last executing test programs: 3m45.047561161s ago: executing program 2 (id=59): getpid() socket(0x10, 0x3, 0x0) r0 = socket$key(0xf, 0x3, 0x2) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="05000000810000000200000009"], 0x48) bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x5, r2, 0x0, 0x20}, 0x38) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) r5 = syz_io_uring_setup(0xef4, &(0x7f00000003c0)={0x0, 0x26c3, 0x1, 0x3, 0x0, 0x0, r4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, 0x0) io_uring_enter(r5, 0x2ded, 0x4000, 0x10, 0x0, 0x0) r8 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) ioprio_get$uid(0x3, 0x0) ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) write$bt_hci(r1, &(0x7f0000000200)=ANY=[@ANYRES8=r8, @ANYRESDEC=r0], 0xb) r9 = syz_open_dev$vim2m(&(0x7f0000000580), 0x4, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r9, 0x40045612, &(0x7f0000000100)=0x1) bind$packet(0xffffffffffffffff, 0x0, 0x0) 3m43.44132161s ago: executing program 2 (id=60): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000801, 0x0, &(0x7f00000000c0)={0x84, 0x7f, 0x2000200000a95e, 0x0, 0x800000009, 0x3de, 0x5, 0x0, 0xac6}) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, &(0x7f0000000540)={{}, {0x18, 0xfd}}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 3m41.92211031s ago: executing program 2 (id=64): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas', 0x5) write$binfmt_script(r0, 0x0, 0x0) 3m41.642245795s ago: executing program 2 (id=66): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) landlock_create_ruleset(0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a30000000000800"], 0x7c}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) sched_getattr(0x0, &(0x7f00000001c0)={0x38}, 0x38, 0x0) 3m41.414260523s ago: executing program 2 (id=68): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, 0x0, 0x40) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6000, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x2}}, 0x26) socket$pppl2tp(0x18, 0x1, 0x1) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100, 0xd5a527333bff4787, 0x0) 3m38.117910574s ago: executing program 2 (id=75): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x80, 0xfffc}, 0x7, [0x0, 0x80000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x77, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x20, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3d, 0xffff, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80, 0x1, 0x200, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x9], [0x0, 0x401, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3, 0x100000, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0xb8f1, 0x1, 0xffffffee, 0x1c3}, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r3}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x402, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff03, 0x6, 0x5, 0x7, 0x5, 0xdb, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x80, 0x7, 0x20003, 0x8, 0x4c74, 0x10003, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x800, 0x17, 0x0, 0x7, 0x5, 0x3e, 0x18e, 0x200006, 0x6, 0x454f, 0x6, 0x80004, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xffffbff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffe, 0x5, 0x0, 0x0, 0x9, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x8, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x0, 0x6, 0x61b4fd67, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x9, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x7, 0x2, 0x4, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x5, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x2120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x28], [0x9, 0xbb33, 0x1ff, 0xb, 0x5, 0x4, 0x6, 0x6, 0x80000000, 0xb9, 0xce6, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0x8, 0xa620, 0x1, 0x5, 0x1, 0x6, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000001340)=""/104, 0x68}], 0x1) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) socket(0x10, 0x80002, 0x0) 3m22.329372237s ago: executing program 32 (id=75): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x80, 0xfffc}, 0x7, [0x0, 0x80000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x77, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x20, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3d, 0xffff, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80, 0x1, 0x200, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x9], [0x0, 0x401, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3, 0x100000, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0xb8f1, 0x1, 0xffffffee, 0x1c3}, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r3}) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x402, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff03, 0x6, 0x5, 0x7, 0x5, 0xdb, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x80, 0x7, 0x20003, 0x8, 0x4c74, 0x10003, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x800, 0x17, 0x0, 0x7, 0x5, 0x3e, 0x18e, 0x200006, 0x6, 0x454f, 0x6, 0x80004, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xffffbff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffe, 0x5, 0x0, 0x0, 0x9, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x8, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x0, 0x6, 0x61b4fd67, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x9, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x7, 0x2, 0x4, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x5, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x2120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x28], [0x9, 0xbb33, 0x1ff, 0xb, 0x5, 0x4, 0x6, 0x6, 0x80000000, 0xb9, 0xce6, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0x8, 0xa620, 0x1, 0x5, 0x1, 0x6, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000001340)=""/104, 0x68}], 0x1) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) socket(0x10, 0x80002, 0x0) 1m20.30827424s ago: executing program 5 (id=300): ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, 0x0) openat$vimc0(0xffffff9c, 0x0, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r2, @ANYBLOB="14000100ff05000000000000dfce000000000001080008"], 0x34}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800) 1m20.257386987s ago: executing program 5 (id=301): openat$binderfs(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000480), 0x129540, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x40, r3, 0x1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x0, 0x0, 0x8, 0x1]}}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x40}}, 0x0) write$qrtrtun(r1, &(0x7f0000000400)="0b8ca3756ea769f253", 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000003b40)=0x4000000) close(0x4) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000140)) sendmsg$NFC_CMD_LLC_SET_PARAMS(r7, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x12) 1m17.445063647s ago: executing program 5 (id=310): add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0x0) io_uring_setup(0x2255, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x50, 0xffffffffffffffff, 0x80000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x48) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x23) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil}) syz_open_dev$audion(&(0x7f0000000100), 0x9, 0x612000) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x1) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 1m15.897937082s ago: executing program 5 (id=312): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001800dd8d000000ba7e"], 0x3c}}, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x27}, 0x62) r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x27}, 0x74) 1m15.488382431s ago: executing program 5 (id=314): socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20024894) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x707cb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r2, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) 1m14.723953625s ago: executing program 5 (id=318): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x101, @mcast2}}}, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r3 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) setsockopt$inet_msfilter(r3, 0x0, 0x29, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18) r6 = fsopen(&(0x7f0000000000)='devpts\x00', 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r8, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r9, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @empty}}}, 0x118) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14/8\\\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r5, 0x0, 0xd}, 0x18) r6 = fsopen(&(0x7f0000000000)='devpts\x00', 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000000314230c2abd7000ff05df250900020073797a310000000008004100727865001400330073797a5f74756e"], 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r8, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r9, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x2, 0x0, @empty}}}, 0x118) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14/8\\\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000440)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) 18.837878939s ago: executing program 1 (id=433): r0 = socket$nl_route(0x10, 0x3, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000008, 0x810, 0xffffffffffffffff, 0x0) r1 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mmap(&(0x7f00000fe000/0xd000)=nil, 0xd000, 0x1000005, 0xd2952, 0xffffffffffffffff, 0xfffff000) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15}, 0x94) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f000083b000/0x1000)=nil, 0x1000, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_INIT(r4, 0x29, 0xc8, 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x2}, 0xc) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) socket(0x15, 0x80002, 0xff) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) r6 = eventfd(0x80000001) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x0, r6}) ioctl$VHOST_RESET_OWNER(r5, 0xaf02, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000340)={'wlan0\x00', &(0x7f0000000300)=@ethtool_sset_info={0x37, 0xff, 0xfffffffffffffffa}}) 7.005437793s ago: executing program 4 (id=447): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000cc0), 0x0, 0x0, 0x0}) 6.740472233s ago: executing program 4 (id=449): sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x100, 0x0, 0x20, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x95, 0x80, [@ibss={0x6, 0x2, 0x7b}, @chsw_timing={0x68, 0x4, {0x8001, 0x2}}, @challenge={0x10, 0x1, 0x2f}, @rann={0x7e, 0x15, {{0x0, 0x74}, 0x4, 0x87, @device_a, 0x1, 0x1, 0x3}}, @preq={0x82, 0x36, {{0x1, 0x0, 0x1, 0x0, 0x1}, 0x7, 0xbb, 0x369, @broadcast, 0x4, @value=@broadcast, 0x7, 0x2, 0x2, [{{0x0, 0x0, 0x1}, @device_b, 0x1}, {{0x1}, @device_a, 0xf}]}}, @tim={0x5, 0x33, {0x3b, 0xed, 0x9, "fce6baa8cafa86aa8cdfd77ed15297be5dbd00501609d1d84443b06c8b7171567f081f1c2dd1f9c3f6d706d4d246513a"}}]}, @NL80211_ATTR_IE_ASSOC_RESP={0x52, 0x80, [@preq={0x82, 0x4c, {{0x0, 0x0, 0x1, 0x0, 0x1}, 0x3, 0x6, 0x9, @device_b, 0xd, @value=@device_b, 0x7, 0xffff, 0x4, [{{0x0, 0x0, 0x1}, @device_b, 0x25}, {{}, @broadcast, 0x100}, {{0x0, 0x0, 0x1}, @device_b, 0x3}, {{0x1}, @device_b, 0x400}]}}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x4}, 0x2008810) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 6.647276016s ago: executing program 1 (id=450): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001040)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xa, 0x7}, {}, {0xc, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0xe34, 0x9, 0x4}, [@TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x880}, 0x40010) 6.361493936s ago: executing program 0 (id=452): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) shutdown(r1, 0x1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff}) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) mmap(&(0x7f00003f7000/0x2000)=nil, 0x2000, 0x2800003, 0x4000010, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'bond_slave_1\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4c, 0xd, 0x62, 0x7, 0x8, 0xe, 0xe3, 0x9, 0xa, 0x0, [0x4e, 0x9, 0xd2, 0x7, 0x401, 0x8000004, 0x9, 0xfffffffb], [0x7f]}}) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) add_key(&(0x7f0000000280)='keyring\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe) r6 = dup(r3) openat$ocfs2_control(0xffffff9c, &(0x7f0000000180), 0x40, 0x0) ioctl$EXT4_IOC_GETFSUUID(r4, 0x8008662c, &(0x7f0000000240)) ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x107, 0x100, 0x100, 0x1, 0x4000}}) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @local}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa7}, 0x30004084) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000003c0)=0x14) ioctl$TIOCVHANGUP(r7, 0x5437, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007012bbd700000000000047c000009003d0027b4893a0000000008001200", @ANYRES32=0x0], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) 6.36134135s ago: executing program 4 (id=453): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000280)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e20, 0x7, @remote, 0x3}, r1, 0x5}}, 0x48) 6.150989787s ago: executing program 1 (id=454): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={0x1}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x300, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a30000000005c000000060a010400000000000000000100000008000b40000000000900010073797a300000000034000480300001800a0001"], 