last executing test programs: 3m13.538663753s ago: executing program 1 (id=224): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xffffffffffffbffc) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x3) splice(r2, 0x0, r1, 0x0, 0x406f413, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000000300)=""/169, 0xa9) read$msr(r3, &(0x7f0000019680)=""/102384, 0x18ff0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, 0x0, 0x2000a804) bind$rds(0xffffffffffffffff, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0xc8}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r6, 0x0, &(0x7f0000000500)=""/120}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) 3m9.769885526s ago: executing program 1 (id=233): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SCUDMATCHLEN(r0, 0x89e7, &(0x7f0000000080)={0x4d}) 3m8.93610117s ago: executing program 1 (id=236): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) socket(0x14, 0x2, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000002c00)=@buf={0x500, &(0x7f0000002bc0)}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000000000000000020000040900010073797a30000000000900020073797a3200000000400004803c0001800a00010072656469720000002c000280080001"], 0x94}, 0x1, 0x0, 0x0, 0x8080}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x34, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0xffffffff, 0x0]}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0xfffffffc}]}]}, 0x34}}, 0x0) 3m7.001639431s ago: executing program 1 (id=244): sched_setscheduler(0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000100)={@local}) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0xa43, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r1, 0x1) connect$bt_rfcomm(r1, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) 3m5.686764447s ago: executing program 1 (id=248): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(r1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) syz_io_uring_setup(0x49a, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r5, 0x5452, &(0x7f0000000040)=0xcd8) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) io_setup(0x4, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x00I\x00_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 3m4.06782289s ago: executing program 1 (id=249): add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x20000040) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0}) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008010) r2 = open(0x0, 0x0, 0x0) fcntl$notify(r2, 0x402, 0x8000003d) fcntl$setsig(r2, 0xa, 0x21) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x700) creat(0x0, 0x83) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448ca, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0) 2m48.329163001s ago: executing program 32 (id=249): add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x20000040) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0}) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008010) r2 = open(0x0, 0x0, 0x0) fcntl$notify(r2, 0x402, 0x8000003d) fcntl$setsig(r2, 0xa, 0x21) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x700) creat(0x0, 0x83) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448ca, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0) 1m28.678707729s ago: executing program 2 (id=463): socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) syz_io_uring_setup(0x497, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000002001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000340)='mmap_lock_acquire_returned\x00', r2}, 0x18) getdents(0xffffffffffffffff, &(0x7f0000000080)=""/59, 0x3b) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x0, 0x8, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ca9bd410991100b098a80102180109021200"], 0x0) 1m24.630713507s ago: executing program 2 (id=472): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xffff, 0x4}, {0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2, @ANYBLOB="60005080110001004abee339084eeef16f162471f4000000080003000dac0f000500020007"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 1m23.494893627s ago: executing program 2 (id=477): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 1m21.860000062s ago: executing program 2 (id=479): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x261) 1m21.628705872s ago: executing program 2 (id=481): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x44, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0xd}, @device_b, @broadcast, @random="313b6cf630d7", {0x3}}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x5, 0x80, 0x3}, @void}}}}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 1m20.888516177s ago: executing program 2 (id=484): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0x401, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_MAP={0x24, 0xe, {0xc20, 0x9, 0x4, 0x5d, 0x0, 0x2}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x40045}, 0x2000010) 1m20.230232266s ago: executing program 33 (id=484): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@newlink={0x58, 0x10, 0x401, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_MAP={0x24, 0xe, {0xc20, 0x9, 0x4, 0x5d, 0x0, 0x2}}, @IFLA_IFNAME={0x14, 0x3, 'geneve1\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x40045}, 0x2000010) 15.242180054s ago: executing program 4 (id=667): socket$kcm(0x29, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x3ff, 0xfffffe0000000001, 0x892, 0xffffffff}, 0x0) unshare(0x2040400) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r2, 0x10001, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000040), &(0x7f00000000c0)=0x4) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}, {0x0}], 0x2) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r5, &(0x7f0000000040)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r5, &(0x7f0000000240)={0x24, @short={0x2, 0x1, 0xffff}}, 0x14) sendmmsg(r5, &(0x7f00000196c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0xd, 0x0}}], 0x4000050, 0x400c010) prlimit64(0x0, 0x7, 0x0, 0x0) 14.275234739s ago: executing program 0 (id=669): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 12.218687791s ago: executing program 0 (id=672): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000480)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x2000000000000002, {0x1, 0xff, 0x3}}, 0x18) sendmsg$can_j1939(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x1d, r1, 0x0, {0x0, 0x0, 0x1}, 0x1}, 0x18, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x20008840}, 0x4000000) 12.091042232s ago: executing program 3 (id=673): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0}) r2 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xce) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_emit_ethernet(0x6e, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000001300)=""/102400, 0x19000) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000010c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(r4, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) syz_open_dev$dri(0x0, 0x1, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, &(0x7f0000000400)=""/230, 0xe6) ioctl$DRM_IOCTL_GEM_FLINK(r2, 0xc008640a, &(0x7f0000000300)) 12.006961349s ago: executing program 5 (id=674): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x18, 0x0, 0x0, 0x2, 0x0, 0x0, 0x25dfdbfb}, 0x10}}, 0x0) 11.862672672s ago: executing program 0 (id=675): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) 11.230799448s ago: executing program 5 (id=676): socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_emit_ethernet(0xfdef, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6092c01f00082f00fe80fe43c8a0000000000000000000bb00000000000000000000ffff00000000242065580000000000000021000086dd080088be4305400f"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, 0x0, &(0x7f0000001080)) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000ac0)={0x0, 0xd0}, &(0x7f0000000b00)=0x8) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7ff, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0xe, 0xc, 0x32315241, 0x5, 0x568d, 0x3, 0x2, 0x8, 0x1, 0x1, 0x1}}) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 11.104623779s ago: executing program 0 (id=677): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 10.730589572s ago: executing program 3 (id=678): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x0) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000280)="fb", 0x1}], 0x1) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000800) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r5, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000900)={0x24, r6, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20000890) close(r2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r7 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r7, 0x1, 0x10, &(0x7f0000000200)=0x1c, 0x4) prctl$PR_GET_NO_NEW_PRIVS(0x27) bind$unix(r7, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 9.992728257s ago: executing program 5 (id=679): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) sendto$packet(r6, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10) r8 = semget$private(0x0, 0x4000000009, 0x0) semtimedop(r8, &(0x7f0000000000)=[{0x4, 0xffff}], 0x1, &(0x7f0000000040)) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x24044010) socket$kcm(0xa, 0x922000000003, 0x11) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000003600)={0xffffffffffffffff}) ioctl$sock_ifreq(r9, 0x8971, &(0x7f0000003f40)={'veth1_to_team\x00', @ifru_names='vcan0\x00'}) 8.94265312s ago: executing program 4 (id=680): socket$key(0xf, 0x3, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r4 = syz_open_dev$vcsn(0x0, 0x1, 0x1) write$UHID_INPUT(r4, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001800", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x52, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000002c0)='selinux_audited\x00', 0xffffffffffffffff, 0x0, 0x8000000000000}, 0x18) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40000) connect$tipc(0xffffffffffffffff, &(0x7f0000000140)=@id={0x1e, 0x3, 0x0, {0xa}}, 0x10) shutdown(0xffffffffffffffff, 0x2) 8.926597151s ago: executing program 3 (id=681): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r0, &(0x7f0000000440)=ANY=[@ANYBLOB='lock '], 0xc) 8.666595865s ago: executing program 0 (id=682): r0 = socket$netlink(0x10, 0x3, 0x15) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xd, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) io_submit(0x0, 0x0, &(0x7f00000009c0)) ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, &(0x7f0000000140)=0x2) bind$can_j1939(r1, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0x0, 0x3}, 0xff}, 0x18) sendmmsg$unix(r1, &(0x7f0000012fc0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000005c0)}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x24004005) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'}) sendmsg$kcm(r6, &(0x7f0000000280)={&(0x7f0000000100)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x7}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @default, @bcast, @null]}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000600)="004ffdd6e133c3deadf9364d137c278a24baa13cb32160ed4afc3e4caa0ad8ec4f724d3965cab84488b110eaaa471bb078f53db2f460a861ffc776d9f346f83bc19337811a5501162a4800e586691af8bc38f39577bacbb2892166a08614787618dcc67f7a0730f40d5289c6189c114a2cf0bf61c392e453ce227cf7768918b115ad903c7bb2deefd8816ecaaf1fbe122ac104fc5152956fbf9a9c330a937e2e099c680c0acbacce64bc0356fe0bed2be5ece01ffbdf84415fd19f473cf5a83273fd09d9aaeb6fa026dbf10d55978bd589e5d62a28f0dc827294a2f9226969171e6e59e0b805d4df3f84c379eb83d9075d6fbe368d2b69eb9ec47792ad2bcc9538b77b2e4cd5a3d67372018bdc5cffe161d7f1bf9099ea142e88138d4bbbeeb270ddb91c4214188ea5902fc5c6c785bd92af7d2befaa608d34d2c337bc598ee16d0681ae06f992c4cff35aaf5659c5b04e7b076fe780c1c8f5f13d8ec2348c03677ebfab743412906ca990743f4dcad290e17769602e5b6043fd129ca5bb14ad7a3c53f0eb0c6740b7a5d7561bb916f669fd57bef9209aa07a25715f6178d36c85936acf48fa403c0c8cd4ee8425334b87b5b486d47d5170c4da7b0f4580343c5a2415a00ad8ddf3d062adae80ffb9751eafef5a9b3897bdba51bba18973e6b2972a89b8f92294ebf06a0efaa30e812fbbb6eb3f5548e132de97d461dd19d96ae3a9c9dfe931a209c9951190ed9caedc564c19e6e45b6a0aeb8d938636e148cba66d095831ed678049bc9c7211756f7774579d2b8f0286c0ff015ad44801868aaaaad1972088b502812586ecccbd0cd5cb0af39e9eea016603f27405b5fac7c5004b52e8a3aa5e6fc22b3e500aeabeb0be09ba73cdd4215c8cabf53a7f17391a45de1bdc341973e41254e8bce3c06b8da3b7ee4850936e67072d7ecb9d13f5d889a17e7213fb36c4e97b0bf7c97c7090a57929e18913adc95d732d5b02fc9b4c284e342f8d05715fc24ea194ac57cb602d1a85d832ef2bac154d5a243799b0cf23afec6b0c7928703f281c6bc0478511749b26da0a8f9153868d9e198d223c8bcc23c2f50b021645efe2edd26cca44bf56c3c8c4bf6e7301da69dc4d8595cf22d96025c4d254fb91e5dd9ae81dc2b6d2b07d9731480d70d914ebb5bedc7a8d8ee6ce38563064e1c544c37a45572108e4fa68e15fc3897454c7f8b733189952458c4638407441c175d8057e5062b4db299df10be3828ebf8cf8d6b88a0cf99c2e8e7726fc87e663c7edbc71bb0104d4cbc9c20a0a8694a7a7b6d58ba41571a2d9942465f441e2573d5b62ddd52462c44354911065f3d5c42cb52609ce2b5580d80e65249d159ba31972eee86ca8cdcf2c2d9fb7955de966b55cd4ea464fc105459c810a70e59a2fe351eda476de4e8f1acc7b6de58ba719a396b0887ee494b40ba4de6a6ed54bcb9ee05a7b233fc06dc34081aa97735d72da206af23353a0079fe36c64d39c9d61446488175d4c3f0bedd2c9bac0fd6912b5e2a17f245b04744dfc3a359153ddf9614423e559cd5daa4844d10d8d9e1196c05d1825585e318cec8ec447cb9065923de9d888a4d0c675a992a62d1d9bde4cac026b8bb431aa7f8296a74a3cd0e90f08499449caff7b7111862ca2b6fe0ea663c94791b9bd888f7e759b592a933c9628cc3dc2586222466de387c303de42485a30cf6892cfec28c48ea67ab41052458657f47614b8e9063ee1c8d8f17237f830c468296884e1e7140b487becaed0cd78094591cd07bb4ea8fc8ac95a0453013711d0b9428ad32719bb4aed81e0c16b021ea1a851fa54245984cec0f381831429120eb57e20db0c951174b0379ce4bc3528c1fe9e8b1e0034b9684497c2c8497791bfac4ff7fd0e2e9dbe34c73a25d951ddfe0d406be115e9e923144020e5317feee23d737b09e9776c07c71990b55786a34aeb9122a3f0e3b05789063904676da6c6260e3a9fe84f09b86aff71966f318a9d54a877e87c30ff2ed9924a41c323f4ff5325448d0a58dfbf83d31ae0d4ea26448de9dbc66d8ae756fa1db307905d218371daf1b568d3b41cc83845a0b7215fae1fca46ab15c6b69a89fc43cfdf3d5c107e820e551894b608c560d7d5ffe5ec35242b6c58adb0d6155302805677844e94eaa73fa994e2cd627f0a3d5b915c99eea6dda54e167babccb0e157a4ee21282770d3a67b2d32bea86cd68f259d8717fa7b5e4bef073a35c9090e210399190a13084e5f90649db5c3d92931f1ab9b6536358a9d8717daa90ba4bf6e53c86f02657df1d420edb9c75491ea8bec8412da6a057c33e9cc29f8169f3a76028f77f1957d3e322943d34f142a26a39a48ccf5be23734d458dbb18c4796769844c52d309c1afacec36796a34bf2c7043a20747da592082efd54e29ed4c21e5b1a031034b9cec1a67b2fb4e2e218b8246457a36a92841a1675efa79e23a6417914cba8ceb635174c62eac6d00d75ae652d828d2a5da7efe7f669fc059bec46e7d38c92d7eefe2b4fcd7224b303fe73f177f44c210ec4cc98617786a91665d4d85b6c22c018076cacd13a5212580c1339c2b45169f3b28bdadb90ffb979ade0e885562ef4162ff4032031383b0b6b8deee7ba35e9be10f09ae3960277e1edd7d3328bc6c1e78bf5dc4a0d225978d8581da56e711aab77846f87971888847136d9f1596208fe82557407fde9ea94d3b1f3338b839ef34085d335efc3c93abeceeed12d98ba10d1b705b742a794c8cb38d42d62951e0492d91c1d51f9c7f74e012a1c390ea844dd5296c674156f106dcd73c37437cefddbf900b4a6252", 