ T5849] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.412411][ T3491] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.419714][ T3491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.450135][ T5849] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.460657][ T5849] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.479182][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.486461][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.557113][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.598510][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.630871][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.670842][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.678012][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.720758][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.738023][ T3508] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.745243][ T3508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.778220][ T3508] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.785393][ T3508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.822248][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.829416][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.866473][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.936773][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.001370][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.020179][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.027524][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.081218][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.088685][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.149405][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.202284][ T1137] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.209490][ T1137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.309778][ T1137] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.316992][ T1137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.405097][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.551044][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.591526][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.610043][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.805895][ T5832] veth0_vlan: entered promiscuous mode [ 96.831696][ T5834] veth0_vlan: entered promiscuous mode [ 96.874050][ T5832] veth1_vlan: entered promiscuous mode [ 96.881021][ T5835] veth0_vlan: entered promiscuous mode [ 96.901714][ T5834] veth1_vlan: entered promiscuous mode [ 96.928606][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.948819][ T5835] veth1_vlan: entered promiscuous mode [ 97.033854][ T5832] veth0_macvtap: entered promiscuous mode [ 97.068360][ T5832] veth1_macvtap: entered promiscuous mode [ 97.101703][ T5834] veth0_macvtap: entered promiscuous mode [ 97.109922][ T5843] Bluetooth: hci2: command tx timeout [ 97.113110][ T5837] Bluetooth: hci3: command tx timeout [ 97.128211][ T5835] veth0_macvtap: entered promiscuous mode [ 97.139468][ T5835] veth1_macvtap: entered promiscuous mode [ 97.174236][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.182508][ T5834] veth1_macvtap: entered promiscuous mode [ 97.188640][ T5837] Bluetooth: hci0: command tx timeout [ 97.216744][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.225353][ T5833] veth0_vlan: entered promiscuous mode [ 97.245894][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.262182][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.269988][ T5837] Bluetooth: hci1: command tx timeout [ 97.302327][ T5833] veth1_vlan: entered promiscuous mode [ 97.311715][ T3508] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.332383][ T3508] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.353467][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.361532][ T5837] Bluetooth: hci4: command tx timeout [ 97.371361][ T3508] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.381000][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.411572][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.428553][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.449283][ T3548] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.474236][ T3548] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.513942][ T3548] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.528636][ T3548] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.558313][ T3548] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.570669][ T3548] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.608875][ T3548] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.659793][ T3548] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.740251][ T5833] veth0_macvtap: entered promiscuous mode [ 97.766868][ T3539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.776047][ T5833] veth1_macvtap: entered promiscuous mode [ 97.786870][ T3539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.835354][ T3548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.848891][ T3548] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.883368][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.917992][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.926456][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.946993][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.998373][ T3548] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.020622][ T3548] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.042290][ T71] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.060809][ T71] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.074118][ T5849] veth0_vlan: entered promiscuous mode [ 98.089928][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.111319][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 98.119638][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.128200][ T71] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.149388][ T71] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.198683][ T5849] veth1_vlan: entered promiscuous mode [ 98.262245][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.271170][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.479578][ T3548] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.536818][ T3548] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.592908][ T5849] veth0_macvtap: entered promiscuous mode [ 98.608620][ T5849] veth1_macvtap: entered promiscuous mode [ 99.293956][ T5843] Bluetooth: hci2: command tx timeout [ 99.299809][ T5843] Bluetooth: hci0: command tx timeout [ 99.305342][ T5837] Bluetooth: hci3: command tx timeout [ 99.347684][ T5837] Bluetooth: hci1: command tx timeout [ 99.361909][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.405797][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.495383][ T5837] Bluetooth: hci4: command tx timeout [ 99.611513][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.651604][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.212978][ T3491] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.229483][ T3491] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.265575][ T3491] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.290824][ T3491] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.281670][ T5984] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.483347][ T3539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.509253][ T3539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.543209][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.559375][ T5988] xt_hashlimit: size too large, truncated to 1048576 [ 101.563625][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.574938][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.585160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 101.594578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.702042][ T3539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.832776][ T3539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.887272][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 