0xd0}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000020301040000000000000000000000000800010001"], 0x1c}}, 0x0) write$sndseq(r4, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600, 0x0, 0x2000]}}], 0xffc8) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={0x1c, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x6, 0xb, 0x0, 0x0, @str='{\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x84) 6.146990114s ago: executing program 4 (id=455): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) clock_adjtime(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@ipv4_delroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x2, 0x18, 0x0, 0x0, 0x0, 0x0, 0xff}}, 0x1c}}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffc01, 0x400}}, './file0\x00'}) ioctl$KVM_GET_XSAVE(r5, 0x9000aea4, &(0x7f0000001540)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mremap(&(0x7f0000e2f000/0x1000)=nil, 0x1000, 0x3000, 0x7, &(0x7f0000c53000/0x3000)=nil) 4.838064739s ago: executing program 0 (id=456): r0 = syz_open_procfs(0x0, &(0x7f00000190c0)='net/vlan/config\x00') setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x2, 0x0, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="142200", @ANYRES16=0x0, @ANYBLOB="020026bd7000ffdbdf2507000000"], 0x14}, 0x1, 0x0, 0x0, 0x15}, 0x20000806) socket$inet6(0xa, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x80100, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) fsopen(&(0x7f0000000340)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='\xd2\xdc\xf7\xf5\x84\x954\xff\x8f\xde\vso\\I\x00\x00R\x9b\x17\xc3\x19\xcdTXG$n\x03\xf2\x01\x82\xfe\x00'/48, &(0x7f0000000500)='#:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd R\xecoZ\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x962\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000005200000008000300", @ANYRES32=r1, @ANYBLOB="060048004200000004002800050089000700000005008800"], 0x38}}, 0x0) 3.175525688s ago: executing program 3 (id=458): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = socket(0x1e, 0x4, 0x0) connect$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x3}}, 0x10) sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x101d0) 3.080895539s ago: executing program 0 (id=459): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000140)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)={0x5, 0x830, 0x0, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x2b, 0x0, 0x0, 0x0, "f33d8e7b847ec8b36f1107e036dd98fc469107485e371bcf5c6b77db54f3d984795c49eca9b92241dc9fc39f976ad52e581942d9fc2178681e6866aa6ef10d06"}}, 0x80}, 0x1, 0x0, 0x0, 0x84}, 0x20000000) 2.372617794s ago: executing program 0 (id=460): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="38000000200025a729bd7000fddbdf250a00"], 0x38}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000500)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000640)=ANY=[@ANYBLOB="12e01b398adda16e"], 0x1000f) 2.040721101s ago: executing program 0 (id=461): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x2, 0x2, 0x1) ioprio_set$pid(0x3, 0x0, 0x4003) 747.660155ms ago: executing program 3 (id=462): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0x7, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000700)=[@in={0x2, 0x4e21, @multicast2}, @in6={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0xe}, 0x7}, @in6={0xa, 0x4e23, 0xa, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xb}], 0x48) 686.406337ms ago: executing program 4 (id=463): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000600)={r4, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000], [0x0, 0x1001000], [0x4, 0x0, 0x7]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0xae, 0x34325241, 0x2, [r5, 0x0, 0x0, r6], [0x2b8]}) close_range(r0, 0xffffffffffffffff, 0x0) 588.926934ms ago: executing program 3 (id=464): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0xec}, 0x1, 0x0, 0x0, 0x24004005}, 0x0) 471.864992ms ago: executing program 0 (id=465): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r1, 0xc06864b8, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0d05640, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_usbip_server_init(0x3) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xfffffffffffffffe, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x8000000000000001}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x9464}, 0x0, 0x0) dup(0xffffffffffffffff) 371.829086ms ago: executing program 4 (id=466): add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0x0) io_uring_setup(0x2255, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x50, 0xffffffffffffffff, 0x80000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x48) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x23) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0xdddd1000, 0x1000, &(0x7f0000394000/0x1000)=nil}) syz_open_dev$audion(&(0x7f0000000100), 0x9, 0x612000) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x1) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 338.709753ms ago: executing program 3 (id=467): r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) readv(r0, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10004, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 0s ago: executing program 3 (id=468): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x2, 0x400000) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000300)={'\x00', 0x9, 0xc58, 0x4, 0x7, 0x100000000, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000440)={{0x2, 0x1, 0x7, 0x1, 'syz1\x00', 0xeb}, 0x1, 0x30, 0x7, r1, 0x2, 0x800, 'syz0\x00', &(0x7f0000000400)=['/dev/qrtr-tun\x00', '\x00'], 0xf}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x804) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x0, 0x8, 0x3d6}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) socket(0x18, 0x80000, 0x8) socket$nl_netfilter(0x10, 0x3, 0xc) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.117' (ED25519) to the list of known hosts. [ 81.721587][ T5788] cgroup: Unknown subsys name 'net' [ 81.945806][ T5788] cgroup: Unknown subsys name 'cpuset' [ 82.018303][ T5788] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.942069][ T5788] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.181385][ T5120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.197721][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.200894][ T5120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.202497][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.203507][ T5120] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.216720][ T5120] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.247742][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.262691][ T5805] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.267105][ T5805] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.271175][ T5805] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.292425][ T5808] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.293505][ T5808] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.297684][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.299487][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.300282][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.378345][ T5808] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.384423][ T5120] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.386134][ T5120] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.387081][ T5120] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.417090][ T5120] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.422010][ T5808] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.422854][ T5808] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.449045][ T5120] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.464078][ T5120] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.465305][ T5120] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.891251][ T43] cfg80211: failed to load regulatory.db [ 87.490646][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 87.508942][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 87.529140][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 87.545435][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 87.798812][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 88.319132][ T5120] Bluetooth: hci0: command tx timeout [ 88.397765][ T5120] Bluetooth: hci1: command tx timeout [ 88.397783][ T61] Bluetooth: hci2: command tx timeout [ 88.478273][ T61] Bluetooth: hci3: command tx timeout [ 88.478466][ T5120] Bluetooth: hci4: command tx timeout [ 88.728610][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.730539][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.730968][ T5803] bridge_slave_0: entered allmulticast mode [ 88.732739][ T5803] bridge_slave_0: entered promiscuous mode [ 88.736891][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.737030][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.737202][ T5806] bridge_slave_0: entered allmulticast mode [ 88.741516][ T5806] bridge_slave_0: entered promiscuous mode [ 88.765891][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.766014][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.766503][ T5799] bridge_slave_0: entered allmulticast mode [ 88.769999][ T5799] bridge_slave_0: entered promiscuous mode [ 88.774497][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.774574][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.774707][ T5811] bridge_slave_0: entered allmulticast mode [ 88.800607][ T5811] bridge_slave_0: entered promiscuous mode [ 88.803029][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.803179][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.803644][ T5806] bridge_slave_1: entered allmulticast mode [ 88.808515][ T5806] bridge_slave_1: entered promiscuous mode [ 88.812429][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.812553][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.813017][ T5803] bridge_slave_1: entered allmulticast mode [ 88.816178][ T5803] bridge_slave_1: entered promiscuous mode [ 88.878711][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.878850][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.879025][ T5799] bridge_slave_1: entered allmulticast mode [ 88.881946][ T5799] bridge_slave_1: entered promiscuous mode [ 88.884368][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.884495][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.884666][ T5811] bridge_slave_1: entered allmulticast mode [ 88.888184][ T5811] bridge_slave_1: entered promiscuous mode [ 89.338497][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.338646][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.338924][ T5810] bridge_slave_0: entered allmulticast mode [ 89.340845][ T5810] bridge_slave_0: entered promiscuous mode [ 89.502532][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.506048][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.506300][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.506446][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.506622][ T5810] bridge_slave_1: entered allmulticast mode [ 89.510260][ T5810] bridge_slave_1: entered promiscuous mode [ 89.523574][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.530268][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.534661][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.761797][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.764117][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.850902][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.211522][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.370719][ T5806] team0: Port device team_slave_0 added [ 90.398887][ T5120] Bluetooth: hci0: command tx timeout [ 90.461545][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.463504][ T5799] team0: Port device team_slave_0 added [ 90.465788][ T5811] team0: Port device team_slave_0 added [ 90.469190][ T5806] team0: Port device team_slave_1 added [ 90.472236][ T5803] team0: Port device team_slave_0 added [ 90.478062][ T61] Bluetooth: hci2: command tx timeout [ 90.478148][ T5120] Bluetooth: hci1: command tx timeout [ 90.557634][ T5120] Bluetooth: hci4: command tx timeout [ 90.557798][ T61] Bluetooth: hci3: command tx timeout [ 90.573448][ T5799] team0: Port device team_slave_1 added [ 90.576441][ T5811] team0: Port device team_slave_1 added [ 90.690185][ T5803] team0: Port device team_slave_1 added [ 91.370535][ T5810] team0: Port device team_slave_0 added [ 91.509825][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.509840][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.509857][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.640392][ T5810] team0: Port device team_slave_1 added [ 