0x7d1}, {0x0}, {&(0x7f0000000300)="23e747073ad571e9e7ba5cc2e80d9b553454d6b51cec75e55d69d2eae1a200"/40, 0x28}, {&(0x7f0000000480)="63d6c0eaa863afd7a233f76c6b22fd58e0d65f9fea75789b2996209dd41d174b779c3293aaa9e5848aba40ef75456d636c4b4856f8889412a57afaf87b27e1c4399aa9", 0x43}, {&(0x7f0000000180)}, {0x0}], 0x6}, 0x20000000) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xts-twofish-avx,camellia-asm,cbcmac(aes))\x00'}, 0x58) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="04010000100053"], 0x104}, 0x1, 0x0, 0x0, 0x20040890}, 0x200080c0) 7.816242689s ago: executing program 3 (id=683): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x4) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, 0x0, 0xeeef0000}) dup(0xffffffffffffffff) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r4, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) readv(r4, &(0x7f0000000100)=[{&(0x7f00000005c0)=""/183, 0xb7}], 0x1) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000500)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, 0x0) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) userfaultfd(0x800) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x2, 0x10000000000000, 0x7}) getpid() syz_usb_connect(0x3, 0x3f, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000031d6b52021040e0154560000000109022d00010000000009044500000202fffc050406000005240005000d240f0109000000b6f2feff6704240200"], 0x0) 6.979161144s ago: executing program 5 (id=684): shmget$private(0x0, 0x1000, 0x8, &(0x7f000068e000/0x1000)=nil) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000300)=""/102392, 0x18ff8) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885, 0x0, 0xfffffffc}, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x1, 0x3, 0x3, 0x4a}, 0x10) close(r3) 5.274537664s ago: executing program 0 (id=685): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0x3) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x6c}}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) syz_clone3(&(0x7f0000000080)={0x801400, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58) r5 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) close(r5) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x84, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fdlrfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',\x00']) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) unshare(0x28040680) r6 = timerfd_create(0x0, 0x0) timerfd_gettime(r6, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r9, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4) r10 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_aout(r10, &(0x7f0000000640)=ANY=[@ANYBLOB="cc000804890300007e0200000000000018020000010400000000000000000000000000000000000000000000000000000000000000000000000000000000009ced000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000136adf287ed93100"/1056], 0x420) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000420000003c00128008000100677470003000028008000200", @ANYRES32=r9], 0x5c}, 0x1, 0xba01}, 0x0) close(r9) connect$bt_rfcomm(r0, &(0x7f0000000140)={0x1f, @any, 0xb}, 0xa) 5.158900825s ago: executing program 4 (id=686): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x82002) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000080)=0x421) r2 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x40040) ioctl$CEC_S_MODE(r2, 0x40046109, &(0x7f0000000200)=0xf0) close_range(r0, 0xffffffffffffffff, 0x0) 4.200242809s ago: executing program 5 (id=687): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount(0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r4, &(0x7f0000000180)=ANY=[@ANYBLOB='RECLEV\nPHONEOUT\nSPEAKER '], 0xb8) r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r5, r4, 0x0) 4.142640305s ago: executing program 4 (id=688): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x48, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x48}}, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.221663424s ago: executing program 4 (id=689): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x28, &(0x7f0000000400)=ANY=[@ANYBLOB='max=0000000000040000000']) 2.211588415s ago: executing program 5 (id=690): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 2.138342331s ago: executing program 3 (id=691): getpgrp(0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x82d80) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x12, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20}, 0x94) socket(0x25, 0x800, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(r4, 0x112, 0x8, 0x0, 0x0) r5 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) prlimit64(r0, 0x6, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$NL80211_CMD_RELOAD_REGDB(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r7, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) 109.811421ms ago: executing program 3 (id=692): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) sendto$packet(r6, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10) r8 = semget$private(0x0, 0x4000000009, 0x0) semtimedop(r8, &(0x7f0000000000)=[{0x4, 0xffff}], 0x1, &(0x7f0000000040)) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x24044010) socket$kcm(0xa, 0x922000000003, 0x11) socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000003600)={0xffffffffffffffff}) ioctl$sock_ifreq(r9, 0x8971, &(0x7f0000003f40)={'veth1_to_team\x00', @ifru_names='vcan0\x00'}) 0s ago: executing program 4 (id=693): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0x13) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) semget$private(0x0, 0x4000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x15) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.115' (ED25519) to the list of known hosts. [ 73.369922][ T5752] cgroup: Unknown subsys name 'net' [ 73.506334][ T5752] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.139094][ T5752] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.910208][ T5767] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.927248][ T5769] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.935144][ T5767] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.939185][ T5770] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.947494][ T5767] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.957378][ T5767] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.965988][ T5769] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.973949][ T5769] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.981239][ T5767] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.982902][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.992247][ T5767] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.999448][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.008836][ T5767] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.012179][ T5776] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.022797][ T5767] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.026685][ T5776] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.036908][ T5767] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.038614][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.046274][ T5767] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.055509][ T5776] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.065656][ T5767] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.079043][ T5767] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.086352][ T5767] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.093921][ T5766] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.521050][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 77.627531][ T5762] chnl_net:caif_netlink_parms(): no params data found [ 77.759115][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 77.790674][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.798655][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.805934][ T5772] bridge_slave_0: entered allmulticast mode [ 77.813937][ T5772] bridge_slave_0: entered promiscuous mode [ 77.863947][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.871376][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.879010][ T5772] bridge_slave_1: entered allmulticast mode [ 77.886371][ T5772] bridge_slave_1: entered promiscuous mode [ 77.906695][ T5763] chnl_net:caif_netlink_parms(): no params data found [ 77.923284][ T5762] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.930901][ T5762] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.938265][ T5762] bridge_slave_0: entered allmulticast mode [ 77.945414][ T5762] bridge_slave_0: entered promiscuous mode [ 77.993837][ T5762] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.001175][ T5762] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.008907][ T5762] bridge_slave_1: entered allmulticast mode [ 78.016043][ T5762] bridge_slave_1: entered promiscuous mode [ 78.047063][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.103142][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.124390][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.132089][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.139417][ T5765] bridge_slave_0: entered allmulticast mode [ 78.146861][ T5765] bridge_slave_0: entered promiscuous mode [ 78.183682][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.191032][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.198625][ T5765] bridge_slave_1: entered allmulticast mode [ 78.205557][ T5765] bridge_slave_1: entered promiscuous mode [ 78.227211][ T5762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.240061][ T5762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.259198][ T5772] team0: Port device team_slave_0 added [ 78.316513][ T5772] team0: Port device team_slave_1 added [ 78.325398][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.337803][ T5762] team0: Port device team_slave_0 added [ 78.347063][ T5762] team0: Port device team_slave_1 added [ 78.392148][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.413526][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.421486][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.428812][ T5763] bridge_slave_0: entered allmulticast mode [ 78.436295][ T5763] bridge_slave_0: entered promiscuous mode [ 78.444666][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.451809][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.478088][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.514283][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.521670][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.529580][ T5763] bridge_slave_1: entered allmulticast mode [ 78.536542][ T5763] bridge_slave_1: entered promiscuous mode [ 78.552543][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.559624][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.585795][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.610091][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.617077][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.643278][ T5762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.694446][ T5765] team0: Port device team_slave_0 added [ 78.701629][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.709321][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.735626][ T5762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.749274][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.762144][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.774560][ T5765] team0: Port device team_slave_1 added [ 78.846635][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.853806][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.880091][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.893228][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.900438][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.926529][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.967224][ T5772] hsr_slave_0: entered promiscuous mode [ 78.973887][ T5772] hsr_slave_1: entered promiscuous mode [ 79.005359][ T5763] team0: Port device team_slave_0 added [ 79.028091][ T5762] hsr_slave_0: entered promiscuous mode [ 79.034694][ T5762] hsr_slave_1: entered promiscuous mode [ 79.040962][ T5762] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.049761][ T5762] Cannot create hsr debugfs directory [ 79.063089][ T5763] team0: Port device team_slave_1 added [ 79.078612][ T51] Bluetooth: hci1: command tx timeout [ 79.088393][ T51] Bluetooth: hci0: command tx timeout [ 79.156850][ T5765] hsr_slave_0: entered promiscuous mode [ 79.162633][ T51] Bluetooth: hci2: command tx timeout [ 79.162653][ T5766] Bluetooth: hci3: command tx timeout [ 79.175922][ T5765] hsr_slave_1: entered promiscuous mode [ 79.183849][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.191647][ T5765] Cannot create hsr debugfs directory [ 79.203039][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.210334][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.237318][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.250816][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.257794][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.283795][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.410817][ T5763] hsr_slave_0: entered promiscuous mode [ 79.417227][ T5763] hsr_slave_1: entered promiscuous mode [ 79.423511][ T5763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.431180][ T5763] Cannot create hsr debugfs directory [ 79.732899][ T5762] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.749886][ T5762] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.761118][ T5762] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.773011][ T5762] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.840044][ T5765] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.853078][ T5765] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.870598][ T5765] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.880753][ T5765] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.978794][ T5772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.989221][ T5772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.022638][ T5772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.044838][ T5772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.083398][ T5763] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.109589][ T5763] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.123370][ T5763] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.134684][ T5763] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.216576][ T5762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.289877][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.303637][ T5762] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.317486][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.325111][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.355507][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.382733][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.389928][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.421737][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.446631][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.453796][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.463879][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.471094][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.492125][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.517705][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.524877][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.539651][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.546774][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.569742][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.635106][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.670631][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.677792][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.720374][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.727590][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.135725][ T5762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.168229][ T51] Bluetooth: hci0: command tx timeout [ 81.168650][ T5766] Bluetooth: hci1: command tx timeout [ 81.234702][ T5762] veth0_vlan: entered promiscuous mode [ 81.239097][ T5766] Bluetooth: hci3: command tx timeout [ 81.246071][ T5766] Bluetooth: hci2: command tx timeout [ 81.283638][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.299802][ T5762] veth1_vlan: entered promiscuous mode [ 81.321235][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.367487][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.405655][ T5762] veth0_macvtap: entered promiscuous mode [ 81.447480][ T5762] veth1_macvtap: entered promiscuous mode [ 81.476982][ T5772] veth0_vlan: entered promiscuous mode [ 81.496574][ T5772] veth1_vlan: entered promiscuous mode [ 81.525375][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.553539][ T5765] veth0_vlan: entered promiscuous mode [ 81.574833][ T5772] veth0_macvtap: entered promiscuous mode [ 81.586138][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.596412][ T5765] veth1_vlan: entered promiscuous mode [ 81.609591][ T5763] veth0_vlan: entered promiscuous mode [ 81.619685][ T5772] veth1_macvtap: entered promiscuous mode [ 81.637127][ T5762] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.650320][ T5762] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.661973][ T5762] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.671007][ T5762] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.706317][ T5763] veth1_vlan: entered promiscuous mode [ 81.773879][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.785096][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.797020][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.817793][ T5765] veth0_macvtap: entered promiscuous mode [ 81.832647][ T5765] veth1_macvtap: entered promiscuous mode [ 81.868430][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.884158][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.896782][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.909416][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.918279][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.927149][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.937068][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.993350][ T5763] veth0_macvtap: entered promiscuous mode [ 82.009983][ T2978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.020313][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.031461][ T2978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.040351][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.054406][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.064946][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.077709][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.131800][ T5763] veth1_macvtap: entered promiscuous mode [ 82.147393][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.158772][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.168677][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.182408][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.195013][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.217271][ T5765] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.227664][ T5765] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.241466][ T5765] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.250653][ T5765] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.332179][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.343528][ T2978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.357194][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.379195][ T2978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.445970][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.460658][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.472371][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.483201][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.493434][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.505536][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.518205][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.557727][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.598524][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.613335][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.624531][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.634713][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.645526][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.657749][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.672138][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.688865][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.704849][ T5763] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.725996][ T5763] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.735035][ T5763] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.747878][ T5763] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.928497][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.936375][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.047446][ T5854] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 83.090537][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.112623][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.227447][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.238213][ T5766] Bluetooth: hci0: command tx timeout [ 83.243675][ T5766] Bluetooth: hci1: command tx timeout [ 83.254469][ T5862] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 83.278699][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.288211][ T5862] veth3: entered promiscuous mode [ 83.293295][ T5862] veth3: entered allmulticast mode [ 83.324032][ T5766] Bluetooth: hci2: command tx timeout [ 83.329634][ T51] Bluetooth: hci3: command tx timeout [ 83.413548][ T5869] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 83.533868][ T5863] veth3: entered promiscuous mode [ 83.543459][ T5863] veth3: entered allmulticast mode [ 83.810932][ T5875] ubi31: attaching mtd0 [ 83.820507][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.829750][ T5863] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'. [ 83.847515][ T5875] ubi31: scanning is finished [ 83.865464][ T5875] ubi31: empty MTD device detected [ 83.892467][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.907489][ T5876] tipc: Failed to obtain node identity [ 83.919511][ T5876] tipc: Enabling of bearer rejected, failed to enable media [ 83.966711][ T5880] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 84.100332][ T5875] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 84.117700][ T5875] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 84.126226][ T5875] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 84.136840][ T5875] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 84.180805][ T5875] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 84.221294][ T5875] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 84.238518][ T5875] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4098330030 [ 84.255235][ T5875] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 84.281301][ T5881] ubi31: background thread "ubi_bgt31d" started, PID 5881 [ 84.603450][ T5886] syz.2.8[5886]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 84.675474][ T5886] loop2: detected capacity change from 0 to 256 [ 84.706298][ T5886] ======================================================= [ 84.706298][ T5886] WARNING: The mand mount option has been deprecated and [ 84.706298][ T5886] and is ignored by this kernel. Remove the mand [ 84.706298][ T5886] option from the mount to silence this warning. [ 84.706298][ T5886] ======================================================= [ 84.748639][ T5886] exfat: Unknown parameter 'syz(' [ 84.847373][ T5878] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 84.855753][ T5774] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 85.093377][ T5878] usb 4-1: Using ep0 maxpacket: 16 [ 85.148616][ T5878] usb 4-1: config 0 has no interfaces? [ 85.206770][ T5878] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 85.235534][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.278325][ T5878] usb 4-1: Product: syz [ 85.293072][ T5878] usb 4-1: Manufacturer: syz [ 85.297737][ T5878] usb 4-1: SerialNumber: syz [ 85.322550][ T5766] Bluetooth: hci1: command tx timeout [ 85.328231][ T5766] Bluetooth: hci0: command tx timeout [ 85.341395][ T5878] r8152-cfgselector 4-1: config 0 descriptor?? [ 85.409031][ T5766] Bluetooth: hci2: command tx timeout [ 85.414499][ T5766] Bluetooth: hci3: command tx timeout [ 85.509976][ T5896] loop2: detected capacity change from 0 to 64 [ 85.566484][ T5878] usbip-host 4-1: 4-1 is not in match_busid table... skip! [ 85.764896][ T5878] usb 4-1: USB disconnect, device number 2 [ 85.974210][ T5902] overlay: Unknown parameter './file0/file1' [ 86.032468][ T5893] loop1: detected capacity change from 0 to 32768 [ 86.063861][ T5893] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.9 (5893) [ 86.123060][ T5893] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 86.146927][ T5893] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 86.175736][ T5893] BTRFS info (device loop1): force clearing of disk cache [ 86.197146][ T5893] BTRFS info (device loop1): doing ref verification [ 86.227396][ T5893] BTRFS info (device loop1): metadata ratio 16 [ 86.247116][ T5893] BTRFS info (device loop1): enabling ssd optimizations [ 86.257488][ T5893] BTRFS info (device loop1): max_inline at 0 [ 86.277487][ T5893] BTRFS info (device loop1): enabling disk space caching [ 86.310262][ T5893] BTRFS info (device loop1): disk space caching is enabled [ 86.425018][ T5923] loop3: detected capacity change from 0 to 512 [ 86.452751][ T5907] loop0: detected capacity change from 0 to 8192 [ 86.500888][ T5907] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 86.508321][ T5923] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2249: inode #15: comm syz.3.14: corrupted in-inode xattr: invalid ea_ino [ 86.530057][ T5923] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.14: couldn't read orphan inode 15 (err -117) [ 