101.888220][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.896522][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.091949][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10a!!! [ 102.091989][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 102.361893][ C0] vkms_vblank_simulate: vblank timer overrun [ 103.576691][ T6004] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 103.597063][ T6004] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.618240][ T6004] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.693537][ T6004] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 103.756028][ T6004] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.791100][ T6004] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.822310][ T6004] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 103.850973][ T6004] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.880140][ T6004] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.908438][ T6004] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 103.921704][ T6004] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 103.981014][ T6004] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 104.000509][ T6004] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 104.025651][ T6004] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 104.038644][ T6004] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 104.352934][ T5836] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 105.022944][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 105.696290][ T5836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.743273][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 105.784151][ T5836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.794262][ T5836] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 105.807233][ T5836] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 105.816395][ T5836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.825096][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 105.920164][ T5836] usb 5-1: config 0 descriptor?? [ 105.989388][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 106.065299][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 106.210759][ T5836] usbhid 5-1:0.0: can't add hid device: -71 [ 106.242837][ T5836] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 106.271838][ T5836] usb 5-1: USB disconnect, device number 2 [ 106.724011][ T6043] No such timeout policy "syz0" [ 106.804984][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 107.127400][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.167372][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 107.227555][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 107.246297][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83 [ 107.281851][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 107.301890][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 107.481410][ T9] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e [ 107.510451][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.535348][ T9] usb 2-1: Product: syz [ 107.539583][ T9] usb 2-1: Manufacturer: syz [ 107.604464][ T6048] netlink: 68 bytes leftover after parsing attributes in process `syz.3.27'. [ 108.227028][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 108.234181][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 108.241896][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.248037][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 108.349920][ T9] usb 2-1: SerialNumber: syz [ 108.409215][ T9] usb 2-1: config 0 descriptor?? [ 108.507566][ T9] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input5 [ 108.952130][ T5903] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 109.033207][ T2151] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 109.182950][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout [ 109.191186][ T5903] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 109.311570][ T2151] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 109.384453][ T5903] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 109.449193][ T2151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.520550][ T5903] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 109.560925][ T2151] usb 4-1: Product: syz [ 109.605056][ T2151] usb 4-1: Manufacturer: syz [ 109.620000][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.648376][ T2151] usb 4-1: SerialNumber: syz [ 109.704751][ T9] imon:send_packet: packet tx failed (-71) [ 109.765776][ T2151] usb 4-1: config 0 descriptor?? [ 109.779190][ T6052] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 109.929646][ T2151] ch341 4-1:0.0: ch341-uart converter detected [ 110.045838][ T5903] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 110.313718][ T5843] Bluetooth: hci4: command 0x0c1a tx timeout [ 110.314065][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 110.314162][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.320254][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 110.551674][ T9] imon 2-1:0.0: panel buttons/knobs setup failed [ 110.554464][ T6061] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 110.564733][ T6061] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 110.692846][ T9] rc_core: IR keymap rc-imon-pad not found [ 110.701257][ T9] Registered IR keymap rc-empty [ 110.715787][ T9] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 110.752727][ T9] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 110.765615][ T6061] vhci_hcd vhci_hcd.0: Device attached [ 110.928393][ T9] imon:send_packet: packet tx failed (-71) [ 110.945677][ T5836] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 111.068510][ T5903] usb 3-1: USB disconnect, device number 2 [ 111.087840][ T9] imon 2-1:0.0: remote input dev register failed [ 111.228503][ T6063] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 111.341224][ T9] imon 2-1:0.0: imon_init_intf0: rc device setup failed [ 111.660128][ T6062] vhci_hcd: connection closed [ 111.724885][ T6071] warning: `syz.0.33' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 111.838392][ T71] vhci_hcd: stop threads [ 111.905213][ T71] vhci_hcd: release socket [ 111.997935][ T71] vhci_hcd: disconnect device [ 112.063767][ T2151] ch341-uart ttyUSB0: failed to read break control: -110 [ 112.071009][ T2151] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110 [ 113.942478][ T9] imon 2-1:0.0: unable to initialize intf0, err 0 [ 113.942718][ T9] imon:imon_probe: failed to initialize context! [ 113.942775][ T9] imon 2-1:0.0: unable to register, err -19 [ 114.313312][ T9] usb 2-1: USB disconnect, device number 2 [ 114.725853][ T6079] tty tty4: ldisc open failed (-12), clearing slot 3 [ 114.799727][ T2151] usb 4-1: USB disconnect, device number 2 [ 114.836067][ T2151] ch341 4-1:0.0: device disconnected [ 116.312893][ T5836] vhci_hcd: vhci_device speed not set [ 118.619654][ T5851] Bluetooth: hci0: unexpected event for opcode 0x1001 [ 118.760937][ T6104] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 118.770044][ T10] IPVS: starting estimator thread 0... [ 118.917955][ T2151] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 118.926567][ T6114] IPVS: using max 31 ests per chain, 74400 per kthread [ 119.112766][ T2151] usb 4-1: Using ep0 maxpacket: 8 [ 119.130589][ T2151] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 119.218399][ T2151] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 119.252736][ T5836] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 121.027835][ T2151] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 121.215050][ T2151] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 121.229977][ T2151] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 121.377501][ T2151] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.389809][ T5836] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 121.412679][ T5836] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.439842][ T2151] usb 4-1: can't set config #1, error -71 [ 121.462079][ T5836] usb 1-1: Product: syz [ 121.486247][ T5836] usb 1-1: Manufacturer: syz [ 121.497978][ T2151] usb 4-1: USB disconnect, device number 3 [ 121.508326][ T5836] usb 1-1: SerialNumber: syz [ 121.543737][ T5836] usb 1-1: config 0 descriptor?? [ 121.581948][ T5836] ch341 1-1:0.0: ch341-uart converter detected [ 122.102810][ T5915] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 122.274399][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 122.280327][ T3423] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.322447][ T5915] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 122.405255][ T5915] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 122.442833][ T5915] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 122.453796][ T5915] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 122.467377][ T5915] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 122.478383][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.632594][ T3423] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.718801][ T5915] usb 3-1: GET_CAPABILITIES returned 0 [ 122.738737][ T5915] usbtmc 3-1:16.0: can't read capabilities [ 123.874096][ T5836] ch341-uart ttyUSB0: failed to read break control: -110 [ 123.963423][ T5836] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110 [ 124.034599][ T5915] usb 3-1: USB disconnect, device number 3 [ 124.398655][ T3423] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.512200][ T6152] [U]  [ 126.550657][ T10] usb 1-1: USB disconnect, device number 2 [ 126.605671][ T10] ch341 1-1:0.0: device disconnected [ 127.703730][ T3423] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.003400][ T5910] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 128.023266][ T2151] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 128.111710][ T3423] bridge_slave_1: left allmulticast mode [ 128.120047][ T3423] bridge_slave_1: left promiscuous mode [ 128.126491][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 128.135718][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 128.144236][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 128.153279][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 128.161640][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 128.174487][ T3423] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.183816][ T5910] usb 1-1: Using ep0 maxpacket: 16 [ 128.191551][ T3423] bridge_slave_0: left allmulticast mode [ 128.201310][ T2151] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.215309][ T3423] bridge_slave_0: left promiscuous mode [ 128.227877][ T2151] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 128.231472][ T5910] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.239112][ T3423] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.256111][ T2151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.279171][ T2151] usb 3-1: config 0 descriptor?? [ 128.289091][ T5910] usb 1-1: config 0 has no interfaces? [ 128.318281][ T5910] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 128.348473][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.547469][ T2151] usbhid 3-1:0.0: can't add hid device: -71 [ 128.551497][ T5910] usb 1-1: Product: syz [ 128.564245][ T2151] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 128.585192][ T5910] usb 1-1: Manufacturer: syz [ 128.594656][ T2151] usb 3-1: USB disconnect, device number 4 [ 128.603617][ T5910] usb 1-1: SerialNumber: syz [ 128.659588][ T5910] usb 1-1: config 0 descriptor?? [ 128.882138][ T6160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.022399][ T6160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.084599][ T10] usb 1-1: USB disconnect, device number 3 [ 129.223099][ T5837] Bluetooth: hci0: ACL packet too small [ 129.262872][ T2151] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 129.532767][ T2151] usb 3-1: Using ep0 maxpacket: 32 [ 129.554505][ T2151] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.748172][ T2151] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 129.906601][ T2151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.031331][ T2151] usb 3-1: config 0 descriptor?? [ 130.057369][ T2151] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 130.136948][ T2151] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 130.305228][ T5837] Bluetooth: hci4: command tx timeout [ 130.340492][ C0] ldusb 3-1:0.0: Ring buffer overflow, 8 bytes dropped [ 130.858393][ T3423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 130.898305][ T3423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 130.925945][ T3423] bond0 (unregistering): Released all slaves [ 132.412714][ T5837] Bluetooth: hci4: command tx timeout [ 132.461041][ T10] usb 3-1: USB disconnect, device number 5 [ 132.478395][ T10] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 133.028088][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.052940][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.489297][ T3423] hsr_slave_0: left promiscuous mode [ 133.511825][ T3423] hsr_slave_1: left promiscuous mode [ 133.639660][ T3423] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.011696][ T3423] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 134.063092][ T3423] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.070909][ T3423] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 134.210718][ T3423] veth1_macvtap: left promiscuous mode [ 134.252461][ T3423] veth0_macvtap: left promiscuous mode [ 134.265432][ T3423] veth1_vlan: left promiscuous mode [ 134.277497][ T3423] veth0_vlan: left promiscuous mode [ 134.462779][ T5837] Bluetooth: hci4: command tx timeout [ 134.625910][ T2151] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 134.813148][ T5940] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 134.828771][ T2151] usb 3-1: config 0 has no interfaces? [ 134.851004][ T2151] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 134.867267][ T2151] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.876126][ T2151] usb 3-1: Product: syz [ 134.880339][ T2151] usb 3-1: Manufacturer: syz [ 135.025567][ T2151] usb 3-1: SerialNumber: syz [ 135.047629][ T2151] usb 3-1: config 0 descriptor?? [ 135.098467][ T6256] netlink: 12 bytes leftover after parsing attributes in process `syz.0.80'. [ 135.108574][ T6256] Zero length message leads to an empty skb [ 135.159831][ T5940] usb 2-1: config 0 has no interfaces? [ 135.167815][ T5940] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 135.177726][ T5940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 135.243021][ T5940] usb 2-1: SerialNumber: syz [ 135.614938][ T5940] usb 2-1: config 0 descriptor?? [ 135.725904][ T5837] Bluetooth: hci2: ACL packet too small [ 136.446946][ T3423] team0 (unregistering): Port device team_slave_1 removed [ 136.542956][ T5837] Bluetooth: hci4: command tx timeout [ 136.730437][ T3423] team0 (unregistering): Port device team_slave_0 removed [ 137.619935][ T6263] netlink: 666 bytes leftover after parsing attributes in process `syz.1.78'. [ 137.757585][ T10] usb 3-1: USB disconnect, device number 6 [ 137.775887][ T5940] usb 2-1: USB disconnect, device number 3 [ 138.763219][ T5940] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 139.039606][ T5940] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.121725][ T5940] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 139.209407][ T5940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.281340][ T5940] usb 1-1: config 0 descriptor?? [ 139.737635][ T5940] usbhid 1-1:0.0: can't add hid device: -71 [ 139.808263][ T5940] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 139.977595][ T5940] usb 1-1: USB disconnect, device number 4 [ 140.112998][ T6170] chnl_net:caif_netlink_parms(): no params data found [ 140.461393][ T5940] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 140.526951][ T6292] ubi31: attaching mtd0 [ 140.533856][ T6292] ubi31: scanning is finished [ 140.538583][ T6292] ubi31: empty MTD device detected [ 140.648779][ T5940] usb 1-1: Using ep0 maxpacket: 32 [ 140.670653][ T6292] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 140.678513][ T6292] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 140.685989][ T6292] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 140.693168][ T6292] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 140.701871][ T6292] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 140.709061][ T6292] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 140.717995][ T6292] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3611111319 [ 140.728174][ T6292] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 140.739281][ T6302] ubi31: background thread "ubi_bgt31d" started, PID 6302 [ 140.741517][ T5940] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.765034][ T5940] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 140.792046][ T5940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.804873][ T6170] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.812874][ T6170] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.840771][ T5940] usb 1-1: config 0 descriptor?? [ 140.849537][ T6170] bridge_slave_0: entered allmulticast mode [ 140.861583][ T6170] bridge_slave_0: entered promiscuous mode [ 140.877698][ T5940] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 140.927031][ T6170] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.945548][ T5940] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 140.959513][ T6170] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.970012][ T6170] bridge_slave_1: entered allmulticast mode [ 140.980969][ T6170] bridge_slave_1: entered promiscuous mode [ 141.074245][ T5915] usb 1-1: USB disconnect, device number 5 [ 141.160885][ T5915] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 141.213513][ T6311] netlink: 12 bytes leftover after parsing attributes in process `syz.2.91'. [ 141.547736][ T6170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 141.585530][ T6170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 141.672764][ T5915] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 141.768686][ T6170] team0: Port device team_slave_0 added [ 141.801790][ T6170] team0: Port device team_slave_1 added [ 141.891804][ T5915] usb 1-1: config 0 has no interfaces? [ 141.915166][ T5915] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 141.947045][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.973561][ T5940] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 141.985394][ T5915] usb 1-1: Product: syz [ 142.000443][ T5915] usb 1-1: Manufacturer: syz [ 142.005643][ T6170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.021114][ T5915] usb 1-1: SerialNumber: syz [ 142.032802][ T6170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.090554][ T5915] usb 1-1: config 0 descriptor?? [ 142.114416][ T6170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.168813][ T5940] usb 2-1: config 0 has no interfaces? [ 142.177165][ T5940] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 142.223374][ T5940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 142.240687][ T6170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 142.288744][ T5940] usb 2-1: SerialNumber: syz [ 142.295151][ T6170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.340898][ T5940] usb 2-1: config 0 descriptor?? [ 142.379901][ T6170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 142.696482][ T6322] netlink: 666 bytes leftover after parsing attributes in process `syz.1.93'. [ 142.916893][ T6170] hsr_slave_0: entered promiscuous mode [ 142.937644][ T6170] hsr_slave_1: entered promiscuous mode [ 142.962382][ T6170] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 143.135983][ T6170] Cannot create hsr debugfs directory [ 143.203804][ T5903] usb 1-1: USB disconnect, device number 6 [ 143.521127][ T5837] Bluetooth: hci3: ACL packet too small [ 143.838590][ T6331] No such timeout policy "syz0" [ 145.326403][ T2151] usb 2-1: USB disconnect, device number 4 [ 145.366369][ T6170] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 145.436440][ T6170] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 145.662993][ T6170] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 146.431529][ T6170] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 146.922761][ T5915] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 147.125916][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.171869][ T6170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.186207][ T5915] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 147.226623][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.259749][ T5915] usb 2-1: config 0 descriptor?? [ 147.592001][ T5915] usbhid 2-1:0.0: can't add hid device: -71 [ 147.609206][ T5915] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 147.661576][ T6170] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.694157][ T5915] usb 2-1: USB disconnect, device number 5 [ 147.746477][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.753921][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.010186][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.017505][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.026600][ T6378] ubi: mtd0 is already attached to ubi31 [ 148.233508][ T5915] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 148.392782][ T5915] usb 2-1: Using ep0 maxpacket: 32 [ 148.417079][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.474003][ T5915] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 148.519724][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.570510][ T5915] usb 2-1: config 0 descriptor?? [ 148.612934][ T5915] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 148.747805][ T5915] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 148.834006][ C0] ldusb 2-1:0.0: Ring buffer overflow, 8 bytes dropped [ 149.864571][ T5915] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 149.971939][ T6170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.069662][ T5915] usb 1-1: config 0 has no interfaces? [ 150.102256][ T5915] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 150.179850][ T6405] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 150.199556][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.218578][ T5915] usb 1-1: Product: syz [ 150.249638][ T5915] usb 1-1: Manufacturer: syz [ 150.254829][ T5915] usb 1-1: SerialNumber: syz [ 150.264461][ T5915] usb 1-1: config 0 descriptor?? [ 150.554944][ T6407] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 150.648770][ T5940] usb 2-1: USB disconnect, device number 6 [ 150.719834][ T5940] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 151.375745][ T5903] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 151.546631][ T5903] usb 4-1: config 0 has no interfaces? [ 151.574147][ T5903] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 151.582241][ T6170] veth0_vlan: entered promiscuous mode [ 151.661706][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 151.689234][ T6427] capability: warning: `syz.1.112' uses deprecated v2 capabilities in a way that may be insecure [ 151.706154][ T6170] veth1_vlan: entered promiscuous mode [ 151.918556][ T5903] usb 4-1: SerialNumber: syz [ 151.966425][ T5903] usb 4-1: config 0 descriptor?? [ 152.039822][ T6170] veth0_macvtap: entered promiscuous mode [ 152.071461][ T6170] veth1_macvtap: entered promiscuous mode [ 152.170922][ T6170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.209473][ T6170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.218473][ T5940] usb 1-1: USB disconnect, device number 7 [ 152.240697][ T3539] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.256840][ T3539] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.298454][ T6435] netlink: 666 bytes leftover after parsing attributes in process `syz.3.110'. [ 152.323556][ T3539] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.348970][ T3539] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.457006][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 152.487817][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.629083][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 152.673149][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.137539][ T6442] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 153.842740][ T5836] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 154.130669][ T5940] usb 4-1: USB disconnect, device number 4 [ 154.458742][ T6470] [U]  [ 155.857394][ T6477] ubi: mtd0 is already attached to ubi31 [ 155.919019][ T6482] xt_hashlimit: size too large, truncated to 1048576 [ 156.716228][ T6482] syz.1.120: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 156.782275][ T6482] CPU: 1 UID: 0 PID: 6482 Comm: syz.1.120 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) [ 156.782308][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.782334][ T6482] Call Trace: [ 156.782342][ T6482] [ 156.782353][ T6482] dump_stack_lvl+0x189/0x250 [ 156.782406][ T6482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.782438][ T6482] ? __pfx__printk+0x10/0x10 [ 156.782462][ T6482] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 156.782496][ T6482] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 156.782530][ T6482] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 156.782572][ T6482] warn_alloc+0x214/0x310 [ 156.782604][ T6482] ? __pfx_warn_alloc+0x10/0x10 [ 156.782635][ T6482] ? __get_vm_area_node+0x28f/0x300 [ 156.782667][ T6482] ? htable_create+0xfc/0x7a0 [ 156.782697][ T6482] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 156.782765][ T6482] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 156.782806][ T6482] ? rcu_is_watching+0x15/0xb0 [ 156.782837][ T6482] ? htable_create+0xfc/0x7a0 [ 156.782861][ T6482] ? htable_create+0xfc/0x7a0 [ 156.782884][ T6482] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 156.782917][ T6482] ? htable_create+0xfc/0x7a0 [ 156.782941][ T6482] ? hashlimit_pernet+0x23/0x240 [ 156.782976][ T6482] htable_create+0xfc/0x7a0 [ 156.783011][ T6482] hashlimit_mt_check_common+0x719/0xa10 [ 156.783049][ T6482] xt_check_match+0x3d1/0xab0 [ 156.783080][ T6482] ? __pfx___mutex_lock+0x10/0x10 [ 156.783106][ T6482] ? __pfx_xt_check_match+0x10/0x10 [ 156.783135][ T6482] ? pcpu_alloc_noprof+0xfdd/0x16b0 [ 156.783179][ T6482] ? xt_find_match+0x1f7/0x250 [ 156.783217][ T6482] translate_table+0x1553/0x2040 [ 156.783268][ T6482] ? __pfx_translate_table+0x10/0x10 [ 156.783295][ T6482] ? __might_fault+0xb0/0x130 [ 156.783349][ T6482] ? _copy_from_user+0x94/0xb0 [ 156.783386][ T6482] do_ip6t_set_ctl+0x970/0xce0 [ 156.783418][ T6482] ? rcu_is_watching+0x15/0xb0 [ 156.783447][ T6482] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 156.783494][ T6482] ? __pfx___mutex_lock+0x10/0x10 [ 156.783515][ T6482] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 156.783553][ T6482] ? __pfx_futex_wake+0x10/0x10 [ 156.783584][ T6482] nf_setsockopt+0x26f/0x290 [ 156.783616][ T6482] rawv6_setsockopt+0x23b/0x5b0 [ 156.783643][ T6482] ? __lock_acquire+0xab9/0xd20 [ 156.783671][ T6482] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 156.783697][ T6482] ? aa_sock_opt_perm+0xff/0x1b0 [ 156.783732][ T6482] ? sock_common_setsockopt+0x36/0xc0 [ 156.783765][ T6482] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 156.783806][ T6482] do_sock_setsockopt+0x25a/0x3e0 [ 156.783835][ T6482] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 156.783865][ T6482] ? __fget_files+0x2a/0x420 [ 156.783896][ T6482] __x64_sys_setsockopt+0x18b/0x220 [ 156.783928][ T6482] do_syscall_64+0xfa/0x3b0 [ 156.783948][ T6482] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.783979][ T6482] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.784000][ T6482] ? clear_bhb_loop+0x60/0xb0 [ 156.784026][ T6482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.784047][ T6482] RIP: 0033:0x7f066ef8e929 [ 156.784077][ T6482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.784095][ T6482] RSP: 002b:00007f066fddb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 156.784118][ T6482] RAX: ffffffffffffffda RBX: 00007f066f1b6080 RCX: 00007f066ef8e929 [ 156.784134][ T6482] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000008 [ 156.784148][ T6482] RBP: 00007f066f010b39 R08: 0000000000000588 R09: 0000000000000000 [ 156.784161][ T6482] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000 [ 156.784174][ T6482] R13: 0000000000000000 R14: 00007f066f1b6080 R15: 00007ffeb0571528 [ 156.784207][ T6482] [ 157.183646][ T6482] Mem-Info: [ 157.197013][ T6482] active_anon:21793 inactive_anon:0 isolated_anon:0 [ 157.197013][ T6482] active_file:10376 inactive_file:40944 isolated_file:0 [ 157.197013][ T6482] unevictable:768 dirty:103 writeback:0 [ 157.197013][ T6482] slab_reclaimable:10412 slab_unreclaimable:97940 [ 157.197013][ T6482] mapped:35937 shmem:15269 pagetables:1305 [ 157.197013][ T6482] sec_pagetables:0 bounce:0 [ 157.197013][ T6482] kernel_misc_reclaimable:0 [ 157.197013][ T6482] free:1295854 free_pcp:21118 free_cma:0 [ 157.242514][ C0] vkms_vblank_simulate: vblank timer overrun [ 157.364690][ T6482] Node 0 active_anon:77372kB inactive_anon:0kB active_file:41504kB inactive_file:159472kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:135268kB dirty:412kB writeback:0kB shmem:54360kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12204kB pagetables:4920kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 157.400200][ T6482] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:160kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 157.434806][ T6482] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 157.464214][ T6482] lowmem_reserve[]: 0 2498 2500 2500 2500 [ 157.470151][ T6482] Node 0 DMA32 free:1292132kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:75924kB inactive_anon:0kB active_file:41504kB inactive_file:157896kB unevictable:1536kB writepending:404kB present:3129332kB managed:2558472kB mlocked:0kB bounce:0kB free_pcp:60400kB local_pcp:39340kB free_cma:0kB [ 157.504279][ T6482] lowmem_reserve[]: 0 0 1 1 1 [ 157.509143][ T6482] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 157.539533][ T6482] lowmem_reserve[]: 0 0 0 0 0 [ 157.544925][ T6482] Node 1 Normal free:3891176kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:24888kB local_pcp:10752kB free_cma:0kB [ 157.576798][ T6482] lowmem_reserve[]: 0 0 0 0 0 [ 157.582107][ T6482] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 157.782937][ T6482] Node 0 DMA32: 108*4kB (UM) 26*8kB (ME) 17*16kB (UM) 86*32kB (UME) 36*64kB (UM) 8*128kB (ME) 3*256kB (ME) 3*512kB (ME) 2*1024kB (UE) 4*2048kB (UM) 311*4096kB (M) = 1293392kB [ 158.273614][ T6482] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 158.299421][ T6482] Node 1 Normal: 185*4kB (U) 57*8kB (UME) 29*16kB (UME) 57*32kB (UME) 18*64kB (UME) 10*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3891228kB [ 158.375132][ T6482] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 158.399835][ T6482] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 158.438337][ T6482] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 158.472455][ T6482] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 158.582734][ T6482] 67115 total pagecache pages [ 158.587590][ T6482] 0 pages in swap cache [ 158.591771][ T6482] Free swap = 124996kB [ 158.611954][ T6482] Total swap = 124996kB [ 158.619465][ T6482] 2097051 pages RAM [ 159.491714][ T6482] 0 pages HighMem/MovableOnly [ 159.530563][ T6482] 425391 pages reserved [ 159.572824][ T6482] 0 pages cma reserved [ 159.922820][ T5836] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 160.103128][ T5910] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 160.125417][ T5836] usb 3-1: config 0 has no interfaces? [ 160.150468][ T5836] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 160.169966][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 160.178668][ T5836] usb 3-1: SerialNumber: syz [ 160.191099][ T5836] usb 3-1: config 0 descriptor?? [ 160.337093][ T5910] usb 6-1: config 0 has no interfaces? [ 160.359266][ T5910] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 160.479989][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.514913][ T5910] usb 6-1: Product: syz [ 160.529369][ T5910] usb 6-1: Manufacturer: syz [ 160.548341][ T6523] netlink: 666 bytes leftover after parsing attributes in process `syz.2.128'. [ 160.561633][ T5910] usb 6-1: SerialNumber: syz [ 160.601788][ T5910] usb 6-1: config 0 descriptor?? [ 160.834219][ T5836] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 160.924850][ T5915] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 161.013563][ T5836] usb 4-1: Using ep0 maxpacket: 8 [ 161.040737][ T5836] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 161.052548][ T5836] usb 4-1: config 179 has no interface number 0 [ 161.071719][ T5836] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 161.084325][ T5915] usb 1-1: Using ep0 maxpacket: 16 [ 161.114195][ T5915] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.150582][ T5836] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 161.162534][ T5915] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 161.202686][ T5915] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 161.222177][ T5836] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 161.263025][ T5836] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 161.303229][ T5915] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 161.323740][ T5836] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 161.339316][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.378902][ T5915] usb 1-1: Product: syz [ 161.388401][ T5915] usb 1-1: Manufacturer: syz [ 161.393226][ T5836] usb 4-1: config 179 interface 65 has no altsetting 0 [ 161.400195][ T5915] usb 1-1: SerialNumber: syz [ 161.405031][ T5836] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 161.437595][ T5903] usb 6-1: USB disconnect, device number 3 [ 161.443548][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.525421][ T5836] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input7 [ 161.641209][ T5915] usb 1-1: 0:2 : does not exist [ 161.748466][ T5915] usb 1-1: USB disconnect, device number 8 [ 161.846774][ T5855] udevd[5855]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 163.297883][ T5910] usb 3-1: USB disconnect, device number 7 [ 163.752769][ T5915] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 165.016877][ T5903] usb 4-1: USB disconnect, device number 5 [ 165.017036][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 165.052737][ T5915] usb 6-1: Using ep0 maxpacket: 8 [ 165.065569][ T5915] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 165.082724][ T5915] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 165.093145][ T5915] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 165.122704][ T5915] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 165.151453][ T5903] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 165.232774][ T5915] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 165.447293][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.728624][ T5915] usb 6-1: GET_CAPABILITIES returned 0 [ 165.779185][ T5915] usbtmc 6-1:16.0: can't read capabilities [ 165.931902][ T5915] usb 6-1: USB disconnect, device number 4 [ 167.162439][ T6580] xt_TPROXY: Can be used only with -p tcp or -p udp [ 167.745893][ T6583] ubi: mtd0 is already attached to ubi31 [ 169.501368][ T6602] netlink: 8 bytes leftover after parsing attributes in process `syz.5.142'. [ 171.312757][ T5915] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 171.353302][ T6618] syz.5.148 uses obsolete (PF_INET,SOCK_PACKET) [ 171.392770][ T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 171.478106][ T5915] usb 4-1: config 0 has no interfaces? [ 171.488409][ T5915] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 171.517990][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 171.532823][ T10] usb 1-1: device descriptor read/64, error -71 [ 171.553871][ T5915] usb 4-1: SerialNumber: syz [ 171.597504][ T5915] usb 4-1: config 0 descriptor?? [ 171.793234][ T10] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 171.802894][ T5940] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 171.895828][ T6614] netlink: 666 bytes leftover after parsing attributes in process `syz.3.144'. [ 171.973488][ T5940] usb 2-1: Using ep0 maxpacket: 32 [ 171.975847][ T10] usb 1-1: device descriptor read/64, error -71 [ 171.997561][ T5940] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 172.017914][ T5940] usb 2-1: config 0 has no interface number 0 [ 172.060426][ T5940] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 172.086614][ T6632] lo speed is unknown, defaulting to 1000 [ 172.092867][ T6632] lo speed is unknown, defaulting to 1000 [ 172.100814][ T6632] lo speed is unknown, defaulting to 1000 [ 172.111464][ T6632] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 172.125248][ T6632] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 172.154302][ T6632] lo speed is unknown, defaulting to 1000 [ 172.162119][ T6632] lo speed is unknown, defaulting to 1000 [ 172.169351][ T6632] lo speed is unknown, defaulting to 1000 [ 172.176541][ T6632] lo speed is unknown, defaulting to 1000 [ 172.183765][ T6632] lo speed is unknown, defaulting to 1000 [ 172.218681][ T5940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.228812][ T5940] usb 2-1: Product: syz [ 172.249208][ T5940] usb 2-1: Manufacturer: syz [ 172.259984][ T5940] usb 2-1: SerialNumber: syz [ 172.283935][ T5940] usb 2-1: config 0 descriptor?? [ 172.301129][ T5940] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 172.358496][ T5940] usb 2-1: selecting invalid altsetting 1 [ 172.373165][ T10] usb usb1-port1: attempt power cycle [ 172.379005][ T5940] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 172.402449][ T5940] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 172.414220][ T5940] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 172.438523][ T5940] usb 2-1: media controller created [ 172.751697][ T5940] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 173.470581][ T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 173.548353][ T5910] usb 4-1: USB disconnect, device number 6 [ 174.192782][ T5910] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 174.400248][ T5910] usb 6-1: Using ep0 maxpacket: 8 [ 174.410831][ T5940] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 174.436728][ T5910] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 174.472808][ T5940] zl10353_read_register: readreg error (reg=127, ret==-71) [ 174.487248][ T5910] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 174.536475][ T5940] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 174.536521][ T5910] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 174.681825][ T5940] usb 2-1: USB disconnect, device number 7 [ 174.690634][ T6651] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 174.719852][ T5910] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 174.749747][ T6651] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 174.777380][ T5910] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 174.808312][ T6651] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 174.812708][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.845283][ T6651] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 174.879013][ T6651] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 174.942943][ T6651] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 175.064172][ T6651] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 175.066085][ T5910] usb 6-1: GET_CAPABILITIES returned 0 [ 175.118551][ T10] usb 1-1: device descriptor read/8, error -71 [ 175.146035][ T5910] usbtmc 6-1:16.0: can't read capabilities [ 175.307110][ T5910] usb 6-1: USB disconnect, device number 5 [ 175.415586][ T6671] netlink: 12 bytes leftover after parsing