91.641340][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.641356][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.641384][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.642473][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.642486][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.642503][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.643705][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.643718][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.643744][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.820289][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.820308][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.820336][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.821803][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.821816][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.821843][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.824586][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.824602][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.824630][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.930656][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.930675][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.930699][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.958122][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.958141][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.958165][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.978948][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.978965][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.978990][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.477596][ T5120] Bluetooth: hci0: command tx timeout [ 92.504462][ T5806] hsr_slave_0: entered promiscuous mode [ 92.505518][ T5806] hsr_slave_1: entered promiscuous mode [ 92.515468][ T5799] hsr_slave_0: entered promiscuous mode [ 92.516765][ T5799] hsr_slave_1: entered promiscuous mode [ 92.518663][ T5799] debugfs: 'hsr0' already exists in 'hsr' [ 92.518767][ T5799] Cannot create hsr debugfs directory [ 92.559735][ T61] Bluetooth: hci2: command tx timeout [ 92.561937][ T5120] Bluetooth: hci1: command tx timeout [ 92.603772][ T5811] hsr_slave_0: entered promiscuous mode [ 92.604693][ T5811] hsr_slave_1: entered promiscuous mode [ 92.605261][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 92.605278][ T5811] Cannot create hsr debugfs directory [ 92.637983][ T61] Bluetooth: hci3: command tx timeout [ 92.638076][ T5120] Bluetooth: hci4: command tx timeout [ 92.724130][ T5803] hsr_slave_0: entered promiscuous mode [ 92.725027][ T5803] hsr_slave_1: entered promiscuous mode [ 92.725616][ T5803] debugfs: 'hsr0' already exists in 'hsr' [ 92.725633][ T5803] Cannot create hsr debugfs directory [ 92.935250][ T5810] hsr_slave_0: entered promiscuous mode [ 92.936184][ T5810] hsr_slave_1: entered promiscuous mode [ 92.936777][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 92.936797][ T5810] Cannot create hsr debugfs directory [ 94.568093][ T5120] Bluetooth: hci0: command tx timeout [ 94.638658][ T61] Bluetooth: hci2: command tx timeout [ 94.638705][ T5120] Bluetooth: hci1: command tx timeout [ 94.640124][ T5806] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.676472][ T5806] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.714190][ T5806] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.717716][ T61] Bluetooth: hci3: command tx timeout [ 94.717764][ T5120] Bluetooth: hci4: command tx timeout [ 94.776881][ T5806] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.886661][ T5810] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.924507][ T5810] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.965073][ T5810] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.021633][ T5810] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.169253][ T5799] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.205533][ T5799] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.246102][ T5799] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.276220][ T5799] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.421354][ T5803] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.465016][ T5803] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.502152][ T5803] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.564894][ T5803] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.698086][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.721707][ T5811] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.770831][ T5811] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.805839][ T5811] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.852324][ T5811] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.925135][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.963196][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.975844][ T3867] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.976668][ T3867] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.032912][ T3867] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.033005][ T3867] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.089965][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.133615][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.133752][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.157211][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.186320][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.186451][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.257092][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.290046][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.306768][ T158] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.306904][ T158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.374738][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.374965][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.466941][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.514042][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.530517][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.530721][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.609672][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.609825][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.675881][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.734910][ T3090] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.735135][ T3090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.791409][ T3090] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.791669][ T3090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.924530][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.062666][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.333601][ T5806] veth0_vlan: entered promiscuous mode [ 97.386862][ T5810] veth0_vlan: entered promiscuous mode [ 97.415917][ T5806] veth1_vlan: entered promiscuous mode [ 97.442461][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.478967][ T5810] veth1_vlan: entered promiscuous mode [ 97.601440][ T5806] veth0_macvtap: entered promiscuous mode [ 97.616172][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.629412][ T5810] veth0_macvtap: entered promiscuous mode [ 97.653307][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.656161][ T5806] veth1_macvtap: entered promiscuous mode [ 97.671467][ T5810] veth1_macvtap: entered promiscuous mode [ 97.721028][ T5799] veth0_vlan: entered promiscuous mode [ 97.792313][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.821196][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.840705][ T5799] veth1_vlan: entered promiscuous mode [ 97.860460][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.891285][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.939960][ T71] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.974294][ T71] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.984856][ T71] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.993846][ T71] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.004446][ T71] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.046255][ T71] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.061263][ T71] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.119582][ T71] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.128391][ T5803] veth0_vlan: entered promiscuous mode [ 98.332047][ T5799] veth0_macvtap: entered promiscuous mode [ 98.334613][ T5803] veth1_vlan: entered promiscuous mode [ 98.357103][ T5799] veth1_macvtap: entered promiscuous mode [ 98.462951][ T3867] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.462973][ T3867] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.482703][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.520570][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.595418][ T5811] veth0_vlan: entered promiscuous mode [ 98.597231][ T3842] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.597252][ T3842] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.635886][ T158] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.649367][ T158] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.653502][ T3867] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.653523][ T3867] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.670822][ T3519] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.694874][ T5803] veth0_macvtap: entered promiscuous mode [ 98.716979][ T3519] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.751406][ T5803] veth1_macvtap: entered promiscuous mode [ 98.754651][ T5811] veth1_vlan: entered promiscuous mode [ 98.776184][ T3519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.776207][ T3519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.047065][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.108685][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.169025][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 99.240166][ T3019] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.246841][ T3019] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.250006][ T3867] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.250026][ T3867] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.268321][ T3019] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.274023][ T3019] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.300151][ T5811] veth0_macvtap: entered promiscuous mode [ 99.429908][ T5811] veth1_macvtap: entered promiscuous mode [ 99.452371][ T3019] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.452395][ T3019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.764993][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.072840][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.304981][ T3867] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.305003][ T3867] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.367611][ T1008] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.406941][ T5938] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 100.406974][ T5938] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 100.420858][ T1008] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.466208][ T1008] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.481075][ T1008] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.500027][ T5938] vhci_hcd vhci_hcd.0: Device attached [ 100.532810][ T5938] netlink: 6032 bytes leftover after parsing attributes in process `syz.0.9'. [ 100.587412][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.629441][ T5942] netlink: 96 bytes leftover after parsing attributes in process `syz.0.9'. [ 100.801115][ T5946] binder: 5937:5946 ioctl 40046629 200000000200 returned -22 [ 100.804937][ T5939] vhci_hcd: cannot find the pending unlink 4294967287 [ 101.292696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.022963][ T43] usb 34-1: SetAddress Request (2) to port 0 [ 102.115561][ T43] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd [ 102.794856][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.287452][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 104.426408][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.426578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.427245][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.771007][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.771062][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.797160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.797364][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.797480][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 106.246387][ T5939] vhci_hcd: connection reset by peer [ 106.269763][ T3842] vhci_hcd vhci_hcd.0: stop threads [ 106.276041][ T3842] vhci_hcd vhci_hcd.0: release socket [ 106.297450][ T3842] vhci_hcd vhci_hcd.0: disconnect device [ 106.498473][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.498499][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.684901][ T5942] syz.0.9 (5942): drop_caches: 2 [ 106.788826][ T3482] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.788849][ T3482] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.250536][ T43] usb 34-1: device descriptor read/8, error -110 [ 107.752302][ T43] usb usb34-port1: attempt power cycle [ 107.892204][ T5971] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 108.444013][ T43] usb usb34-port1: unable to enumerate USB device [ 108.775628][ T5984] warning: `syz.4.5' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 110.603844][ T5989] netlink: 28 bytes leftover after parsing attributes in process `syz.2.23'. [ 113.948147][ T5990] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 114.673134][ T5990] usb 2-1: config 0 has an invalid interface number: 168 but max is 0 [ 114.673156][ T5990] usb 2-1: config 0 has no interface number 0 [ 114.673206][ T5990] usb 2-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06 [ 114.673220][ T5990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.870962][ T5990] usb 2-1: config 0 descriptor?? [ 115.132440][ T5120] Bluetooth: hci1: adv larger than maximum supported [ 115.132456][ T5120] Bluetooth: hci1: Malformed LE Event: 0x0d [ 115.138023][ T5990] usb 2-1: string descriptor 0 read error: -71 [ 115.244108][ T5990] usb-storage 2-1:0.168: USB Mass Storage device detected [ 115.375700][ T5990] usb-storage 2-1:0.168: Quirks match for vid 05ab pid 0060: 2 [ 115.495822][ T6011] syz.0.30 (6011) used greatest stack depth: 17344 bytes left [ 115.626116][ T5990] usb 2-1: USB disconnect, device number 2 [ 117.202748][ T6038] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 123.851596][ T6067] syz.4.43 (6067) used greatest stack depth: 16776 bytes left [ 124.395977][ T6090] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 127.523843][ T6101] binder: 6095:6101 ioctl 8008662c 200000000240 returned -22 [ 127.936383][ T6104] netlink: 28 bytes leftover after parsing attributes in process `syz.1.49'. [ 131.603070][ T6137] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 132.960990][ T6135] syz.0.58 (6135) used greatest stack depth: 16488 bytes left [ 134.788227][ T6157] binder: BINDER_SET_CONTEXT_MGR already set [ 134.788238][ T6157] binder: 6156:6157 ioctl 4018620d 200000000040 returned -16 [ 134.961014][ T6159] binder: 6155:6159 ioctl 8008662c 200000000240 returned -22 [ 135.279128][ T6164] netlink: 28 bytes leftover after parsing attributes in process `syz.3.67'. [ 138.088559][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.088660][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.778265][ T6186] input: syz0 as /devices/virtual/input/input6 [ 139.041010][ T6186] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 146.833091][ T6218] netlink: 28 bytes leftover after parsing attributes in process `syz.3.82'. [ 154.650287][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 154.671486][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 154.674025][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 154.676995][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 154.679607][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 156.717710][ T61] Bluetooth: hci5: command tx timeout [ 158.797586][ T61] Bluetooth: hci5: command tx timeout [ 160.555715][ T6271] netlink: 28 bytes leftover after parsing attributes in process `syz.0.96'. [ 160.877531][ T61] Bluetooth: hci5: command tx timeout [ 163.698763][ T61] Bluetooth: hci5: command tx timeout [ 164.341638][ T6243] chnl_net:caif_netlink_parms(): no params data found [ 164.624928][ T6203] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 165.290285][ T6203] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 165.290318][ T6203] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 165.290346][ T6203] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 165.290360][ T6203] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.750232][ T6203] usb 5-1: usb_control_msg returned -32 [ 165.750290][ T6203] usbtmc 5-1:16.0: can't read capabilities [ 167.803803][ T6254] usb 5-1: USB disconnect, device number 2 [ 168.003112][ T71] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.167566][ T6056] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 168.424797][ T6056] usb 4-1: Using ep0 maxpacket: 16 [ 168.530522][ T6056] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 168.530587][ T6056] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 168.530644][ T6056] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 168.530728][ T6056] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 168.530750][ T6056] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 168.530771][ T6056] usb 4-1: config 0 has no interface number 0 [ 168.530828][ T6056] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 168.530857][ T6056] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 168.530930][ T6056] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 168.577236][ T6056] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 168.577327][ T6056] usb 4-1: config 0 interface 125 has no altsetting 0 [ 168.577396][ T6056] usb 4-1: config 0 interface 125 has no altsetting 2 [ 168.699678][ T6056] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 168.699780][ T6056] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.699803][ T6056] usb 4-1: Product: syz [ 168.699818][ T6056] usb 4-1: Manufacturer: syz [ 168.699832][ T6056] usb 4-1: SerialNumber: syz [ 169.406685][ T6056] usb 4-1: config 0 descriptor?? [ 170.196386][ T6056] usb 4-1: selecting invalid altsetting 2 [ 171.523615][ T6056] get_1284_register timeout [ 171.650394][ C0] usb 4-1: async_complete: urb error -104 [ 171.654377][ C0] usb 4-1: async_complete: urb error -104 [ 171.654672][ C0] dummy_hcd dummy_hcd.3: timer fired with no URBs pending? [ 171.679731][ T6056] uss720 4-1:0.125: probe with driver uss720 failed with error -5 [ 172.749431][ T6333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.114'. [ 172.960391][ T6243] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.960526][ T6243] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.960690][ T6243] bridge_slave_0: entered allmulticast mode [ 172.973690][ T5965] usb 4-1: USB disconnect, device number 2 [ 173.007436][ T6243] bridge_slave_0: entered promiscuous mode [ 174.430955][ T6346] netlink: 'syz.0.118': attribute type 1 has an invalid length. [ 174.490844][ T71] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.536047][ T6243] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.536210][ T6243] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.536461][ T6243] bridge_slave_1: entered allmulticast mode [ 174.540763][ T6243] bridge_slave_1: entered promiscuous mode [ 175.088560][ T6334] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 175.132319][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132364][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132390][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132415][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132440][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132465][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132491][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132516][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132541][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.132567][ T6056] hid-generic 00A0:0006:0003.0001: unknown main item tag 0x0 [ 175.215149][ T71] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.250338][ T6334] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.250370][ T6334] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 175.250412][ T6334] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 175.250436][ T6334] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.336890][ T6056] hid-generic 00A0:0006:0003.0001: hidraw0: HID v0.05 Device [syz1] on syz0 [ 175.506190][ T6361] fido_id[6361]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 175.509426][ T6334] usb 2-1: usb_control_msg returned -32 [ 175.509479][ T6334] usbtmc 2-1:16.0: can't read capabilities [ 175.984389][ T71] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.055380][ T6243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.071145][ T6243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.084707][ T6334] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 176.247545][ T6334] usb 5-1: Using ep0 maxpacket: 16 [ 176.251193][ T6334] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 176.251225][ T6334] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 176.251247][ T6334] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 176.251266][ T6334] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 176.251286][ T6334] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 176.251307][ T6334] usb 5-1: config 0 has no interface number 0 [ 176.251361][ T6334] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 176.251391][ T6334] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 176.251414][ T6334] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 176.251453][ T6334] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 176.251482][ T6334] usb 5-1: config 0 interface 125 has no altsetting 0 [ 176.251594][ T6334] usb 5-1: config 0 interface 125 has no altsetting 2 [ 176.254620][ T6334] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 176.254652][ T6334] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.254674][ T6334] usb 5-1: Product: syz [ 176.254688][ T6334] usb 5-1: Manufacturer: syz [ 176.254704][ T6334] usb 5-1: SerialNumber: syz [ 176.442499][ T6334] usb 5-1: config 0 descriptor?? [ 176.482072][ T6334] usb 5-1: selecting invalid altsetting 2 [ 177.617069][ T6334] get_1284_register timeout [ 177.617990][ C1] usb 5-1: async_complete: urb error -104 [ 177.618319][ C1] usb 5-1: async_complete: urb error -104 [ 177.618511][ C1] usb 5-1: async_complete: urb error -104 [ 177.618639][ T6334] uss720 5-1:0.125: probe with driver uss720 failed with error -5 [ 178.898042][ T6243] team0: Port device team_slave_0 added [ 179.870002][ T6243] team0: Port device team_slave_1 added [ 179.969958][ T6254] usb 5-1: USB disconnect, device number 3 [ 183.642109][ T6056] usb 2-1: USB disconnect, device number 3 [ 183.950387][ T6243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.950409][ T6243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 183.950439][ T6243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.198452][ T6243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.198473][ T6243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.198504][ T6243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.834055][ T5990] hid_parser_main: 4 callbacks suppressed [ 184.834079][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834110][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834136][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834161][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834187][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834212][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834236][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834261][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834286][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 184.834311][ T5990] hid-generic 00A0:0006:0003.0002: unknown main item tag 0x0 [ 185.127612][ T5990] hid-generic 00A0:0006:0003.0002: hidraw0: HID v0.05 Device [syz1] on syz0 [ 187.247871][ T5790] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 187.603249][ T6243] hsr_slave_0: entered promiscuous mode [ 187.673290][ T5790] usb 4-1: Using ep0 maxpacket: 16 [ 187.676677][ T6243] hsr_slave_1: entered promiscuous mode [ 187.703104][ T6243] debugfs: 'hsr0' already exists in 'hsr' [ 187.703177][ T6243] Cannot create hsr debugfs directory [ 187.707045][ T71] bridge_slave_1: left allmulticast mode [ 187.707246][ T71] bridge_slave_1: left promiscuous mode [ 187.779720][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.826266][ T6415] fido_id[6415]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 187.842431][ T5790] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 187.842463][ T5790] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 187.842502][ T5790] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 187.842523][ T5790] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 187.842543][ T5790] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 187.842565][ T5790] usb 4-1: config 0 has no interface number 0 [ 187.842619][ T5790] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 187.842647][ T5790] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 187.842671][ T5790] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 187.842710][ T5790] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 187.842749][ T5790] usb 4-1: config 0 interface 125 has no altsetting 0 [ 187.842768][ T5790] usb 4-1: config 0 interface 125 has no altsetting 2 [ 187.860764][ T5790] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 187.860796][ T5790] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.860815][ T5790] usb 4-1: Product: syz [ 187.860828][ T5790] usb 4-1: Manufacturer: syz [ 187.860841][ T5790] usb 4-1: SerialNumber: syz [ 187.899533][ T5790] usb 4-1: config 0 descriptor?? [ 188.053521][ T5790] usb 4-1: selecting invalid altsetting 2 [ 188.610524][ T71] bridge_slave_0: left allmulticast mode [ 188.610713][ T71] bridge_slave_0: left promiscuous mode [ 188.654677][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.218895][ T5790] get_1284_register timeout [ 189.220768][ C1] usb 4-1: async_complete: urb error -104 [ 189.220934][ C1] usb 4-1: async_complete: urb error -104 [ 189.232401][ T5790] uss720 4-1:0.125: probe with driver uss720 failed with error -5 [ 191.957564][ T5990] usb 4-1: USB disconnect, device number 3 [ 193.038510][ T6416] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 196.239102][ T31] hid_parser_main: 4 callbacks suppressed [ 196.239129][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239163][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239188][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239214][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239239][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239264][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239289][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239314][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239339][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.239365][ T31] hid-generic 00A0:0006:0003.0003: unknown main item tag 0x0 [ 196.281956][ T31] hid-generic 00A0:0006:0003.0003: hidraw0: HID v0.05 Device [syz1] on syz0 [ 196.654738][ T6456] input: syz0 as /devices/virtual/input/input11 [ 196.712140][ T6455] fido_id[6455]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 200.055584][ T6471] netlink: 'syz.1.156': attribute type 10 has an