86.542541][ T5907] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 86.552248][ T5907] REISERFS (device loop0): using ordered data mode [ 86.558898][ T5907] reiserfs: using flush barriers [ 86.565259][ T5923] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.586898][ T5907] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 86.587534][ T5893] BTRFS info (device loop1): auto enabling async discard [ 86.613731][ T5907] REISERFS (device loop0): checking transaction log (loop0) [ 86.654321][ T5893] BTRFS info (device loop1): rebuilding free space tree [ 86.708546][ T5907] REISERFS (device loop0): Using tea hash to sort names [ 86.717764][ T5907] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 86.761068][ T5900] loop2: detected capacity change from 0 to 32768 [ 86.784549][ T5893] BTRFS info (device loop1): disabling free space tree [ 86.808162][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.811482][ T5900] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.11 (5900) [ 86.829489][ T5893] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 86.849721][ T5893] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 86.933857][ T5900] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 87.009315][ T5900] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 87.049089][ T5900] BTRFS info (device loop2): using free space tree [ 87.133563][ T5944] loop3: detected capacity change from 0 to 512 [ 87.161034][ T5900] BTRFS info (device loop2): enabling ssd optimizations [ 87.202508][ T5944] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 87.224618][ T5900] BTRFS info (device loop2): auto enabling async discard [ 87.258158][ T5830] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 87.323951][ T5944] EXT4-fs error (device loop3): ext4_xattr_inode_iget:440: comm syz.3.15: Parent and EA inode have the same ino 15 [ 87.374621][ T5944] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 87.400344][ T5944] EXT4-fs error (device loop3): ext4_xattr_inode_iget:440: comm syz.3.15: Parent and EA inode have the same ino 15 [ 87.419740][ T5899] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 87.435578][ T5944] EXT4-fs (loop3): 1 orphan inode deleted [ 87.466184][ T5830] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 87.475376][ T5944] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.498040][ T5830] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 87.522308][ T5830] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.564427][ T5830] usb 2-1: config 0 descriptor?? [ 87.586613][ T5830] pwc: Askey VC010 type 2 USB webcam detected. [ 87.727953][ T28] audit: type=1326 audit(1768009344.402:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5956 comm="syz.0.16" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f186598f749 code=0x0 [ 87.751888][ T5772] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 87.869148][ T5944] input: syz1 as /devices/virtual/input/input5 [ 87.913586][ T23] IPVS: starting estimator thread 0... [ 87.989715][ T5830] pwc: recv_control_msg error -32 req 02 val 2b00 [ 88.001097][ T5830] pwc: recv_control_msg error -32 req 02 val 2700 [ 88.014209][ T5830] pwc: recv_control_msg error -32 req 02 val 2c00 [ 88.021119][ T5960] IPVS: using max 20 ests per chain, 48000 per kthread [ 88.040719][ T5830] pwc: recv_control_msg error -32 req 04 val 1000 [ 88.049827][ T5830] pwc: recv_control_msg error -32 req 04 val 1300 [ 88.068672][ T5830] pwc: recv_control_msg error -32 req 04 val 1400 [ 88.090532][ T5830] pwc: recv_control_msg error -32 req 02 val 2000 [ 88.108914][ T5830] pwc: recv_control_msg error -32 req 02 val 2100 [ 88.126984][ T5830] pwc: recv_control_msg error -32 req 04 val 1500 [ 88.138057][ T5830] pwc: recv_control_msg error -32 req 02 val 2500 [ 88.176213][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.353399][ T5830] pwc: recv_control_msg error -32 req 02 val 2600 [ 88.361881][ T5965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 88.390220][ T5965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.511437][ T5830] pwc: recv_control_msg error -71 req 02 val 2900 [ 88.518997][ T5830] pwc: recv_control_msg error -71 req 02 val 2800 [ 88.531773][ T5830] pwc: recv_control_msg error -71 req 04 val 1100 [ 88.539136][ T5762] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 88.549420][ T5830] pwc: recv_control_msg error -71 req 04 val 1200 [ 88.565678][ T5830] pwc: Registered as video103. [ 88.646537][ T5830] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input6 [ 88.731753][ T5830] usb 2-1: USB disconnect, device number 2 [ 88.748485][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 88.918319][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 88.957923][ T23] usb 4-1: Using ep0 maxpacket: 8 [ 89.403691][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 89.465516][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 89.474376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 89.483333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 89.548148][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.556868][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.565989][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 89.575788][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 89.688036][ T23] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 89.698901][ T23] usb 4-1: config 179 has no interface number 0 [ 89.705230][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 89.716534][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 89.734527][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 89.745898][ T23] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 89.758340][ T23] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 89.772656][ T23] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 89.781770][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.790973][ T5962] mmap: syz.2.17 (5962) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 89.823125][ T5969] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 90.418097][ T5980] ubi: mtd0 is already attached to ubi31 [ 90.424330][ T5830] usb 4-1: USB disconnect, device number 3 [ 90.424399][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 90.424512][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 90.598266][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 90.755000][ T5987] netlink: 220 bytes leftover after parsing attributes in process `syz.1.25'. [ 91.094904][ T5993] atomic_op ffff88802f79b198 conn xmit_atomic 0000000000000000 [ 91.547980][ T5852] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 91.641196][ T5997] ax25_connect(): syz.3.29 uses autobind, please contact jreuter@yaina.de [ 91.734303][ T5852] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 91.746466][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.759938][ T5852] usb 2-1: Product: syz [ 91.797226][ T5852] usb 2-1: Manufacturer: syz [ 91.805423][ T5852] usb 2-1: SerialNumber: syz [ 92.054878][ T1185] cfg80211: failed to load regulatory.db [ 92.249946][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 93.683635][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 93.737995][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -71 [ 93.768398][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -71 [ 93.807970][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -71 [ 93.869918][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -71 [ 93.905926][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -71 [ 93.968517][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -71 [ 94.008294][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -71 [ 94.048203][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001018. ret = -71 [ 94.080347][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 94.128960][ T5852] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 94.169331][ T5852] lan78xx: probe of 2-1:1.0 failed with error -71 [ 94.241735][ T5852] usb 2-1: USB disconnect, device number 3 [ 94.690591][ T6030] capability: warning: `syz.2.40' uses 32-bit capabilities (legacy support in use) [ 99.005914][ T6041] netlink: 8 bytes leftover after parsing attributes in process `syz.3.43'. [ 99.060232][ T6041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.43'. [ 99.098245][ T6041] Zero length message leads to an empty skb [ 107.204780][ T6086] capability: warning: `syz.1.59' uses deprecated v2 capabilities in a way that may be insecure [ 108.457496][ T787] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 108.703050][ T787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.907472][ T787] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 109.116536][ T787] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 109.162912][ T787] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 109.218003][ T787] usb 1-1: Manufacturer: syz [ 109.252520][ T787] usb 1-1: config 0 descriptor?? [ 109.301308][ T787] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 109.641904][ T1185] usb 1-1: USB disconnect, device number 2 [ 110.356153][ T6112] Driver unsupported XDP return value 0 on prog (id 6) dev N/A, expect packet loss! [ 111.563837][ T6152] process 'syz.2.78' launched '/dev/fd/3' with NULL argv: empty string added [ 111.708028][ T5754] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 113.411277][ T5754] usb 2-1: Using ep0 maxpacket: 32 [ 113.429215][ T5754] usb 2-1: config 0 has an invalid interface number: 136 but max is 0 [ 113.429347][ T5754] usb 2-1: config 0 has no interface number 0 [ 113.429983][ T5754] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32 [ 113.495745][ T5754] usb 2-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2 [ 113.505064][ T5754] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.516988][ T5754] usb 2-1: Product: syz [ 113.637986][ T5754] usb 2-1: Manufacturer: syz [ 113.642988][ T5754] usb 2-1: SerialNumber: syz [ 113.780425][ T5754] usb 2-1: config 0 descriptor?? [ 113.792991][ T6145] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 113.877581][ T5754] comedi comedi5: driver 'vmk80xx' has successfully auto-configured 'K8061 (VM140)'. [ 114.007976][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 114.257935][ T6145] syz_tun: entered allmulticast mode [ 114.273657][ T23] usb 3-1: config 0 has an invalid interface number: 69 but max is 0 [ 114.312738][ T23] usb 3-1: config 0 has no interface number 0 [ 114.337027][ T23] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 115.248818][ T23] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 115.397951][ T23] usb 3-1: string descriptor 0 read error: -71 [ 115.404314][ T23] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 115.414358][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.429040][ T23] usb 3-1: config 0 descriptor?? [ 115.453332][ T23] usb 3-1: can't set config #0, error -71 [ 115.468528][ T23] usb 3-1: USB disconnect, device number 2 [ 115.527598][ T5830] usb 2-1: USB disconnect, device number 4 [ 115.534257][ T6143] syz_tun: left allmulticast mode [ 116.188670][ T5830] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 116.448467][ T5830] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.577971][ T5830] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.587781][ T5830] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 116.646405][ T5830] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 116.657309][ T5830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.693831][ T5830] usb 4-1: config 0 descriptor?? [ 117.975260][ T5830] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 118.059290][ T5830] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 118.275408][ T6193] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 118.744742][ T6193] CIFS mount error: No usable UNC path provided in device string! [ 118.744742][ T6193] [ 118.756641][ T6193] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 119.921825][ C0] plantronics 0003:047F:FFFF.0001: usb_submit_urb(ctrl) failed: -1 [ 120.428528][ T6253] netlink: 12 bytes leftover after parsing attributes in process `syz.0.102'. [ 122.429184][ T5754] usb 4-1: USB disconnect, device number 4 [ 123.082786][ T6263] netlink: 4 bytes leftover after parsing attributes in process `syz.0.107'. [ 123.894838][ T6282] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.650175][ T6300] netlink: 60 bytes leftover after parsing attributes in process `syz.1.106'. [ 126.827734][ T6301] sched: RT throttling activated [ 127.298795][ T6308] netlink: 16 bytes leftover after parsing attributes in process `syz.3.119'. [ 132.918133][ T8] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 133.008110][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.016358][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.119801][ T8] usb 2-1: config 0 has no interfaces? [ 133.125456][ T8] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 133.182465][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.231667][ T8] usb 2-1: config 0 descriptor?? [ 133.481328][ T6361] Bluetooth: MGMT ver 1.22 [ 133.502734][ T5830] usb 2-1: USB disconnect, device number 5 [ 134.047976][ T5830] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 134.268786][ T5830] usb 3-1: Using ep0 maxpacket: 16 [ 134.293928][ T5830] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.374054][ T5830] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 134.402339][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.454672][ T5830] usb 3-1: config 0 descriptor?? [ 134.478085][ T8] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 134.699395][ T8] usb 2-1: New USB device found, idVendor=0565, idProduct=0003, bcdDevice=fb.88 [ 134.718284][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.727317][ T8] usb 2-1: Product: syz [ 134.747904][ T8] usb 2-1: Manufacturer: syz [ 134.759872][ T8] usb 2-1: SerialNumber: syz [ 134.777364][ T8] usb 2-1: config 0 descriptor?? [ 134.999730][ T5830] mcp2221 0003:04D8:00DD.0002: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 135.102487][ T8] kaweth 2-1:0.0: Firmware present in device. [ 135.226641][ T6385] netlink: 16410 bytes leftover after parsing attributes in process `syz.0.149'. [ 135.237173][ T8] kaweth 2-1:0.0: Statistics collection: 0 [ 135.254876][ T8] kaweth 2-1:0.0: Multicast filter limit: 0 [ 135.279829][ T8] kaweth 2-1:0.0: MTU: 0 [ 135.284154][ T8] kaweth 2-1:0.0: Read MAC address 00:00:00:00:00:00 [ 135.305640][ T787] usb 3-1: USB disconnect, device number 3 [ 135.997395][ T8] kaweth 2-1:0.0: Error setting receive filter [ 136.007962][ T8] kaweth: probe of 2-1:0.0 failed with error -5 [ 136.017791][ T8] usb 2-1: USB disconnect, device number 6 [ 136.165313][ T6396] netlink: 'syz.3.153': attribute type 2 has an invalid length. [ 136.174318][ T6396] netlink: 224 bytes leftover after parsing attributes in process `syz.3.153'. [ 138.057918][ T6408] syz.1.159 uses obsolete (PF_INET,SOCK_PACKET) [ 140.041611][ T23] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 140.051629][ T28] audit: type=1326 audit(1768009396.602:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f191138f749 code=0x7ffc0000 [ 140.303240][ T28] audit: type=1326 audit(1768009396.602:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f191138f749 code=0x7ffc0000 [ 140.368616][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.378298][ T28] audit: type=1326 audit(1768009396.712:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f191138f749 code=0x7ffc0000 [ 140.400548][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.401475][ C0] vkms_vblank_simulate: vblank timer overrun [ 140.427972][ T23] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 140.451304][ T23] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 140.452761][ T28] audit: type=1326 audit(1768009396.712:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f191138f749 code=0x7ffc0000 [ 140.484068][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.503074][ T23] usb 3-1: config 0 descriptor?? [ 140.527985][ T28] audit: type=1326 audit(1768009396.712:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f191138f749 code=0x7ffc0000 [ 140.891069][ T6430] ISOFS: Unable to identify CD-ROM format. [ 141.481613][ T23] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 141.499211][ T23] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 143.125668][ T6410] CIFS mount error: No usable UNC path provided in device string! [ 143.125668][ T6410] [ 143.166184][ T6410] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 143.280052][ T787] usb 3-1: reset high-speed USB device number 4 using dummy_hcd [ 144.559595][ T8] usb 3-1: USB disconnect, device number 4 [ 145.198412][ T6475] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 145.531755][ T6475] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.540044][ T6475] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.929560][ T787] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 146.028591][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 146.278795][ T787] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 146.288892][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 146.299532][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 146.310548][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.049540][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 147.083606][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.099147][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 147.130505][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.166700][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.185288][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 147.205718][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 147.239206][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 147.253018][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 147.267352][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.281825][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.299877][ T28] audit: type=1326 audit(1768009403.982:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6494 comm="syz.3.185" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc68a58f749 code=0x0 [ 147.327767][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 147.340355][ T9] usb 1-1: config 0 descriptor?? [ 147.354188][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 147.367327][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.394597][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 147.426458][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 147.439093][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.447673][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 147.464337][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 147.477773][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.486449][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 147.502834][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 147.515715][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.528751][ T787] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 147.538599][ T787] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 147.549987][ T787] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.559939][ T787] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 147.569352][ T787] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 147.578322][ T787] usb 2-1: Product: syz [ 147.582670][ T787] usb 2-1: Manufacturer: syz [ 147.587375][ T787] usb 2-1: SerialNumber: syz [ 147.602895][ T787] usb 2-1: config 0 descriptor?? [ 147.631538][ T787] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 147.806358][ T9] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 147.857431][ T9] plantronics 0003:047F:FFFF.0004: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 147.934039][ T787] usb 2-1: USB disconnect, device number 7 [ 147.957735][ T787] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 148.704225][ T6482] CIFS mount error: No usable UNC path provided in device string! [ 148.704225][ T6482] [ 148.724643][ T6482] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 149.505361][ T6515] ISOFS: Unable to identify CD-ROM format. [ 149.575897][ T8] usb 1-1: USB disconnect, device number 3 [ 149.644052][ T6517] ucma_write: process 127 (syz.1.191) changed security contexts after opening file descriptor, this is not allowed. [ 152.442889][ T6540] netlink: 'syz.0.200': attribute type 1 has an invalid length. [ 152.459344][ T6540] netlink: 'syz.0.200': attribute type 2 has an invalid length. [ 153.955027][ T6550] ISOFS: Unable to identify CD-ROM format. [ 154.542403][ T6556] netlink: 'syz.0.203': attribute type 4 has an invalid length. [ 155.371049][ T6564] netlink: 'syz.1.198': attribute type 1 has an invalid length. [ 155.378928][ T6564] netlink: 'syz.1.198': attribute type 4 has an invalid length. [ 155.386596][ T6564] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.198'. [ 156.924059][ T6578] gfs2: not a GFS2 filesystem [ 156.935702][ T6578] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 158.998560][ T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 159.290634][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 159.338487][ T23] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 159.371352][ T23] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 159.406327][ T23] usb 4-1: Product: syz [ 159.413204][ T23] usb 4-1: Manufacturer: syz [ 159.419610][ T23] usb 4-1: SerialNumber: syz [ 159.508213][ T23] usb 4-1: config 0 descriptor?? [ 159.854758][ T6588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.903730][ T6588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.003927][ T6607] syz.3.214 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 160.547663][ T23] usb 4-1: USB disconnect, device number 5 [ 167.581632][ T6646] netlink: 'syz.3.231': attribute type 2 has an invalid length. [ 167.602330][ T6646] netlink: 'syz.3.231': attribute type 1 has an invalid length. [ 170.684461][ T6676] syzkaller1: entered promiscuous mode [ 170.712619][ T6676] syzkaller1: entered allmulticast mode [ 171.169875][ T6681] netlink: 12 bytes leftover after parsing attributes in process `syz.0.243'. [ 171.608015][ T5766] Bluetooth: hci3: link tx timeout [ 171.616155][ T5766] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 172.050766][ T6703] netlink: 'syz.3.246': attribute type 4 has an invalid length. [ 174.128605][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 174.946063][ T6717] random: crng reseeded on system resumption [ 175.020282][ T6719] netlink: 20 bytes leftover after parsing attributes in process `syz.0.252'. [ 178.226424][ T6762] misc userio: The device must be registered before sending interrupts [ 178.687152][ T6768] netlink: 220 bytes leftover after parsing attributes in process `syz.2.266'. [ 178.868062][ T5754] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 179.328102][ T5754] usb 4-1: Using ep0 maxpacket: 8 [ 179.393166][ T5754] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 179.557939][ T5754] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.565980][ T5754] usb 4-1: Product: syz [ 179.621139][ T5754] usb 4-1: Manufacturer: syz [ 179.641925][ T6773] netlink: 12 bytes leftover after parsing attributes in process `syz.2.267'. [ 179.664171][ T5754] usb 4-1: SerialNumber: syz [ 179.855944][ T5754] usb 4-1: config 0 descriptor?? [ 180.377654][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 180.386078][ T5754] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 180.442770][ T5754] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71 [ 180.468039][ T5754] usb 4-1: USB disconnect, device number 6 [ 185.483522][ T6819] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 59110 - 0 [ 186.997969][ T6819] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 59110 - 0 [ 187.018710][ T6819] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 59110 - 0 [ 187.033576][ T6819] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 59110 - 0 [ 187.061736][ T6819] geneve2: entered promiscuous mode [ 187.437968][ T6831] netlink: 28 bytes leftover after parsing attributes in process `syz.2.281'. [ 193.100003][ T5770] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 193.110433][ T5770] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 193.119519][ T5770] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 193.129317][ T5770] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 193.137462][ T5770] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 193.145157][ T5770] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 193.469343][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.703061][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.991400][ T6879] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 194.454366][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.468441][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.558421][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.950764][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 195.043114][ T6865] chnl_net:caif_netlink_parms(): no params data found [ 195.517040][ T5770] Bluetooth: hci0: command tx timeout [ 196.295922][ T5852] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 196.756786][ T6865] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.772193][ T6865] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.781566][ T6865] bridge_slave_0: entered allmulticast mode [ 196.790620][ T6865] bridge_slave_0: entered promiscuous mode [ 196.819877][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 196.833708][ T5852] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 196.844888][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 196.889775][ T5852] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 196.982474][ T5852] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 197.012364][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.032516][ T5852] usb 1-1: config 0 descriptor?? [ 197.037639][ T6865] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.082951][ T6865] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.134185][ T6865] bridge_slave_1: entered allmulticast mode [ 197.143618][ T6865] bridge_slave_1: entered promiscuous mode [ 197.339664][ T6865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.343020][ T6915] input input8: cannot allocate more than FF_MAX_EFFECTS effects [ 197.387526][ T5852] hdpvr 1-1:0.0: unexpected answer of status request, len -71 [ 197.407557][ T5852] hdpvr 1-1:0.0: device init failed [ 197.423397][ T5852] hdpvr: probe of 1-1:0.0 failed with error -12 [ 197.460403][ T5852] usb 1-1: USB disconnect, device number 4 [ 197.611682][ T6865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.718169][ T5770] Bluetooth: hci0: command tx timeout [ 197.775447][ T6865] team0: Port device team_slave_0 added [ 197.816090][ T6865] team0: Port device team_slave_1 added [ 198.101215][ T6923] gretap1: entered allmulticast mode [ 198.494389][ T6865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.544148][ T6865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.616053][ T6865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.439417][ T5770] Bluetooth: hci0: command tx timeout [ 200.626173][ T6865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.638352][ T6865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.774108][ T6865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.289675][ T6865] hsr_slave_0: entered promiscuous mode [ 201.315152][ T6865] hsr_slave_1: entered promiscuous mode [ 201.347610][ T6865] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.377932][ T6865] Cannot create hsr debugfs directory [ 201.736810][ T49] hsr_slave_0: left promiscuous mode [ 201.753341][ T49] hsr_slave_1: left promiscuous mode [ 201.761793][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.770050][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.481795][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.494012][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.584069][ T5770] Bluetooth: hci0: command tx timeout [ 202.589628][ T5767] Bluetooth: hci1: command 0x0406 tx timeout [ 202.595935][ T5767] Bluetooth: hci2: command 0x0406 tx timeout [ 202.640820][ T6950] syz.0.310: attempt to access beyond end of device [ 202.640820][ T6950] nbd0: rw=0, sector=6, nr_sectors = 2 limit=0 [ 202.655920][ T6950] ADFS-fs (nbd0): error: unable to read block 3, try 0 [ 202.909943][ T49] bridge_slave_1: left allmulticast mode [ 202.957921][ T49] bridge_slave_1: left promiscuous mode [ 202.965105][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.046847][ T49] bridge_slave_0: left allmulticast mode [ 203.066153][ T49] bridge_slave_0: left promiscuous mode [ 203.086583][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.148075][ T49] veth1_macvtap: left promiscuous mode [ 203.154274][ T49] veth0_macvtap: left promiscuous mode [ 203.162027][ T49] veth1_vlan: left promiscuous mode [ 203.167730][ T49] veth0_vlan: left promiscuous mode [ 203.287997][ T5852] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 203.482683][ T5852] usb 4-1: New USB device found, idVendor=0565, idProduct=0003, bcdDevice=fb.88 [ 203.509505][ T5852] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.517698][ T5852] usb 4-1: Product: syz [ 203.522105][ T5852] usb 4-1: Manufacturer: syz [ 203.528067][ T5852] usb 4-1: SerialNumber: syz [ 203.565681][ T5852] usb 4-1: config 0 descriptor?? [ 203.816429][ T5852] kaweth 4-1:0.0: Firmware present in device. [ 204.013029][ T5852] kaweth 4-1:0.0: Statistics collection: 0 [ 204.029610][ T5852] kaweth 4-1:0.0: Multicast filter limit: 0 [ 204.060777][ T5852] kaweth 4-1:0.0: MTU: 0 [ 204.065113][ T5852] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 204.151996][ T49] team0 (unregistering): Port device team_slave_1 removed [ 204.212202][ T49] team0 (unregistering): Port device team_slave_0 removed [ 204.296066][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 204.388372][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 204.422410][ T5852] kaweth 4-1:0.0: Error setting SOFS wait [ 204.456001][ T5852] kaweth: probe of 4-1:0.0 failed with error -5 [ 204.479626][ T5852] usb 4-1: USB disconnect, device number 7 [ 204.885881][ T6965] Bluetooth: MGMT ver 1.22 [ 205.650280][ T6967] usb usb8: usbfs: process 6967 (syz.3.315) did not claim interface 0 before use [ 208.536846][ T49] bond0 (unregistering): Released all slaves [ 208.824375][ T6975] netlink: 'syz.3.317': attribute type 4 has an invalid length. [ 208.832203][ T6975] netlink: 152 bytes leftover after parsing attributes in process `syz.3.317'. [ 208.846995][ T6975] .`: renamed from bond0 (while UP) [ 210.076102][ T6865] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 210.194930][ T6865] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 210.273053][ T6865] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 210.328804][ T6865] netdevsim netdevsim4 netdevsim3: renamed from eth3 syzkaller syzkaller login: [ 212.104910][ T6865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.207983][ T5754] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 212.216388][ T6865] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.263710][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.270944][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.335394][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.342595][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.421498][ T5754] usb 3-1: Using ep0 maxpacket: 32 [ 212.463134][ T5754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.563849][ T5754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.605165][ T5754] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 212.649489][ T5754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.730889][ T5754] usb 3-1: config 0 descriptor?? [ 213.242997][ T5754] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 213.465046][ T5754] usb 3-1: USB disconnect, device number 5 [ 215.214404][ T7048] fido_id[7048]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 215.383433][ T6865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.944524][ T28] audit: type=1326 audit(1768009472.613:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 217.042732][ T28] audit: type=1326 audit(1768009472.613:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 217.220955][ T28] audit: type=1326 audit(1768009472.613:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 217.369584][ T28] audit: type=1326 audit(1768009472.613:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 217.661692][ T28] audit: type=1326 audit(1768009472.613:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 217.863971][ T28] audit: type=1326 audit(1768009472.623:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 217.960629][ T28] audit: type=1326 audit(1768009472.623:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 218.064851][ T28] audit: type=1326 audit(1768009472.623:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 218.191571][ T28] audit: type=1326 audit(1768009472.623:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f2eae38f749 code=0x7ffc0000 [ 218.284527][ T6865] veth0_vlan: entered promiscuous mode [ 218.331243][ T28] audit: type=1326 audit(1768009472.673:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7072 comm="syz.2.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2eae3865e7 code=0x7ffc0000 [ 218.419319][ T6865] veth1_vlan: entered promiscuous mode [ 218.618724][ T6865] veth0_macvtap: entered promiscuous mode [ 218.679101][ T7096] net_ratelimit: 1 callbacks suppressed [ 218.679117][ T7096] TCP: tcp_parse_options: Illegal window scaling value 94 > 14 received [ 218.699573][ T6865] veth1_macvtap: entered promiscuous mode [ 218.837052][ T6865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.899493][ T6865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 218.945074][ T6865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 218.973665][ T6865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.008147][ T6865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.040499][ T6865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.082414][ T6865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.690951][ T6865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.724165][ T6865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.782662][ T6865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.831623][ T6865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.863128][ T6865] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.901562][ T6865] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.921713][ T6865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.971900][ T6865] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.036558][ T6865] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.088025][ T6865] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.096783][ T6865] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.480746][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.347'. [ 221.422409][ T1294] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.448281][ T1294] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.590736][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.672160][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.014344][ T7122] Process accounting resumed [ 226.288036][ T1185] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 226.498005][ T1185] usb 3-1: Using ep0 maxpacket: 16 [ 226.538695][ T1185] usb 3-1: unable to get BOS descriptor or descriptor too short [ 226.594824][ T1185] usb 3-1: config 7 has an invalid interface number: 71 but max is 0 [ 226.622590][ T1185] usb 3-1: config 7 has an invalid interface association descriptor of length 2, skipping [ 226.667453][ T1185] usb 3-1: config 7 has no interface number 0 [ 226.741871][ T1185] usb 3-1: config 7 interface 71 altsetting 9 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 227.002732][ T1185] usb 3-1: config 7 interface 71 has no altsetting 0 [ 227.248100][ T1185] usb 3-1: New USB device found, idVendor=0681, idProduct=0010, bcdDevice=d1.f5 [ 227.296033][ T1185] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.347937][ T1185] usb 3-1: Product: syz [ 227.352149][ T1185] usb 3-1: Manufacturer: syz [ 227.418774][ T1185] usb 3-1: SerialNumber: syz [ 227.511531][ T1185] usb 3-1: can't set config #7, error -71 [ 227.539030][ T1185] usb 3-1: USB disconnect, device number 6 [ 228.553658][ T7203] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.840945][ T7207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 234.527158][ T7263] sctp: failed to load transform for md5: -2 [ 234.822869][ T7275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.384'. [ 234.871664][ T7278] netlink: 28 bytes leftover after parsing attributes in process `syz.4.383'. [ 234.901748][ T7279] netlink: 4 bytes leftover after parsing attributes in process `syz.3.384'. [ 235.217937][ T5754] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 235.413197][ T5754] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.437075][ T5754] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.558704][ T7296] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 236.261431][ T5754] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 236.270644][ T5754] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.282520][ T5754] usb 5-1: config 0 descriptor?? [ 236.562333][ T7307] netlink: 40 bytes leftover after parsing attributes in process `syz.0.389'. [ 236.888197][ T5754] usbhid 5-1:0.0: can't add hid device: -71 [ 236.894523][ T5754] usbhid: probe of 5-1:0.0 failed with error -71 [ 236.913207][ T5754] usb 5-1: USB disconnect, device number 2 [ 237.058239][ T7321] input: syz1 as /devices/virtual/input/input9 [ 241.081771][ T7360] netlink: 36 bytes leftover after parsing attributes in process `syz.2.402'. [ 241.399849][ T5878] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 241.597872][ T5878] usb 3-1: Using ep0 maxpacket: 8 [ 241.626835][ T5878] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 241.657493][ T5878] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 241.682220][ T5878] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 241.722245][ T5878] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 241.742109][ T5878] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 241.779331][ T5878] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 241.807968][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.059406][ T5878] usb 3-1: GET_CAPABILITIES returned 0 [ 242.077943][ T5878] usbtmc 3-1:16.0: can't read capabilities [ 242.332652][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 242.355851][ T5878] usb 3-1: USB disconnect, device number 7 [ 243.067594][ T7394] netlink: 84 bytes leftover after parsing attributes in process `syz.0.408'. [ 243.465118][ T7400] syz.3.407 (7400): /proc/7391/oom_adj is deprecated, please use /proc/7391/oom_score_adj instead. [ 244.780869][ T7413] netlink: 'syz.3.410': attribute type 1 has an invalid length. [ 245.982845][ T7434] usb usb9: usbfs: process 7434 (syz.2.417) did not claim interface 0 before use [ 250.438147][ T5754] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 250.668039][ T5754] usb 5-1: Using ep0 maxpacket: 16 [ 250.867008][ T5754] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 250.899338][ T5754] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 251.219327][ T5754] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.227388][ T5754] usb 5-1: Product: syz [ 251.238197][ T5754] usb 5-1: Manufacturer: syz [ 251.243154][ T5754] usb 5-1: SerialNumber: syz [ 251.254330][ T5754] usb 5-1: config 0 descriptor?? [ 251.331692][ T5754] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 251.355436][ T5754] usb 5-1: Detected FT232R [ 251.405938][ T7496] tipc: Trying to set illegal importance in message [ 251.545093][ T5754] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 251.776604][ T5754] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 252.909680][ T7507] sctp: failed to load transform for md5: -2 [ 253.436785][ T5754] usb 5-1: USB disconnect, device number 3 [ 253.581159][ T5754] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 253.797892][ T5754] ftdi_sio 5-1:0.0: device disconnected [ 254.853331][ T7529] netlink: 76 bytes leftover after parsing attributes in process `syz.2.436'. [ 254.980500][ T5754] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 255.688153][ T7529] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 255.882432][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.891702][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.104355][ T5754] usb 5-1: Using ep0 maxpacket: 8 [ 256.195688][ T5754] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.233031][ T5754] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 256.243672][ T5754] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.269233][ T5754] usb 5-1: config 0 descriptor?? [ 256.289376][ T5754] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 256.577890][ T787] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 256.779628][ T787] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 256.810606][ T787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.831597][ T787] usb 1-1: config 0 has no interface number 0 [ 256.842307][ T787] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 256.857613][ T787] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 256.870844][ T787] usb 1-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 257.466881][ T5754] gspca_vc032x: reg_r err -110 [ 257.485479][ T787] usb 1-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c [ 257.485933][ T5754] vc032x: probe of 5-1:0.0 failed with error -110 [ 257.518060][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.526105][ T787] usb 1-1: Product: syz [ 257.530354][ T787] usb 1-1: Manufacturer: syz [ 257.534983][ T787] usb 1-1: SerialNumber: syz [ 257.543006][ T787] usb 1-1: config 0 descriptor?? [ 257.552687][ T787] cypress_m8 1-1:0.35: Nokia CA-42 V2 Adapter converter detected [ 257.562728][ T787] nokiaca42v2 ttyUSB0: required endpoint is missing [ 258.476158][ T787] usb 5-1: USB disconnect, device number 4 [ 258.652295][ T5878] usb 1-1: USB disconnect, device number 5 [ 258.709725][ T5878] cypress_m8 1-1:0.35: device disconnected [ 258.917940][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 258.924159][ T5766] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 261.852085][ T7596] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 262.150257][ T5754] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 263.495893][ T7597] ALSA: mixer_oss: invalid OSS volume '' [ 265.906427][ T7627] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 265.915796][ T7627] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 265.925416][ T7627] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 266.009505][ T7627] syz.0.455 (7627) used greatest stack depth: 19976 bytes left [ 266.038377][ T28] kauditd_printk_skb: 59 callbacks suppressed [ 266.038393][ T28] audit: type=1800 audit(1768009521.583:78): pid=7627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.455" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 266.648087][ T5830] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 266.988168][ T5830] usb 3-1: Using ep0 maxpacket: 16 [ 267.026906][ T5830] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 267.055893][ T5830] usb 3-1: config 0 has no interface number 0 [ 268.667880][ T5830] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 268.714780][ T5830] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 268.735735][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.767863][ T5830] usb 3-1: Product: syz [ 268.772219][ T5830] usb 3-1: Manufacturer: syz [ 268.784117][ T5830] usb 3-1: SerialNumber: syz [ 268.931226][ T5830] usb 3-1: config 0 descriptor?? [ 269.437946][ T5830] usbtouchscreen 3-1:0.214: Failed to read FW rev: -71 [ 269.445138][ T5830] usbtouchscreen: probe of 3-1:0.214 failed with error -71 [ 269.519596][ T5830] usb 3-1: USB disconnect, device number 8 [ 270.167897][ T5830] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 270.378024][ T5830] usb 3-1: Using ep0 maxpacket: 16 [ 270.392404][ T5830] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 270.411846][ T5830] usb 3-1: config 0 has no interfaces? [ 270.425818][ T5830] usb 3-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98 [ 270.437291][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=24 [ 270.452894][ T5830] usb 3-1: Product: syz [ 270.457246][ T5830] usb 3-1: Manufacturer: syz [ 270.465209][ T5830] usb 3-1: SerialNumber: syz [ 270.524963][ T5830] usb 3-1: config 0 descriptor?? [ 273.407831][ T787] usb 3-1: USB disconnect, device number 9 [ 273.673673][ T7704] netlink: 20 bytes leftover after parsing attributes in process `syz.2.472'. [ 276.530102][ T7736] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3740986393 (478846258304 ns) > initial count (214039728640 ns). Using initial count to start timer. [ 277.664250][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.711076][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 59110 - 0 [ 277.768833][ T7758] netlink: 'syz.4.485': attribute type 10 has an invalid length. [ 277.855264][ T7758] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 277.963922][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.017849][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 59110 - 0 [ 278.156889][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.198995][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 59110 - 0 [ 278.521838][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.547838][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 59110 - 0 [ 279.335921][ T5830] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 279.444969][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 279.455446][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 279.463598][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 279.473538][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 279.491986][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 279.500066][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 279.638073][ T5830] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 279.685315][ T5830] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 279.730957][ T5830] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.776816][ T5830] usb 5-1: config 0 descriptor?? [ 279.815933][ T5830] pwc: Askey VC010 type 2 USB webcam detected. [ 280.229830][ T5830] pwc: recv_control_msg error -32 req 02 val 2b00 [ 280.243387][ T5830] pwc: recv_control_msg error -32 req 02 val 2700 [ 280.258975][ T5830] pwc: recv_control_msg error -32 req 02 val 2c00 [ 280.270031][ T5830] pwc: recv_control_msg error -32 req 04 val 1000 [ 280.283733][ T5830] pwc: recv_control_msg error -32 req 04 val 1300 [ 280.301595][ T5830] pwc: recv_control_msg error -32 req 04 val 1400 [ 280.315449][ T5830] pwc: recv_control_msg error -32 req 02 val 2000 [ 280.328702][ T5830] pwc: recv_control_msg error -32 req 02 val 2100 [ 280.340126][ T5830] pwc: recv_control_msg error -32 req 04 val 1500 [ 280.556697][ T5830] pwc: recv_control_msg error -71 req 02 val 2400 [ 280.573965][ T5830] pwc: recv_control_msg error -71 req 02 val 2600 [ 280.588324][ T5830] pwc: recv_control_msg error -71 req 02 val 2900 [ 280.605054][ T5830] pwc: recv_control_msg error -71 req 02 val 2800 [ 280.618706][ T5830] pwc: recv_control_msg error -71 req 04 val 1100 [ 280.648404][ T5830] pwc: recv_control_msg error -71 req 04 val 1200 [ 280.686889][ T5830] pwc: Registered as video103. [ 280.717288][ T5830] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input12 [ 280.778795][ T5830] usb 5-1: USB disconnect, device number 5 [ 282.417903][ T5766] Bluetooth: hci3: command tx timeout [ 282.692611][ T7785] chnl_net:caif_netlink_parms(): no params data found [ 283.491822][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 283.750274][ T9] usb 5-1: config 0 has no interfaces? [ 283.785915][ T9] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80 [ 283.825585][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.862511][ T7785] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.887044][ T7785] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.894725][ T9] usb 5-1: config 0 descriptor?? [ 283.928257][ T7785] bridge_slave_0: entered allmulticast mode [ 283.935645][ T7785] bridge_slave_0: entered promiscuous mode [ 284.094172][ T7785] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.101693][ T7785] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.109618][ T7785] bridge_slave_1: entered allmulticast mode [ 284.129016][ T7785] bridge_slave_1: entered promiscuous mode [ 284.508182][ T5766] Bluetooth: hci3: command tx timeout [ 284.959529][ T9] usb 5-1: USB disconnect, device number 6 [ 285.184739][ T7785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.231799][ T7785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.221668][ T7785] team0: Port device team_slave_0 added [ 286.292861][ T7785] team0: Port device team_slave_1 added [ 286.443687][ T11] hsr_slave_0: left promiscuous mode [ 286.463074][ T11] hsr_slave_1: left promiscuous mode [ 286.509573][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.531104][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.549364][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.569183][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.590171][ T11] bridge_slave_1: left allmulticast mode [ 286.595963][ T11] bridge_slave_1: left promiscuous mode [ 286.600105][ T5766] Bluetooth: hci3: command tx timeout [ 286.651083][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.739060][ T11] bridge_slave_0: left allmulticast mode [ 286.744954][ T11] bridge_slave_0: left promiscuous mode [ 286.767789][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.792761][ T7882] netlink: 72 bytes leftover after parsing attributes in process `syz.3.509'. [ 287.370950][ T11] veth1_macvtap: left promiscuous mode [ 287.541325][ T11] veth0_macvtap: left promiscuous mode [ 287.678186][ T11] veth1_vlan: left promiscuous mode [ 287.688070][ T11] veth0_vlan: left promiscuous mode [ 288.688404][ T5766] Bluetooth: hci3: command tx timeout [ 289.274405][ T11] team0 (unregistering): Port device team_slave_1 removed [ 289.419878][ T11] team0 (unregistering): Port device team_slave_0 removed [ 289.546055][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.683096][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.553829][ T11] bond0 (unregistering): Released all slaves [ 290.694291][ T7785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 290.706631][ T7785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 290.732759][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.746496][ T7785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 290.764829][ T7785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 290.772004][ T7785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 290.806871][ T7785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 290.846625][ T7912] netlink: 332 bytes leftover after parsing attributes in process `syz.0.517'. [ 290.855910][ T7912] netlink: 160 bytes leftover after parsing attributes in process `syz.0.517'. [ 290.868816][ T7897] netlink: 'syz.3.513': attribute type 6 has an invalid length. [ 291.457541][ T7785] hsr_slave_0: entered promiscuous mode [ 291.716986][ T7785] hsr_slave_1: entered promiscuous mode [ 294.742848][ T7785] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 294.995419][ T7785] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 295.288078][ T7785] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 295.367178][ T7785] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 295.561982][ T7981] syzkaller0: entered promiscuous mode [ 295.567550][ T7981] syzkaller0: entered allmulticast mode [ 295.859252][ T7785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 295.879852][ T7785] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.274521][ T1294] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.281872][ T1294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.515290][ T1294] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.522523][ T1294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 296.990655][ T5830] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 297.878474][ T5830] usb 4-1: Using ep0 maxpacket: 16 [ 297.899571][ T5830] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 297.996080][ T5830] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 298.084889][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.265955][ T5830] usb 4-1: Product: syz [ 298.345167][ T5830] usb 4-1: Manufacturer: syz [ 298.445617][ T5830] usb 4-1: SerialNumber: syz [ 298.527175][ T5830] usb 4-1: config 0 descriptor?? [ 298.762908][ T7785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 298.782131][ T5830] usb 4-1: USB disconnect, device number 9 [ 299.014181][ T8035] dummy0: entered promiscuous mode [ 299.023119][ T8035] macsec2: entered promiscuous mode [ 299.030929][ T8035] macsec2: entered allmulticast mode [ 299.036277][ T8035] dummy0: entered allmulticast mode [ 301.025376][ T7785] veth0_vlan: entered promiscuous mode [ 301.097227][ T7785] veth1_vlan: entered promiscuous mode [ 301.355025][ T7785] veth0_macvtap: entered promiscuous mode [ 301.394284][ T7785] veth1_macvtap: entered promiscuous mode [ 301.538511][ T7785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.699936][ T7785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.712006][ T7785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.945479][ T7785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 301.973992][ T7785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 301.999906][ T7785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.033542][ T7785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 302.381081][ T7785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.416405][ T7785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.453895][ T7785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.480826][ T7785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.507001][ T7785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 302.533088][ T7785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 302.579902][ T7785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 302.655478][ T7785] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.671631][ T7785] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.684088][ T7785] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.693425][ T7785] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.747349][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.795299][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.930182][ T2978] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.943244][ T2978] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.078432][ T8146] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 310.662691][ T8157] team_slave_1: entered