attributes in process `syz.0.158'. [ 175.507291][ T6678] ubi: mtd0 is already attached to ubi31 [ 175.800922][ T6680] [U]  [ 176.702847][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 176.783026][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 176.862742][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 176.868795][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 176.942746][ T5837] Bluetooth: hci4: command 0x0405 tx timeout [ 177.916232][ T6681] netlink: 60 bytes leftover after parsing attributes in process `syz.1.157'. [ 177.925968][ T6681] unsupported nlmsg_type 40 [ 179.028558][ T5851] Bluetooth: hci4: command 0x0405 tx timeout [ 180.753700][ T5940] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 180.882852][ T2151] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 180.922763][ T5940] usb 4-1: Using ep0 maxpacket: 32 [ 180.933658][ T5940] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 180.946795][ T5940] usb 4-1: config 0 has no interface number 0 [ 180.971391][ T5940] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 180.991066][ T5940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.011469][ T5940] usb 4-1: Product: syz [ 181.032089][ T2151] usb 1-1: device descriptor read/64, error -71 [ 181.038953][ T5940] usb 4-1: Manufacturer: syz [ 181.055604][ T5940] usb 4-1: SerialNumber: syz [ 181.086921][ T5940] usb 4-1: config 0 descriptor?? [ 181.103061][ T5903] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 181.110859][ T5851] Bluetooth: hci4: command 0x0405 tx timeout [ 181.123899][ T5940] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 181.145772][ T5940] usb 4-1: selecting invalid altsetting 1 [ 181.151577][ T5940] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 181.172834][ T6730] siw: device registration error -23 [ 181.215697][ T5940] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 181.250373][ T5940] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 181.288651][ T2151] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 181.300778][ T5903] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.314129][ T5940] usb 4-1: media controller created [ 181.319613][ T5903] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 181.375141][ T5903] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 181.544980][ T5940] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 181.553456][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.636667][ T6738] ubi: mtd0 is already attached to ubi31 [ 181.834070][ T2151] usb 1-1: device descriptor read/64, error -71 [ 181.864213][ T5903] usb 3-1: config 0 descriptor?? [ 181.906209][ T5903] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 181.965321][ T2151] usb usb1-port1: attempt power cycle [ 182.344151][ T2151] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 182.397494][ T6746] netlink: 12 bytes leftover after parsing attributes in process `syz.5.173'. [ 182.504394][ T5940] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 182.511490][ T5940] zl10353_read_register: readreg error (reg=127, ret==-71) [ 182.544231][ T2151] usb 1-1: device descriptor read/8, error -71 [ 182.581699][ T5940] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 182.777631][ T5940] usb 4-1: USB disconnect, device number 7 [ 182.788044][ T6752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.802751][ T2151] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 182.818019][ T6752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.834710][ T2151] usb 1-1: device descriptor read/8, error -71 [ 182.848525][ T6752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.861427][ T6752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.949127][ T2151] usb usb1-port1: unable to enumerate USB device [ 183.402878][ T3539] Bluetooth: hci5: Frame reassembly failed (-84) [ 183.410846][ T3539] Bluetooth: hci5: Frame reassembly failed (-84) [ 183.899857][ T10] usb 3-1: USB disconnect, device number 8 [ 185.263465][ T5843] Bluetooth: hci5: command 0xfc11 tx timeout [ 185.270517][ T5851] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 186.047336][ T6768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 186.061877][ T6768] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 186.070431][ T6768] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 186.086311][ T6768] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 186.093879][ T6768] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 186.435144][ T6783] netlink: 60 bytes leftover after parsing attributes in process `syz.3.180'. [ 186.855782][ T5903] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 187.032975][ T5903] usb 3-1: Using ep0 maxpacket: 16 [ 187.067055][ T5903] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 187.102449][ T5903] usb 3-1: config 1 has no interface number 0 [ 187.140523][ T5903] usb 3-1: config 1 interface 105 has no altsetting 0 [ 187.187090][ T5903] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 187.208138][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.233605][ T5903] usb 3-1: Product: syz [ 187.246277][ T5903] usb 3-1: Manufacturer: syz [ 187.252500][ T6797] netlink: 12 bytes leftover after parsing attributes in process `syz.0.184'. [ 187.272073][ T5903] usb 3-1: SerialNumber: syz [ 187.518137][ T5903] aqc111 3-1:1.105: probe with driver aqc111 failed with error -22 [ 187.561641][ T5903] usb 3-1: USB disconnect, device number 9 [ 187.954148][ T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 188.151065][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 188.157273][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 188.163519][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 188.169568][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 188.176548][ T5155] Bluetooth: hci2: command 0x0c1a tx timeout [ 189.540718][ T10] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 189.583452][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.642351][ T10] usb 1-1: Product: syz [ 189.669765][ T10] usb 1-1: Manufacturer: syz [ 189.679400][ T30] audit: type=1326 audit(1751152113.680:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6828 comm="syz.5.188" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7b4238e929 code=0x0 [ 189.684788][ T10] usb 1-1: SerialNumber: syz [ 189.850230][ T10] usb 1-1: config 0 descriptor?? [ 189.854173][ T6834] syz_tun: entered allmulticast mode [ 189.866298][ T10] ch341 1-1:0.0: ch341-uart converter detected [ 189.984451][ C0] ------------[ cut here ]------------ [ 189.990215][ C0] WARNING: net/ipv4/ipmr.c:2302 at ip_mr_output+0xbb1/0xe70, CPU#0: swapper/0/0 [ 189.999355][ C0] Modules linked in: [ 190.003466][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) [ 190.014643][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.024760][ C0] RIP: 0010:ip_mr_output+0xbb1/0xe70 [ 190.030125][ C0] Code: df e9 63 f6 ff ff e8 1e 18 be f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 0a fe 4b ff e9 45 f6 ff ff e8 00 18 be f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 f2 17 be f7 90 0f 0b 90 42 80 3c 2b 00 [ 190.049832][ C0] RSP: 0018:ffffc90000007900 EFLAGS: 00010246 [ 190.055981][ C0] RAX: ffffffff8a01ba60 RBX: ffff888077e2b3c0 RCX: ffffffff8de95280 [ 190.064045][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.072100][ C0] RBP: ffffc90000007a10 R08: ffffffff8de95280 R09: 0000000000000004 [ 190.080155][ C0] R10: 0000000000000003 R11: ffffffff8a01aeb0 R12: 0000000000000010 [ 190.088461][ C0] R13: dffffc0000000000 R14: ffff88805a1b2700 R15: 0000000000000000 [ 190.096601][ C0] FS: 0000000000000000(0000) GS:ffff888125c1e000(0000) knlGS:0000000000000000 [ 190.105598][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.112211][ C0] CR2: 00007fc7578e56c0 CR3: 0000000076ae8000 CR4: 00000000003526f0 [ 190.120261][ C0] Call Trace: [ 190.123619][ C0] [ 190.126524][ C0] ? __pfx_dst_output+0x10/0x10 [ 190.131415][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 190.137259][ C0] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 190.143403][ C0] ? __pfx_ip_mr_output+0x10/0x10 [ 190.148454][ C0] ? skb_dst+0x4f/0xd0 [ 190.152545][ C0] ? dst_output+0x177/0x1c0 [ 190.157151][ C0] igmp_send_report+0x89e/0xdb0 [ 190.162103][ C0] ? __pfx_igmp_send_report+0x10/0x10 [ 190.167515][ C0] ? do_raw_spin_lock+0x121/0x290 [ 190.172556][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 190.177827][ C0] igmp_timer_expire+0x204/0x510 [ 190.182819][ C0] call_timer_fn+0x17b/0x5f0 [ 190.187455][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 190.192953][ C0] ? call_timer_fn+0xbe/0x5f0 [ 190.197702][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 190.202872][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.208120][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.213378][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 190.218867][ C0] __run_timer_base+0x61a/0x860 [ 190.223765][ C0] ? ktime_get+0x3e/0x1f0 [ 190.228166][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 190.233576][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 190.239848][ C0] run_timer_softirq+0xb7/0x180 [ 190.244740][ C0] handle_softirqs+0x286/0x870 [ 190.249516][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 190.254305][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 190.259647][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 190.264891][ C0] __irq_exit_rcu+0xca/0x1f0 [ 190.269490][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 190.274721][ C0] irq_exit_rcu+0x9/0x30 [ 190.279014][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 190.284691][ C0] [ 190.287767][ C0] [ 190.290718][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 190.296756][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 190.302514][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 19 19 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 190.322782][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 190.328881][ C0] RAX: 8afd7d0537465e00 RBX: ffffffff8196c578 RCX: 8afd7d0537465e00 [ 190.336902][ C0] RDX: 0000000000000001 RSI: ffffffff8d992a42 RDI: ffffffff8be31f80 [ 190.344942][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 190.352963][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fa18930 [ 190.360993][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 190.369020][ C0] ? do_idle+0x1e8/0x510 [ 190.373315][ C0] default_idle+0x13/0x20 [ 190.377675][ C0] default_idle_call+0x74/0xb0 [ 190.382446][ C0] do_idle+0x1e8/0x510 [ 190.386543][ C0] ? __pfx_do_idle+0x10/0x10 [ 190.391151][ C0] cpu_startup_entry+0x44/0x60 [ 190.395952][ C0] rest_init+0x2de/0x300 [ 190.400200][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 190.405792][ C0] start_kernel+0x47d/0x500 [ 190.410320][ C0] x86_64_start_reservations+0x24/0x30 [ 190.415804][ C0] x86_64_start_kernel+0x143/0x1c0 [ 190.420925][ C0] common_startup_64+0x13e/0x147 [ 190.425897][ C0] [ 190.428932][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 190.436209][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3-next-20250627-syzkaller #0 PREEMPT(full) [ 190.447312][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.457369][ C0] Call Trace: [ 190.460665][ C0] [ 190.463518][ C0] dump_stack_lvl+0x99/0x250 [ 190.468146][ C0] ? __asan_memcpy+0x40/0x70 [ 190.472756][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.477980][ C0] ? __pfx__printk+0x10/0x10 [ 190.482588][ C0] panic+0x2db/0x790 [ 190.486533][ C0] ? __pfx_panic+0x10/0x10 [ 190.490975][ C0] ? common_startup_64+0x13e/0x147 [ 190.496088][ C0] __warn+0x334/0x4c0 [ 190.500077][ C0] ? ip_mr_output+0xbb1/0xe70 [ 190.504756][ C0] ? ip_mr_output+0xbb1/0xe70 [ 190.509456][ C0] report_bug+0x2be/0x4f0 [ 190.513791][ C0] ? ip_mr_output+0xbb1/0xe70 [ 190.518468][ C0] ? ip_mr_output+0xbb1/0xe70 [ 190.523143][ C0] ? ip_mr_output+0xbb3/0xe70 [ 190.527816][ C0] handle_bug+0x84/0x160 [ 190.532061][ C0] exc_invalid_op+0x1a/0x50 [ 190.536588][ C0] asm_exc_invalid_op+0x1a/0x20 [ 190.541444][ C0] RIP: 0010:ip_mr_output+0xbb1/0xe70 [ 190.546735][ C0] Code: df e9 63 f6 ff ff e8 1e 18 be f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 0a fe 4b ff e9 45 f6 ff ff e8 00 18 be f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 f2 17 be f7 90 0f 0b 90 42 80 3c 2b 00 [ 190.566363][ C0] RSP: 0018:ffffc90000007900 EFLAGS: 00010246 [ 190.572452][ C0] RAX: ffffffff8a01ba60 RBX: ffff888077e2b3c0 RCX: ffffffff8de95280 [ 190.580427][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.588403][ C0] RBP: ffffc90000007a10 R08: ffffffff8de95280 R09: 0000000000000004 [ 190.596438][ C0] R10: 0000000000000003 R11: ffffffff8a01aeb0 R12: 0000000000000010 [ 190.604443][ C0] R13: dffffc0000000000 R14: ffff88805a1b2700 R15: 0000000000000000 [ 190.612428][ C0] ? __pfx_ip_mr_output+0x10/0x10 [ 190.617462][ C0] ? ip_mr_output+0xbb0/0xe70 [ 190.622171][ C0] ? __pfx_dst_output+0x10/0x10 [ 190.627045][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 190.632421][ C0] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 190.638500][ C0] ? __pfx_ip_mr_output+0x10/0x10 [ 190.643533][ C0] ? skb_dst+0x4f/0xd0 [ 190.647606][ C0] ? dst_output+0x177/0x1c0 [ 190.652109][ C0] igmp_send_report+0x89e/0xdb0 [ 190.656966][ C0] ? __pfx_igmp_send_report+0x10/0x10 [ 190.662339][ C0] ? do_raw_spin_lock+0x121/0x290 [ 190.667382][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 190.672593][ C0] igmp_timer_expire+0x204/0x510 [ 190.677560][ C0] call_timer_fn+0x17b/0x5f0 [ 190.682152][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 190.687609][ C0] ? call_timer_fn+0xbe/0x5f0 [ 190.692286][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 190.697420][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 190.702634][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.707857][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 190.713344][ C0] __run_timer_base+0x61a/0x860 [ 190.718209][ C0] ? ktime_get+0x3e/0x1f0 [ 190.722551][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 190.727928][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 190.734189][ C0] run_timer_softirq+0xb7/0x180 [ 190.739042][ C0] handle_softirqs+0x286/0x870 [ 190.743814][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 190.748604][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 190.753906][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 190.759120][ C0] __irq_exit_rcu+0xca/0x1f0 [ 190.763720][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 190.768934][ C0] irq_exit_rcu+0x9/0x30 [ 190.773196][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 190.778845][ C0] [ 190.781774][ C0] [ 190.784708][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 190.790694][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 190.796425][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 19 19 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 190.816044][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 190.822120][ C0] RAX: 8afd7d0537465e00 RBX: ffffffff8196c578 RCX: 8afd7d0537465e00 [ 190.830091][ C0] RDX: 0000000000000001 RSI: ffffffff8d992a42 RDI: ffffffff8be31f80 [ 190.838064][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 190.846042][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fa18930 [ 190.854012][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 190.861985][ C0] ? do_idle+0x1e8/0x510 [ 190.866262][ C0] default_idle+0x13/0x20 [ 190.870608][ C0] default_idle_call+0x74/0xb0 [ 190.875389][ C0] do_idle+0x1e8/0x510 [ 190.879483][ C0] ? __pfx_do_idle+0x10/0x10 [ 190.884090][ C0] cpu_startup_entry+0x44/0x60 [ 190.888859][ C0] rest_init+0x2de/0x300 [ 190.893109][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 190.898665][ C0] start_kernel+0x47d/0x500 [ 190.903174][ C0] x86_64_start_reservations+0x24/0x30 [ 190.908634][ C0] x86_64_start_kernel+0x143/0x1c0 [ 190.913755][ C0] common_startup_64+0x13e/0x147 [ 190.918704][ C0] [ 190.922067][ C0] Kernel Offset: disabled [ 190.926408][ C0] Rebooting in 86400 seconds..