invalid length. [ 200.060284][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.060363][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.612467][ T6476] binder: 6473:6476 ioctl 8008662c 200000000240 returned -22 [ 200.716038][ T6470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 200.872465][ T6476] netlink: 28 bytes leftover after parsing attributes in process `syz.4.157'. [ 202.488093][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.598154][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.619895][ T71] bond0 (unregistering): Released all slaves [ 203.380752][ T6471] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 204.092989][ T6491] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 205.011190][ T6499] input: syz0 as /devices/virtual/input/input13 [ 205.026524][ T6334] hid_parser_main: 4 callbacks suppressed [ 205.026542][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026560][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026644][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026660][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026674][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026689][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026703][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026718][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026732][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.026747][ T6334] hid-generic 00A0:0006:0003.0004: unknown main item tag 0x0 [ 205.132257][ T6334] hid-generic 00A0:0006:0003.0004: hidraw0: HID v0.05 Device [syz1] on syz0 [ 205.386295][ T6502] fido_id[6502]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 208.469892][ T6513] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.496791][ T6513] netlink: 'syz.1.167': attribute type 10 has an invalid length. [ 209.619070][ T6518] netlink: 'syz.4.169': attribute type 10 has an invalid length. [ 210.195273][ T6529] binder: 6522:6529 ioctl 8008662c 200000000240 returned -22 [ 210.437369][ T6529] netlink: 28 bytes leftover after parsing attributes in process `syz.0.170'. [ 211.870832][ T6524] Bluetooth: hci1: command 0x0406 tx timeout [ 211.871951][ T6524] Bluetooth: hci3: command 0x0406 tx timeout [ 211.872055][ T6524] Bluetooth: hci2: command 0x0406 tx timeout [ 211.873044][ T6524] Bluetooth: hci4: command 0x0406 tx timeout [ 212.316421][ T6516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 212.871526][ T6518] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 212.987430][ T6334] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 213.077964][ T6541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.173'. [ 213.227535][ T6334] usb 4-1: Using ep0 maxpacket: 32 [ 213.259735][ T6545] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 213.730032][ T6334] usb 4-1: config 0 interface 0 has no altsetting 0 [ 213.850238][ T6334] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 213.850340][ T6334] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.850398][ T6334] usb 4-1: Product: syz [ 213.850450][ T6334] usb 4-1: Manufacturer: syz [ 213.850501][ T6334] usb 4-1: SerialNumber: syz [ 214.026506][ T6334] usb 4-1: config 0 descriptor?? [ 214.103078][ T6334] gs_usb 4-1:0.0: Required endpoints not found [ 214.531065][ T6532] hid_parser_main: 4 callbacks suppressed [ 214.531089][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531117][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531142][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531167][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531192][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531217][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531241][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531266][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531291][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 214.531316][ T6532] hid-generic 00A0:0006:0003.0005: unknown main item tag 0x0 [ 215.699835][ T6532] hid-generic 00A0:0006:0003.0005: hidraw0: HID v0.05 Device [syz1] on syz0 [ 215.785797][ T5990] usb 4-1: USB disconnect, device number 4 [ 215.920379][ T5808] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 215.941006][ T5808] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 215.960177][ T5808] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 215.973604][ T5808] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 215.974582][ T5808] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 216.176099][ T6570] binder: 6564:6570 ioctl 8008662c 200000000240 returned -22 [ 216.635937][ T6572] netlink: 28 bytes leftover after parsing attributes in process `syz.3.179'. [ 216.983518][ T6567] input: syz0 as /devices/virtual/input/input17 [ 217.213114][ T6562] fido_id[6562]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 217.565825][ T6584] binder: 6579:6584 ioctl 8008662c 200000000240 returned -22 [ 217.860134][ T6588] netlink: 28 bytes leftover after parsing attributes in process `syz.1.182'. [ 218.127130][ T5808] Bluetooth: hci0: command tx timeout [ 218.417510][ T71] hsr_slave_0: left promiscuous mode [ 218.512769][ T71] hsr_slave_1: left promiscuous mode [ 218.513817][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.513915][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.516543][ T6593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.184'. [ 218.616422][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.616461][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.905694][ T6600] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 219.191633][ T6594] netlink: 'syz.0.183': attribute type 10 has an invalid length. [ 219.771615][ T6590] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.866952][ T71] veth1_macvtap: left promiscuous mode [ 219.867247][ T71] veth0_macvtap: left promiscuous mode [ 219.906120][ T71] veth1_vlan: left promiscuous mode [ 219.906535][ T71] veth0_vlan: left promiscuous mode [ 220.397633][ T5808] Bluetooth: hci0: command tx timeout [ 221.277566][ T979] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 221.447449][ T979] usb 4-1: Using ep0 maxpacket: 32 [ 221.452734][ T979] usb 4-1: config 0 interface 0 has no altsetting 0 [ 221.456830][ T979] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 221.456861][ T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.456873][ T979] usb 4-1: Product: syz [ 221.456882][ T979] usb 4-1: Manufacturer: syz [ 221.456947][ T979] usb 4-1: SerialNumber: syz [ 221.522047][ T979] usb 4-1: config 0 descriptor?? [ 221.530287][ T979] gs_usb 4-1:0.0: Required endpoints not found [ 222.491063][ T5808] Bluetooth: hci0: command tx timeout [ 222.978697][ T71] team0 (unregistering): Port device team_slave_1 removed [ 223.158404][ T71] team0 (unregistering): Port device team_slave_0 removed [ 224.557707][ T5808] Bluetooth: hci0: command tx timeout [ 225.177015][ T5974] usb 4-1: USB disconnect, device number 5 [ 225.434240][ T6619] binder: 6614:6619 ioctl 8008662c 200000000240 returned -22 [ 225.748978][ T6622] netlink: 28 bytes leftover after parsing attributes in process `syz.1.190'. [ 226.335782][ T6625] netlink: 'syz.3.189': attribute type 10 has an invalid length. [ 226.726368][ T6609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 227.243852][ T6594] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 227.754895][ T979] hid_parser_main: 4 callbacks suppressed [ 227.754914][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.754933][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.754948][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.754963][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.754977][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.754992][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.755006][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.755021][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.755035][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.755050][ T979] hid-generic 00A0:0006:0003.0006: unknown main item tag 0x0 [ 227.872699][ T6625] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 227.909284][ T979] hid-generic 00A0:0006:0003.0006: hidraw0: HID v0.05 Device [syz1] on syz0 [ 228.191782][ T6642] Zero length message leads to an empty skb [ 228.192189][ T6642] netlink: 4 bytes leftover after parsing attributes in process `syz.4.195'. [ 229.179154][ T6561] chnl_net:caif_netlink_parms(): no params data found [ 230.567393][ T6668] binder: 6659:6668 ioctl 8008662c 200000000240 returned -22 [ 230.889547][ T6670] netlink: 28 bytes leftover after parsing attributes in process `syz.4.199'. [ 232.123381][ T6684] netlink: 'syz.4.201': attribute type 10 has an invalid length. [ 232.218017][ T6687] netlink: 28 bytes leftover after parsing attributes in process `syz.1.202'. [ 232.222128][ T6687] netlink: 28 bytes leftover after parsing attributes in process `syz.1.202'. [ 232.568485][ T6678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 233.762906][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.4.205'. [ 233.872459][ T6561] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.873036][ T6561] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.874042][ T6561] bridge_slave_0: entered allmulticast mode [ 233.928556][ T6561] bridge_slave_0: entered promiscuous mode [ 234.111318][ T6254] hid_parser_main: 4 callbacks suppressed [ 234.111343][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111372][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111396][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111421][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111446][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111472][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111496][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111521][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111545][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.111569][ T6254] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 234.116082][ T6254] hid-generic 00A0:0006:0003.0007: hidraw0: HID v0.05 Device [syz1] on syz0 [ 234.135659][ T6561] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.168861][ T6561] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.169247][ T6561] bridge_slave_1: entered allmulticast mode [ 234.417140][ T6561] bridge_slave_1: entered promiscuous mode [ 236.920594][ T6728] binder: 6720:6728 ioctl 8008662c 200000000240 returned -22 [ 237.251199][ T6731] netlink: 28 bytes leftover after parsing attributes in process `syz.4.210'. [ 237.667122][ T6718] fido_id[6718]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 237.755516][ T6733] netlink: 8 bytes leftover after parsing attributes in process `syz.3.212'. [ 237.813100][ T6734] netlink: 8 bytes leftover after parsing attributes in process `syz.3.212'. [ 237.831824][ T71] bridge_slave_1: left allmulticast mode [ 237.831858][ T71] bridge_slave_1: left promiscuous mode [ 237.832142][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.986732][ T71] bridge_slave_0: left allmulticast mode [ 237.986763][ T71] bridge_slave_0: left promiscuous mode [ 237.987072][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.592616][ T6746] binder: 6743:6746 ioctl 8008662c 200000000240 returned -22 [ 238.832507][ T6735] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.836102][ T6746] netlink: 28 bytes leftover after parsing attributes in process `syz.0.216'. [ 239.347150][ T6751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.217'. [ 239.718315][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 239.838982][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 239.890622][ T71] bond0 (unregistering): Released all slaves [ 239.965303][ T6561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.076236][ T6561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.787456][ T5891] hid_parser_main: 4 callbacks suppressed [ 240.787477][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.787508][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.787523][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.787538][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.787552][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.787567][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.787582][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.795555][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.795588][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 240.795662][ T5891] hid-generic 00A0:0006:0003.0008: unknown main item tag 0x0 [ 241.118386][ T5891] hid-generic 00A0:0006:0003.0008: hidraw0: HID v0.05 Device [syz1] on syz0 [ 241.459704][ T71] hsr_slave_0: left promiscuous mode [ 241.535021][ T71] hsr_slave_1: left promiscuous mode [ 241.536209][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 241.576467][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.077406][ T979] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 242.248916][ T979] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 242.248939][ T979] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 242.248967][ T979] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 242.248982][ T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.496414][ T979] usb 5-1: usb_control_msg returned -32 [ 242.496471][ T979] usbtmc 5-1:16.0: can't read capabilities [ 242.811278][ T71] team0 (unregistering): Port device team_slave_1 removed [ 243.109215][ T71] team0 (unregistering): Port device team_slave_0 removed [ 243.458111][ T6805] binder: 6800:6805 ioctl 8008662c 200000000240 returned -22 [ 243.948894][ T6809] netlink: 28 bytes leftover after parsing attributes in process `syz.1.230'. [ 244.678991][ T5891] usb 5-1: USB disconnect, device number 4 [ 244.719065][ T6561] team0: Port device team_slave_0 added [ 244.855380][ T6813] netlink: 8 bytes leftover after parsing attributes in process `syz.4.231'. [ 244.909070][ T6815] netlink: 8 bytes leftover after parsing attributes in process `syz.4.231'. [ 244.990018][ T6561] team0: Port device team_slave_1 added [ 245.487226][ T5891] hid-generic 00A0:0006:0003.0009: hidraw0: HID v0.05 Device [syz1] on syz0 [ 246.596245][ T6833] fido_id[6833]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 246.832933][ T6838] netlink: 'syz.3.236': attribute type 10 has an invalid length. [ 247.218960][ T6561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.218980][ T6561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 247.219009][ T6561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.310054][ T6561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.310069][ T6561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 247.310087][ T6561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.956631][ T6854] netlink: 8 bytes leftover after parsing attributes in process `syz.1.243'. [ 247.959393][ T979] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 248.012594][ T6856] netlink: 8 bytes leftover after parsing attributes in process `syz.1.243'. [ 248.117385][ T979] usb 5-1: Using ep0 maxpacket: 16 [ 248.130856][ T979] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 248.130887][ T979] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 248.130906][ T979] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 248.130924][ T979] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 248.130942][ T979] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 248.130961][ T979] usb 5-1: config 0 has no interface number 0 [ 248.131009][ T979] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 248.131091][ T979] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 248.131112][ T979] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 248.131146][ T979] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 248.131172][ T979] usb 5-1: config 0 interface 125 has no altsetting 0 [ 248.131189][ T979] usb 5-1: config 0 interface 125 has no altsetting 2 [ 248.146278][ T979] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 248.146317][ T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.146336][ T979] usb 5-1: Product: syz [ 248.146349][ T979] usb 5-1: Manufacturer: syz [ 248.146363][ T979] usb 5-1: SerialNumber: syz [ 248.167585][ T979] usb 5-1: config 0 descriptor?? [ 248.173927][ T6561] hsr_slave_0: entered promiscuous mode [ 248.181772][ T6561] hsr_slave_1: entered promiscuous mode [ 248.185340][ T979] usb 5-1: selecting invalid altsetting 2 [ 248.188811][ T6561] debugfs: 'hsr0' already exists in 'hsr' [ 248.188839][ T6561] Cannot create hsr debugfs directory [ 249.069137][ T6867] binder: 6862:6867 ioctl 8008662c 200000000240 returned -22 [ 249.378861][ T6867] netlink: 28 bytes leftover after parsing attributes in process `syz.1.244'. [ 253.537673][ T6912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.253'. [ 253.538248][ T6912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.253'. [ 253.598110][ T6561] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 253.678296][ T6561] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 253.784796][ T6561] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 254.038246][ T6561] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 254.180836][ T6922] binder: 6919:6922 ioctl 8008662c 200000000240 returned -22 [ 254.520186][ T6926] netlink: 28 bytes leftover after parsing attributes in process `syz.0.256'. [ 254.600760][ T6915] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 254.958389][ T5790] usb 5-1: USB disconnect, device number 5 [ 257.707747][ T6963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.263'. [ 257.708573][ T6963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.263'. [ 257.895145][ T6561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.189315][ T6561] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.203388][ T3671] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.203599][ T3671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.242370][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.242540][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.360758][ T6561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 260.973802][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.973882][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.897883][ T7011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.273'. [ 262.898864][ T7011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.273'. [ 263.041341][ T6561] veth0_vlan: entered promiscuous mode [ 263.106235][ T6561] veth1_vlan: entered promiscuous mode [ 264.441510][ T6561] veth0_macvtap: entered promiscuous mode [ 264.505408][ T6561] veth1_macvtap: entered promiscuous mode [ 264.596152][ T6561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.634455][ T6561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 264.706338][ T1008] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.719848][ T1008] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.729806][ T1008] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.803718][ T1008] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.021969][ T3892] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.021994][ T3892] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 269.328137][ T3579] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 269.328405][ T3579] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.970408][ T7128] syz.4.299 uses obsolete (PF_INET,SOCK_PACKET) [ 279.448131][ T7164] netlink: 28 bytes leftover after parsing attributes in process `syz.1.309'. [ 279.967608][ T5790] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 280.127650][ T5790] usb 5-1: Using ep0 maxpacket: 32 [ 280.130407][ T5790] usb 5-1: config 0 interface 0 has no altsetting 0 [ 280.136185][ T5790] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 280.136218][ T5790] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.136239][ T5790] usb 5-1: Product: syz [ 280.136254][ T5790] usb 5-1: Manufacturer: syz [ 280.136269][ T5790] usb 5-1: SerialNumber: syz [ 280.183814][ T5790] usb 5-1: config 0 descriptor?? [ 280.206474][ T5790] gs_usb 5-1:0.0: Required endpoints not found [ 281.856737][ T6532] usb 5-1: USB disconnect, device number 6 [ 282.655798][ T7202] netlink: 28 bytes leftover after parsing attributes in process `syz.4.321'. [ 284.780160][ T7230] binder: 7227:7230 ioctl 4018620d 0 returned -22 [ 285.277169][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 285.887488][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 286.037419][ T31] usb 1-1: Using ep0 maxpacket: 16 [ 286.039549][ T31] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 286.039580][ T31] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 286.039601][ T31] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 286.039621][ T31] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 286.039641][ T31] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 286.039662][ T31] usb 1-1: config 0 has no interface number 0 [ 286.039713][ T31] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 286.039743][ T31] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 286.039765][ T31] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 286.039804][ T31] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 286.039832][ T31] usb 1-1: config 0 interface 125 has no altsetting 0 [ 286.039851][ T31] usb 1-1: config 0 interface 125 has no altsetting 2 [ 286.042413][ T31] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 286.042444][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.042466][ T31] usb 1-1: Product: syz [ 286.042481][ T31] usb 1-1: Manufacturer: syz [ 286.042496][ T31] usb 1-1: SerialNumber: syz [ 286.207203][ T7251] netlink: 28 bytes leftover after parsing attributes in process `syz.3.332'. [ 286.554361][ T31] usb 1-1: config 0 descriptor?? [ 286.889642][ T31] usb 1-1: selecting invalid altsetting 2 [ 287.291722][ T7196] infiniband syz1: set active [ 287.303605][ T7196] infiniband syz1: added syz_tun [ 287.654316][ T7196] RDS/IB: syz1: added [ 287.655178][ T7196] smc: adding ib device syz1 with port count 1 [ 287.655551][ T7196] smc: ib device syz1 port 1 has no pnetid [ 289.296881][ T7282] mmap: syz.4.339 (7282) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 291.587100][ T43] usb 1-1: USB disconnect, device number 2 [ 292.360651][ T7315] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 293.271465][ T7336] netlink: 'syz.3.350': attribute type 1 has an invalid length. [ 293.689011][ T7336] 8021q: adding VLAN 0 to HW filter on device bond1 [ 293.769733][ T7339] bond1: (slave veth0_to_bond): making interface the new active one [ 293.773016][ T7339] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 293.944356][ T7338] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.999019][ T7338] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.336317][ T7338] bond1: entered promiscuous mode [ 294.336344][ T7338] veth0_to_bond: entered promiscuous mode [ 294.336610][ T7338] bond1: entered allmulticast mode [ 294.336625][ T7338] veth0_to_bond: entered allmulticast mode [ 295.677646][ T31] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 295.830856][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 295.833271][ T31] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 295.833301][ T31] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 295.833322][ T31] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 295.833343][ T31] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 295.833363][ T31] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 295.833386][ T31] usb 4-1: config 0 has no interface number 0 [ 295.833441][ T31] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 295.833470][ T31] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 295.833494][ T31] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 295.833534][ T31] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 295.833563][ T31] usb 4-1: config 0 interface 125 has no altsetting 0 [ 295.833583][ T31] usb 4-1: config 0 interface 125 has no altsetting 2 [ 295.879133][ T31] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 295.879155][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.879167][ T31] usb 4-1: Product: syz [ 295.879176][ T31] usb 4-1: Manufacturer: syz [ 295.879184][ T31] usb 4-1: SerialNumber: syz [ 296.075832][ T31] usb 4-1: config 0 descriptor?? [ 296.107820][ T31] usb 4-1: selecting invalid altsetting 2 [ 298.672694][ T5801] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 298.676232][ T31] usb 4-1: USB disconnect, device number 6 [ 298.700175][ T5801] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 298.703308][ T5801] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 298.712273][ T5801] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 298.713462][ T5801] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 300.933494][ T5801] Bluetooth: hci5: command tx timeout [ 301.713367][ T44] smc: removing ib device syz1 [ 301.824013][ T5918] syz1: Port: 1 Link DOWN [ 303.080663][ T5801] Bluetooth: hci5: command tx timeout [ 303.507435][ T5918] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 303.686442][ T5918] usb 1-1: Using ep0 maxpacket: 32 [ 303.689261][ T5918] usb 1-1: config 0 interface 0 has no altsetting 0 [ 303.692304][ T5918] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 303.692332][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.692351][ T5918] usb 1-1: Product: syz [ 303.692363][ T5918] usb 1-1: Manufacturer: syz [ 303.692376][ T5918] usb 1-1: SerialNumber: syz [ 303.915701][ T5918] usb 1-1: config 0 descriptor?? [ 303.920744][ T5918] gs_usb 1-1:0.0: Required endpoints not found [ 304.147517][ T5953] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 304.617547][ T5953] usb 2-1: Using ep0 maxpacket: 16 [ 304.909435][ T5953] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 304.909468][ T5953] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 304.909491][ T5953] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 304.909510][ T5953] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 304.909530][ T5953] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 304.909551][ T5953] usb 2-1: config 0 has no interface number 0 [ 304.909608][ T5953] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 304.909637][ T5953] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 304.909660][ T5953] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 304.909700][ T5953] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 304.909728][ T5953] usb 2-1: config 0 interface 125 has no altsetting 0 [ 304.909746][ T5953] usb 2-1: config 0 interface 125 has no altsetting 2 [ 304.928883][ T5953] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 304.928918][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.928940][ T5953] usb 2-1: Product: syz [ 304.928956][ T5953] usb 2-1: Manufacturer: syz [ 304.928971][ T5953] usb 2-1: SerialNumber: syz [ 305.117551][ T5801] Bluetooth: hci5: command tx timeout [ 305.250873][ T43] usb 1-1: USB disconnect, device number 3 [ 305.359729][ T5953] usb 2-1: config 0 descriptor?? [ 305.528189][ T5953] usb 2-1: selecting invalid altsetting 2 [ 306.374324][ T7373] chnl_net:caif_netlink_parms(): no params data found [ 306.596702][ T7435] netlink: 48 bytes leftover after parsing attributes in process `syz.4.375'. [ 307.341430][ T5808] Bluetooth: hci5: command tx timeout [ 307.397999][ T43] usb 2-1: USB disconnect, device number 4 [ 307.990416][ T7373] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.990654][ T7373] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.991025][ T7373] bridge_slave_0: entered allmulticast mode [ 308.124020][ T7373] bridge_slave_0: entered promiscuous mode [ 308.129976][ T7373] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.130190][ T7373] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.130390][ T7373] bridge_slave_1: entered allmulticast mode [ 308.190500][ T7373] bridge_slave_1: entered promiscuous mode [ 308.247444][ T6115] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 308.417358][ T6115] usb 2-1: Using ep0 maxpacket: 32 [ 308.423296][ T6115] usb 2-1: config 0 interface 0 has no altsetting 0 [ 308.445631][ T6115] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 308.445653][ T6115] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.445666][ T6115] usb 2-1: Product: syz [ 308.445676][ T6115] usb 2-1: Manufacturer: syz [ 308.445684][ T6115] usb 2-1: SerialNumber: syz [ 308.632352][ T6115] usb 2-1: config 0 descriptor?? [ 308.687658][ T6115] gs_usb 2-1:0.0: Required endpoints not found [ 310.342394][ T7463] bridge0: port 3(batadv1) entered blocking state [ 310.344584][ T7463] bridge0: port 3(batadv1) entered disabled state [ 310.344739][ T7463] batadv1: entered allmulticast mode [ 310.354071][ T6115] hid_parser_main: 18 callbacks suppressed [ 310.354094][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354122][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354145][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354168][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354190][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354213][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354236][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354258][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354281][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.354303][ T6115] hid-generic 00A0:0006:0003.000A: unknown main item tag 0x0 [ 310.370532][ T7463] batadv1: entered promiscuous mode [ 310.489768][ T6115] hid-generic 00A0:0006:0003.000A: hidraw0: HID v0.05 Device [syz1] on syz0 [ 310.496097][ T7373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.565847][ T7373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.731298][ T3842] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 310.731319][ T3842] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 311.270936][ T7373] team0: Port device team_slave_0 added [ 311.296058][ T7373] team0: Port device team_slave_1 added [ 312.857979][ T6115] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 314.083159][ T6115] usb 4-1: Using ep0 maxpacket: 16 [ 314.099885][ T5953] usb 2-1: USB disconnect, device number 5 [ 314.130211][ T6115] usb 4-1: config index 0 descriptor too short (expected 16456, got 72) [ 314.130245][ T6115] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 314.130267][ T6115] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 314.130286][ T6115] usb 4-1: config 0 has an invalid interface number: 125 but max is 1 [ 314.130306][ T6115] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 314.130326][ T6115] usb 4-1: config 0 has no interface number 0 [ 314.130381][ T6115] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 314.130503][ T6115] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 314.130527][ T6115] usb 4-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 314.130565][ T6115] usb 4-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 314.130593][ T6115] usb 4-1: config 0 interface 125 has no altsetting 0 [ 314.130612][ T6115] usb 4-1: config 0 interface 125 has no altsetting 2 [ 316.045687][ T6115] usb 4-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 316.045722][ T6115] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.045743][ T6115] usb 4-1: Product: syz [ 316.045758][ T6115] usb 4-1: Manufacturer: syz [ 316.160609][ T6115] usb 4-1: config 0 descriptor?? [ 316.168709][ T6115] usb 4-1: can't set config #0, error -71 [ 316.202026][ T6115] usb 4-1: USB disconnect, device number 7 [ 316.325195][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 316.325209][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 316.325226][ T7373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 316.522173][ T6334] hid_parser_main: 4 callbacks suppressed [ 316.522240][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522310][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522386][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522413][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522437][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522463][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522488][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522513][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522574][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.522644][ T6334] hid-generic 00A0:0006:0003.000B: unknown main item tag 0x0 [ 316.810929][ T6334] hid-generic 00A0:0006:0003.000B: hidraw0: HID v0.05 Device [syz1] on syz0 [ 318.855013][ T3019] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.802715][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 319.802790][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 319.802854][ T7373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 319.824505][ T7513] fido_id[7513]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 321.367202][ T3019] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.482026][ T37] audit: type=1326 audit(1766322930.342:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7527 comm="syz.4.397" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f44881df749 code=0x0 [ 321.913310][ T3019] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.405969][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.406017][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.428845][ T3019] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.508468][ T7373] hsr_slave_0: entered promiscuous mode [ 322.509485][ T7373] hsr_slave_1: entered promiscuous mode [ 322.510134][ T7373] debugfs: 'hsr0' already exists in 'hsr' [ 322.510150][ T7373] Cannot create hsr debugfs directory [ 322.572107][ T31] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 322.757371][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 322.759687][ T31] usb 2-1: config 0 interface 0 has no altsetting 0 [ 322.762263][ T31] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 322.762291][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.762311][ T31] usb 2-1: Product: syz [ 322.762325][ T31] usb 2-1: Manufacturer: syz [ 322.762335][ T31] usb 2-1: SerialNumber: syz [ 322.766234][ T31] usb 2-1: config 0 descriptor?? [ 322.832655][ T31] gs_usb 2-1:0.0: Required endpoints not found [ 325.550371][ T6532] usb 2-1: USB disconnect, device number 6 [ 328.126826][ T7573] netlink: 'syz.0.408': attribute type 1 has an invalid length. [ 328.419715][ T7573] 8021q: adding VLAN 0 to HW filter on device bond1 [ 328.523601][ T7574] bond1: (slave veth0_to_bond): making interface the new active one [ 328.542055][ T7574] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 328.776328][ T7579] lo speed is unknown, defaulting to 1000 [ 328.838376][ T7579] lo speed is unknown, defaulting to 1000 [ 328.841861][ T7579] lo speed is unknown, defaulting to 1000 [ 328.886341][ T7579] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 328.997592][ T3019] bridge_slave_1: left allmulticast mode [ 328.997616][ T3019] bridge_slave_1: left promiscuous mode [ 329.023501][ T7579] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 329.041650][ T3019] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.212884][ T3019] bridge_slave_0: left allmulticast mode [ 329.212920][ T3019] bridge_slave_0: left promiscuous mode [ 329.213189][ T3019] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.336890][ T7592] netlink: 'syz.0.412': attribute type 1 has an invalid length. [ 331.303693][ T5930] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 331.324461][ T7624] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 331.467418][ T5930] usb 5-1: Using ep0 maxpacket: 32 [ 331.504243][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 331.506688][ T5930] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 331.506716][ T5930] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.506735][ T5930] usb 5-1: Product: syz [ 331.506744][ T5930] usb 5-1: Manufacturer: syz [ 331.506753][ T5930] usb 5-1: SerialNumber: syz [ 331.511667][ T5930] usb 5-1: config 0 descriptor?? [ 331.550604][ T5930] gs_usb 5-1:0.0: Required endpoints not found [ 332.371311][ T6334] usb 5-1: USB disconnect, device number 7 [ 333.101008][ T3019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 333.188673][ T3019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 333.215658][ T3019] bond0 (unregistering): Released all slaves [ 333.344252][ T7579] lo speed is unknown, defaulting to 1000 [ 333.468633][ T7592] 8021q: adding VLAN 0 to HW filter on device bond2 [ 333.508091][ T7595] bond1: (slave veth0_to_bond): Releasing active interface [ 333.579649][ T7595] bond2: (slave veth0_to_bond): making interface the new active one [ 333.580799][ T7595] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 333.685278][ T7579] lo speed is unknown, defaulting to 1000 [ 333.912549][ T7579] lo speed is unknown, defaulting to 1000 [ 334.094223][ T7579] lo speed is unknown, defaulting to 1000 [ 334.139965][ T7579] lo speed is unknown, defaulting to 1000 [ 334.144863][ T7579] lo speed is unknown, defaulting to 1000 [ 335.112753][ T7660] netlink: 32 bytes leftover after parsing attributes in process `syz.3.426'. [ 335.112863][ T7660] netlink: 32 bytes leftover after parsing attributes in process `syz.3.426'. [ 335.406352][ T7660] netlink: 32 bytes leftover after parsing attributes in process `syz.3.426'. [ 335.406418][ T7660] netlink: 32 bytes leftover after parsing attributes in process `syz.3.426'. [ 335.684985][ T31] libceph: connect (1)[c::]:6789 error -101 [ 335.685750][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 335.706004][ T31] libceph: connect (1)[c::]:6789 error -101 [ 335.706201][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 335.753966][ T7648] ceph: No mds server is up or the cluster is laggy [ 335.963144][ T31] libceph: connect (1)[c::]:6789 error -101 [ 335.963273][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 336.210125][ T31] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 336.387360][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 336.390217][ T31] usb 5-1: config 0 interface 0 has no altsetting 0 [ 336.393288][ T31] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 336.393320][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.393342][ T31] usb 5-1: Product: syz [ 336.393356][ T31] usb 5-1: Manufacturer: syz [ 336.393372][ T31] usb 5-1: SerialNumber: syz [ 336.400621][ T31] usb 5-1: config 0 descriptor?? [ 336.419272][ T31] gs_usb 5-1:0.0: Required endpoints not found [ 337.300431][ T5991] usb 5-1: USB disconnect, device number 8 [ 337.573740][ T7373] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 338.079529][ T7373] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 338.920570][ T3019] hsr_slave_0: left promiscuous mode [ 338.972568][ T3019] hsr_slave_1: left promiscuous mode [ 338.987598][ T3019] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 338.987628][ T3019] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.028248][ T3019] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 339.028269][ T3019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.475873][ T3019] veth1_macvtap: left promiscuous mode [ 339.475991][ T3019] veth0_macvtap: left promiscuous mode [ 339.476294][ T3019] veth1_vlan: left promiscuous mode [ 339.476484][ T3019] veth0_vlan: left promiscuous mode [ 343.632302][ T7743] comedi comedi3: comedi_config --init_data is deprecated [ 343.717944][ T3019] team0 (unregistering): Port device team_slave_1 removed [ 344.072115][ T7747] netlink: 32 bytes leftover after parsing attributes in process `syz.3.444'. [ 344.072187][ T7747] netlink: 32 bytes leftover after parsing attributes in process `syz.3.444'. [ 344.638420][ T3019] team0 (unregistering): Port device team_slave_0 removed [ 349.102313][ T7373] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 349.128535][ T7710] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.131208][ T7710] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.191055][ T7705] pim6reg: entered allmulticast mode [ 349.216296][ T7373] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 350.054246][ T7373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 350.251042][ T7792] binder: 7788:7792 ioctl 8008662c 200000000240 returned -22 [ 350.381700][ T7373] 8021q: adding VLAN 0 to HW filter on device team0 [ 350.503618][ T158] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.520479][ T158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 350.731472][ T7797] netlink: 28 bytes leftover after parsing attributes in process `syz.0.452'. [ 351.020249][ T4464] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.020451][ T4464] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.402778][ T7824] netlink: 32 bytes leftover after parsing attributes in process `syz.1.454'. [ 353.402865][ T7824] netlink: 32 bytes leftover after parsing attributes in process `syz.1.454'. [ 354.016988][ T7373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 356.047615][ T37] audit: type=1326 audit(1766322964.922:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7848 comm="syz.0.465" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8f6a4f749 code=0x0 [ 356.451495][ T7863] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 356.454162][ T7863] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 356.457000][ T7863] vhci_hcd vhci_hcd.0: Device attached [ 356.854988][ T7373] veth0_vlan: entered promiscuous mode [ 356.976662][ T7862] ================================================================== [ 356.976677][ T7862] BUG: KASAN: slab-use-after-free in rt_spin_lock+0x88/0x3e0 [ 356.976703][ T7862] Read of size 1 at addr ffff88805cced200 by task syz.4.466/7862 [ 356.976714][ T7862] [ 356.976723][ T7862] CPU: 0 UID: 0 PID: 7862 Comm: syz.4.466 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 356.976739][ T7862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 356.976753][ T7862] Call Trace: [ 356.976758][ T7862] [ 356.976764][ T7862] dump_stack_lvl+0xe8/0x150 [ 356.976784][ T7862] print_report+0xca/0x240 [ 356.976799][ T7862] ? rt_spin_lock+0x88/0x3e0 [ 356.976813][ T7862] kasan_report+0x118/0x150 [ 356.976834][ T7862] ? rt_spin_lock+0x88/0x3e0 [ 356.976851][ T7862] ? __wake_up_common_lock+0x2f/0x1e0 [ 356.976867][ T7862] __kasan_check_byte+0x2a/0x40 [ 356.976886][ T7862] lock_acquire+0x84/0x340 [ 356.976902][ T7862] ? rt_mutex_slowunlock+0x668/0x8a0 [ 356.976918][ T7862] ? reacquire_held_locks+0x104/0x190 [ 356.976937][ T7862] rt_spin_lock+0x88/0x3e0 [ 356.976952][ T7862] ? __wake_up_common_lock+0x2f/0x1e0 [ 356.976967][ T7862] ? __pfx_rt_spin_lock+0x10/0x10 [ 356.976983][ T7862] ? rt_spin_unlock+0x161/0x200 [ 356.976999][ T7862] ? __wake_up_common_lock+0x18a/0x1e0 [ 356.977014][ T7862] __wake_up_common_lock+0x2f/0x1e0 [ 356.977029][ T7862] ? snd_pcm_post_stop+0x14a/0x1e0 [ 356.977042][ T7862] ? __pfx_snd_pcm_post_stop+0x10/0x10 [ 356.977052][ T7862] snd_pcm_action+0x1f4/0x240 [ 356.977069][ T7862] loopback_trigger+0xb82/0x1b60 [ 356.977082][ T7862] ? rcu_is_watching+0x15/0xb0 [ 356.977095][ T7862] snd_pcm_do_start+0xb7/0x180 [ 356.977114][ T7862] snd_pcm_action+0xe7/0x240 [ 356.977130][ T7862] __snd_pcm_lib_xfer+0x1762/0x1d00 [ 356.977145][ T7862] ? __pfx_interleaved_copy+0x10/0x10 [ 356.977158][ T7862] ? __pfx_default_write_copy+0x10/0x10 [ 356.977172][ T7862] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 356.977185][ T7862] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 356.977207][ T7862] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 356.977232][ T7862] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 356.977260][ T7862] ? snd_pcm_oss_write3+0x1a2/0x350 [ 356.977292][ T7862] snd_pcm_oss_write3+0x1bc/0x350 [ 356.977327][ T7862] snd_pcm_plug_write_transfer+0x2cb/0x4c0 [ 356.977355][ T7862] ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10 [ 356.977380][ T7862] ? snd_pcm_plug_client_channels_buf+0x490/0x640 [ 356.977409][ T7862] snd_pcm_oss_write+0xa31/0xf20 [ 356.977448][ T7862] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 356.977483][ T7862] ? rw_verify_area+0x25b/0x4e0 [ 356.977510][ T7862] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 356.977544][ T7862] vfs_write+0x287/0xb40 [ 356.977577][ T7862] ? __pfx_vfs_write+0x10/0x10 [ 356.977608][ T7862] ? __fget_files+0x2a/0x420 [ 356.977632][ T7862] ? __fget_files+0x2a/0x420 [ 356.977654][ T7862] ? __fget_files+0x3a6/0x420 [ 356.977677][ T7862] ? __fget_files+0x2a/0x420 [ 356.977704][ T7862] ksys_write+0x14b/0x260 [ 356.977736][ T7862] ? __pfx_ksys_write+0x10/0x10 [ 356.977781][ T7862] do_syscall_64+0xec/0xf80 [ 356.977803][ T7862] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.977826][ T7862] ? trace_irq_disable+0x37/0x100 [ 356.977850][ T7862] ? clear_bhb_loop+0x60/0xb0 [ 356.977876][ T7862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.977898][ T7862] RIP: 0033:0x7f44881df749 [ 356.977920][ T7862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.977940][ T7862] RSP: 002b:00007f4486404038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 356.977965][ T7862] RAX: ffffffffffffffda RBX: 00007f4488436180 RCX: 00007f44881df749 [ 356.977982][ T7862] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008 [ 356.977998][ T7862] RBP: 00007f4488263f91 R08: 0000000000000000 R09: 0000000000000000 [ 356.978012][ T7862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.978026][ T7862] R13: 00007f4488436218 R14: 00007f4488436180 R15: 00007ffde2df5e88 [ 356.978052][ T7862] [ 356.978060][ T7862] [ 356.978066][ T7862] Allocated by task 7860: [ 356.978077][ T7862] kasan_save_track+0x3e/0x80 [ 356.978106][ T7862] __kasan_kmalloc+0x93/0xb0 [ 356.978135][ T7862] __kmalloc_cache_noprof+0x1fb/0x6d0 [ 356.978165][ T7862] snd_pcm_attach_substream+0x5b7/0xb30 [ 356.978189][ T7862] snd_pcm_open_substream+0xb6/0x2410 [ 356.978218][ T7862] snd_pcm_oss_open+0xf2a/0x1bd0 [ 356.978235][ T7862] chrdev_open+0x4cf/0x5e0 [ 356.978252][ T7862] do_dentry_open+0x7d0/0x1270 [ 356.978273][ T7862] vfs_open+0x3b/0x350 [ 356.978292][ T7862] path_openat+0x342a/0x3df0 [ 356.978319][ T7862] do_filp_open+0x1fa/0x410 [ 356.978345][ T7862] do_sys_openat2+0x121/0x200 [ 356.978366][ T7862] __x64_sys_openat+0x138/0x170 [ 356.978387][ T7862] do_syscall_64+0xec/0xf80 [ 356.978405][ T7862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.978425][ T7862] [ 356.978430][ T7862] Freed by task 7854: [ 356.978440][ T7862] kasan_save_track+0x3e/0x80 [ 356.978467][ T7862] kasan_save_free_info+0x46/0x50 [ 356.978491][ T7862] __kasan_slab_free+0x5c/0x80 [ 356.978518][ T7862] kfree+0x1bd/0x900 [ 356.978542][ T7862] snd_pcm_detach_substream+0x1e1/0x290 [ 356.978565][ T7862] snd_pcm_oss_release+0x184/0x250 [ 356.978582][ T7862] __fput+0x45b/0xa80 [ 356.978603][ T7862] task_work_run+0x1d4/0x260 [ 356.978634][ T7862] get_signal+0x11c4/0x1310 [ 356.978655][ T7862] arch_do_signal_or_restart+0x9a/0x7a0 [ 356.978688][ T7862] exit_to_user_mode_loop+0x87/0x4e0 [ 356.978716][ T7862] do_syscall_64+0x2b7/0xf80 [ 356.978735][ T7862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.978764][ T7862] [ 356.978769][ T7862] The buggy address belongs to the object at ffff88805cced000 [ 356.978769][ T7862] which belongs to the cache kmalloc-2k of size 2048 [ 356.978788][ T7862] The buggy address is located 512 bytes inside of [ 356.978788][ T7862] freed 2048-byte region [ffff88805cced000, ffff88805cced800) [ 356.978811][ T7862] [ 356.978816][ T7862] The buggy address belongs to the physical page: [ 356.978827][ T7862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5cce8 [ 356.978848][ T7862] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 356.978866][ T7862] flags: 0x80000000000040(head|node=0|zone=1) [ 356.978884][ T7862] page_type: f5(slab) [ 356.978904][ T7862] raw: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 356.978923][ T7862] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 356.978943][ T7862] head: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122 [ 356.978962][ T7862] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 356.978981][ T7862] head: 0080000000000003 ffffea0001733a01 00000000ffffffff 00000000ffffffff [ 356.978999][ T7862] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 356.979010][ T7862] page dumped because: kasan: bad access detected [ 356.979021][ T7862] page_owner tracks the page as allocated [ 356.979028][ T7862] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5806, tgid 5806 (syz-executor), ts 94760042164, free_ts 0 [ 356.979065][ T7862] post_alloc_hook+0x234/0x290 [ 356.979095][ T7862] get_page_from_freelist+0x28c0/0x2960 [ 356.979115][ T7862] __alloc_frozen_pages_noprof+0x181/0x370 [ 356.979135][ T7862] alloc_pages_mpol+0xd1/0x380 [ 356.979152][ T7862] allocate_slab+0x86/0x3b0 [ 356.979176][ T7862] ___slab_alloc+0xb10/0x13e0 [ 356.979196][ T7862] __slab_alloc+0xc6/0x1f0 [ 356.979215][ T7862] __kmalloc_node_track_caller_noprof+0x2bf/0x810 [ 356.979247][ T7862] kmalloc_reserve+0x136/0x290 [ 356.979269][ T7862] pskb_expand_head+0x19d/0x1160 [ 356.979297][ T7862] netlink_trim+0x1b3/0x2c0 [ 356.979320][ T7862] netlink_broadcast_filtered+0xd6/0x1000 [ 356.979345][ T7862] nlmsg_notify+0xf0/0x1a0 [ 356.979370][ T7862] __dev_notify_flags+0xf4/0x2e0 [ 356.979393][ T7862] netif_change_flags+0xe8/0x1a0 [ 356.979417][ T7862] do_setlink+0xc55/0x41c0 [ 356.979441][ T7862] page_owner free stack trace missing [ 356.979449][ T7862] [ 356.979454][ T7862] Memory state around the buggy address: [ 356.979465][ T7862] ffff88805cced100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 356.979480][ T7862] ffff88805cced180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 356.979494][ T7862] >ffff88805cced200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 356.979504][ T7862] ^ [ 356.979516][ T7862] ffff88805cced280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 356.979530][ T7862] ffff88805cced300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 356.979541][ T7862] ================================================================== [ 356.992517][ T7862] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 356.992535][ T7862] CPU: 0 UID: 0 PID: 7862 Comm: syz.4.466 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 356.992553][ T7862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 356.992561][ T7862] Call Trace: [ 356.992567][ T7862] [ 356.992572][ T7862] vpanic+0x1e0/0x670 [ 356.992596][ T7862] panic+0xb9/0xc0 [ 356.992612][ T7862] ? __pfx_panic+0x10/0x10 [ 356.992629][ T7862] ? preempt_schedule_thunk+0x16/0x30 [ 356.992644][ T7862] ? preempt_schedule_thunk+0x16/0x30 [ 356.992657][ T7862] ? rt_spin_lock+0x88/0x3e0 [ 356.992674][ T7862] check_panic_on_warn+0x89/0xb0 [ 356.992693][ T7862] ? rt_spin_lock+0x88/0x3e0 [ 356.992708][ T7862] end_report+0x6f/0x140 [ 356.992727][ T7862] kasan_report+0x129/0x150 [ 356.992753][ T7862] ? rt_spin_lock+0x88/0x3e0 [ 356.992770][ T7862] ? __wake_up_common_lock+0x2f/0x1e0 [ 356.992785][ T7862] __kasan_check_byte+0x2a/0x40 [ 356.992804][ T7862] lock_acquire+0x84/0x340 [ 356.992834][ T7862] ? rt_mutex_slowunlock+0x668/0x8a0 [ 356.992851][ T7862] ? reacquire_held_locks+0x104/0x190 [ 356.992872][ T7862] rt_spin_lock+0x88/0x3e0 [ 356.992887][ T7862] ? __wake_up_common_lock+0x2f/0x1e0 [ 356.992903][ T7862] ? __pfx_rt_spin_lock+0x10/0x10 [ 356.992919][ T7862] ? rt_spin_unlock+0x161/0x200 [ 356.992935][ T7862] ? __wake_up_common_lock+0x18a/0x1e0 [ 356.992952][ T7862] __wake_up_common_lock+0x2f/0x1e0 [ 356.992973][ T7862] ? snd_pcm_post_stop+0x14a/0x1e0 [ 356.992986][ T7862] ? __pfx_snd_pcm_post_stop+0x10/0x10 [ 356.992997][ T7862] snd_pcm_action+0x1f4/0x240 [ 356.993014][ T7862] loopback_trigger+0xb82/0x1b60 [ 356.993027][ T7862] ? rcu_is_watching+0x15/0xb0 [ 356.993041][ T7862] snd_pcm_do_start+0xb7/0x180 [ 356.993061][ T7862] snd_pcm_action+0xe7/0x240 [ 356.993078][ T7862] __snd_pcm_lib_xfer+0x1762/0x1d00 [ 356.993093][ T7862] ? __pfx_interleaved_copy+0x10/0x10 [ 356.993106][ T7862] ? __pfx_default_write_copy+0x10/0x10 [ 356.993120][ T7862] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 356.993133][ T7862] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 356.993145][ T7862] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 356.993161][ T7862] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 356.993178][ T7862] ? snd_pcm_oss_write3+0x1a2/0x350 [ 356.993198][ T7862] snd_pcm_oss_write3+0x1bc/0x350 [ 356.993218][ T7862] snd_pcm_plug_write_transfer+0x2cb/0x4c0 [ 356.993234][ T7862] ? __pfx_snd_pcm_plug_write_transfer+0x10/0x10 [ 356.993249][ T7862] ? snd_pcm_plug_client_channels_buf+0x490/0x640 [ 356.993265][ T7862] snd_pcm_oss_write+0xa31/0xf20 [ 356.993288][ T7862] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 356.993309][ T7862] ? rw_verify_area+0x25b/0x4e0 [ 356.993325][ T7862] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 356.993344][ T7862] vfs_write+0x287/0xb40 [ 356.993362][ T7862] ? __pfx_vfs_write+0x10/0x10 [ 356.993379][ T7862] ? __fget_files+0x2a/0x420 [ 356.993392][ T7862] ? __fget_files+0x2a/0x420 [ 356.993404][ T7862] ? __fget_files+0x3a6/0x420 [ 356.993415][ T7862] ? __fget_files+0x2a/0x420 [ 356.993430][ T7862] ksys_write+0x14b/0x260 [ 356.993447][ T7862] ? __pfx_ksys_write+0x10/0x10 [ 356.993466][ T7862] do_syscall_64+0xec/0xf80 [ 356.993477][ T7862] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.993490][ T7862] ? trace_irq_disable+0x37/0x100 [ 356.993507][ T7862] ? clear_bhb_loop+0x60/0xb0 [ 356.993521][ T7862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.993534][ T7862] RIP: 0033:0x7f44881df749 [ 356.993547][ T7862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.993558][ T7862] RSP: 002b:00007f4486404038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 356.993573][ T7862] RAX: ffffffffffffffda RBX: 00007f4488436180 RCX: 00007f44881df749 [ 356.993583][ T7862] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000008 [ 356.993591][ T7862] RBP: 00007f4488263f91 R08: 0000000000000000 R09: 0000000000000000 [ 356.993599][ T7862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.993606][ T7862] R13: 00007f4488436218 R14: 00007f4488436180 R15: 00007ffde2df5e88 [ 356.993621][ T7862] [ 356.994275][ T7862] Kernel Offset: disabled