allmulticast mode [ 311.203303][ T8160] input: syz1 as /devices/virtual/input/input13 [ 311.319508][ T8157] team_slave_1: left allmulticast mode [ 311.801554][ T8182] netlink: 8 bytes leftover after parsing attributes in process `syz.5.572'. [ 312.268200][ T5830] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 312.666337][ T5830] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 312.848888][ T5830] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 313.025072][ T5830] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 313.058078][ T5830] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.096497][ T5830] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.613946][ T5830] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 314.625309][ T8204] syz.0.577 (8204) used greatest stack depth: 17576 bytes left [ 314.938106][ T5830] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 314.946957][ T5830] usb 4-1: Product: syz [ 314.952076][ T5830] usb 4-1: Manufacturer: syz [ 314.994436][ T5830] usb 4-1: can't set config #1, error -71 [ 315.006126][ T5830] usb 4-1: USB disconnect, device number 10 [ 317.328380][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.334740][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.377884][ T5754] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 317.602692][ T5754] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 317.642266][ T5754] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping [ 317.684746][ T5754] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 317.724890][ T5754] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.765294][ T5754] usb 4-1: Product: syz [ 317.795775][ T5754] usb 4-1: Manufacturer: syz [ 317.819946][ T5754] usb 4-1: SerialNumber: syz [ 317.845252][ T5754] usb 4-1: config 0 descriptor?? [ 317.873458][ T8261] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 317.896016][ T8261] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 317.925803][ T5754] usb 4-1: ucan: probing device on interface #0 [ 317.978916][ T5754] usb 4-1: ucan: invalid EP count (1) [ 317.987955][ T5754] usb 4-1: ucan: probe failed; try to update the device firmware [ 319.255407][ T8311] xt_hashlimit: size too large, truncated to 1048576 [ 319.375599][ T8312] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 319.465371][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 320.623765][ T5830] usb 4-1: USB disconnect, device number 11 [ 321.896299][ T8342] PID 8342 killed due to inadequate hugepage pool [ 321.973727][ T787] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 322.015716][ T8345] netlink: 8 bytes leftover after parsing attributes in process `syz.4.610'. [ 323.249941][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 323.293656][ T787] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 323.387793][ T787] usb 4-1: config 0 has no interface number 0 [ 323.434864][ T787] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 323.455170][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.473580][ T787] usb 4-1: Product: syz [ 323.483755][ T787] usb 4-1: Manufacturer: syz [ 323.493879][ T787] usb 4-1: SerialNumber: syz [ 323.517090][ T787] usb 4-1: config 0 descriptor?? [ 323.546464][ T787] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 323.790458][ T787] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 323.869212][ T787] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 324.177273][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 324.187860][ T787] usb 4-1: USB disconnect, device number 12 [ 325.838471][ T787] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 325.879590][ T787] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 325.984916][ T787] quatech2 4-1:0.51: device disconnected [ 327.177888][ T787] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 327.398147][ T787] usb 4-1: Using ep0 maxpacket: 16 [ 327.462325][ T787] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 327.483744][ T787] usb 4-1: config 0 interface 0 has no altsetting 0 [ 327.503558][ T787] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 327.526337][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.548544][ T787] usb 4-1: config 0 descriptor?? [ 327.790934][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 328.138333][ T787] nzxt-smart2 0003:1E71:2009.0006: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0 [ 328.937790][ T787] usb 4-1: USB disconnect, device number 13 [ 328.951620][ T8408] fido_id[8408]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 328.966484][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 328.981873][ T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 328.999706][ T9] usb 5-1: config 0 has no interface number 0 [ 329.014557][ T9] usb 5-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d [ 329.047310][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.076323][ T9] usb 5-1: Product: syz [ 329.092524][ T9] usb 5-1: Manufacturer: syz [ 329.106157][ T9] usb 5-1: SerialNumber: syz [ 329.121403][ T9] usb 5-1: config 0 descriptor?? [ 329.136295][ T9] usb 5-1: Quirk or no altest; falling back to MIDI 1.0 [ 329.164856][ T8417] netlink: 16 bytes leftover after parsing attributes in process `syz.0.627'. [ 329.588156][ T5754] usb 5-1: USB disconnect, device number 7 [ 329.599628][ T8400] ceph: No mds server is up or the cluster is laggy [ 329.610024][ T5830] libceph: connect (1)[c::]:6789 error -101 [ 329.616856][ T5830] libceph: mon0 (1)[c::]:6789 connect error [ 330.638772][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 330.840370][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 331.577809][ T8442] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 331.579775][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.618848][ T9] usb 1-1: config 0 descriptor?? [ 332.035065][ T8427] (null): rxe_set_mtu: Set mtu to 256 [ 332.044400][ T8427] vxcan1 speed is unknown, defaulting to 1000 [ 332.054982][ T8427] vxcan1 speed is unknown, defaulting to 1000 [ 332.064182][ T8427] vxcan1 speed is unknown, defaulting to 1000 [ 332.225475][ T8427] infiniband syz2: set active [ 332.231189][ T8427] infiniband syz2: added vxcan1 [ 332.254148][ T5754] vxcan1 speed is unknown, defaulting to 1000 [ 332.329556][ T8427] RDS/IB: syz2: added [ 332.335147][ T8427] smc: adding ib device syz2 with port count 1 [ 332.341604][ T8427] smc: ib device syz2 port 1 has pnetid [ 332.353383][ T8427] vxcan1 speed is unknown, defaulting to 1000 [ 332.537137][ T8427] vxcan1 speed is unknown, defaulting to 1000 [ 332.705981][ T8427] vxcan1 speed is unknown, defaulting to 1000 [ 332.873157][ T8427] vxcan1 speed is unknown, defaulting to 1000 [ 333.026881][ T5754] vxcan1 speed is unknown, defaulting to 1000 [ 333.289822][ T9] ath6kl: Failed to read usb control message: -71 [ 333.296393][ T9] ath6kl: Unable to read the bmi data from the device: -71 [ 333.305381][ T9] ath6kl: Unable to recv target info: -71 [ 333.350530][ T9] ath6kl: Failed to init ath6kl core: -71 [ 334.058045][ T9] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 334.069081][ T9] usb 1-1: USB disconnect, device number 6 [ 334.341542][ T8473] fuse: Invalid rootmode [ 336.338108][ T28] audit: type=1326 audit(1768009592.013:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc68a58f749 code=0x7ffc0000 [ 338.398372][ T28] audit: type=1326 audit(1768009592.013:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fc68a546c47 code=0x7ffc0000 [ 338.422689][ T28] audit: type=1326 audit(1768009592.013:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc68a58f749 code=0x7ffc0000 [ 338.542933][ T28] audit: type=1326 audit(1768009592.013:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fc68a546357 code=0x7ffc0000 [ 338.697903][ T28] audit: type=1326 audit(1768009592.013:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fc68a5463b6 code=0x7ffc0000 [ 338.805326][ T28] audit: type=1326 audit(1768009592.013:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc68a58f34b code=0x7ffc0000 [ 338.930630][ T28] audit: type=1326 audit(1768009592.013:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7fc68a58f749 code=0x7ffc0000 [ 339.016858][ T28] audit: type=1326 audit(1768009592.013:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc68a58f749 code=0x7ffc0000 [ 339.131960][ T28] audit: type=1326 audit(1768009592.013:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc68a58f749 code=0x7ffc0000 [ 339.155010][ T28] audit: type=1326 audit(1768009592.013:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8496 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc68a58f749 code=0x7ffc0000 [ 339.258047][ T5754] usb 5-1: new low-speed USB device number 8 using dummy_hcd [ 340.280084][ T5754] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 341.030341][ T5754] usb 5-1: config 0 has no interface number 0 [ 341.036943][ T5754] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 341.048688][ T5754] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 341.068541][ T5754] usb 5-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 341.135588][ T5754] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 341.262164][ T5754] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 341.272260][ T5754] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.290240][ T5754] usb 5-1: config 0 descriptor?? [ 341.302137][ T8506] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 341.313778][ T8506] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 341.374696][ T5754] ldusb 5-1:0.55: Interrupt in endpoint not found [ 341.604414][ T5754] usb 5-1: USB disconnect, device number 8 [ 345.308217][ C0] vxcan1: j1939_xtp_rx_dat: no tx connection found [ 346.065274][ C0] vxcan1: j1939_tp_rxtimer: 0xffff88805dc04000: rx timeout, send abort [ 346.575346][ C0] vxcan1: j1939_tp_rxtimer: 0xffff88805dc04000: abort rx timeout. Force session deactivation [ 351.793620][ T8630] netlink: 36 bytes leftover after parsing attributes in process `syz.0.682'. [ 353.022073][ T8633] netlink: 'syz.3.683': attribute type 2 has an invalid length. [ 353.617431][ T5878] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 354.057891][ T5878] usb 4-1: Using ep0 maxpacket: 32 [ 354.156530][ T5878] usb 4-1: config 0 has an invalid interface number: 69 but max is 0 [ 354.208707][ T5878] usb 4-1: config 0 has an invalid interface descriptor of length 5, skipping [ 354.217639][ T5878] usb 4-1: config 0 has no interface number 0 [ 356.067818][ T5878] usb 4-1: New USB device found, idVendor=0421, idProduct=010e, bcdDevice=56.54 [ 356.076919][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.199654][ T5878] usb 4-1: config 0 descriptor?? [ 357.756624][ T5878] usb 4-1: can't set config #0, error -71 [ 357.807849][ T5878] usb 4-1: USB disconnect, device number 14 [ 358.771912][ T8674] netlink: 56 bytes leftover after parsing attributes in process `syz.4.693'. [ 360.074337][ T8682] 9pnet: Could not find request transport: fdlrfdno=0x0000000000000007 [ 360.225360][ T8682] netlink: 36 bytes leftover after parsing attributes in process `syz.0.685'. [ 360.424120][ T6164] ------------[ cut here ]------------ [ 360.424333][ T6940] ------------[ cut here ]------------ [ 360.430453][ T6164] WARNING: CPU: 1 PID: 6164 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.430542][ T6164] Modules linked in: [ 360.430575][ T6164] CPU: 1 PID: 6164 Comm: kworker/u4:10 Not tainted syzkaller #0 [ 360.436786][ T6940] WARNING: CPU: 0 PID: 6940 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.447358][ T6164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 360.451194][ T6940] Modules linked in: [ 360.451212][ T6940] CPU: 0 PID: 6940 Comm: kworker/u4:11 Not tainted syzkaller #0 [ 360.458884][ T6164] Workqueue: phy7 ieee80211_csa_finalize_work [ 360.469869][ T6940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 360.469884][ T6940] Workqueue: phy8 ieee80211_csa_finalize_work [ 360.479993][ T6164] [ 360.480010][ T6164] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.480037][ T6164] Code: 48 89 df e8 0a bf f0 f7 e9 dc fc ff ff e8 30 51 99 f7 eb 24 e8 29 51 99 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 18 51 99 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 0a 51 99 f7 48 8b 7c 24 08 4c 8b 7c [ 360.480053][ T6164] RSP: 0018:ffffc900035179c0 EFLAGS: 00010293 [ 360.480072][ T6164] RAX: ffffffff89ec3bae RBX: 0000000000000001 RCX: ffff888024863c00 [ 360.480085][ T6164] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 360.480096][ T6164] RBP: dffffc0000000000 R08: ffff88805d43d5af R09: 1ffff1100ba87ab5 [ 360.480111][ T6164] R10: dffffc0000000000 R11: ffffed100ba87ab6 R12: 0000000000000001 [ 360.480124][ T6164] R13: ffff88805d43e5d9 R14: ffff88807b65ac70 R15: ffff88807b65ace8 [ 360.480139][ T6164] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 360.484027][ T6940] [ 360.484035][ T6940] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.492243][ T6164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 360.498130][ T6940] Code: 48 89 df e8 0a bf f0 f7 e9 dc fc ff ff e8 30 51 99 f7 eb 24 e8 29 51 99 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 18 51 99 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 0a 51 99 f7 48 8b 7c 24 08 4c 8b 7c [ 360.508253][ T6164] CR2: 0000200000056030 CR3: 0000000064fa9000 CR4: 00000000003506e0 [ 360.514274][ T6940] RSP: 0018:ffffc90003a479c0 EFLAGS: 00010293 [ 360.516600][ T6164] Call Trace: [ 360.524705][ C0] ------------[ cut here ]------------ [ 360.524731][ C0] WARNING: CPU: 0 PID: 6940 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600 [ 360.524768][ C0] Modules linked in: [ 360.524782][ C0] CPU: 0 PID: 6940 Comm: kworker/u4:11 Not tainted syzkaller #0 [ 360.524801][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 360.524814][ C0] Workqueue: phy8 ieee80211_csa_finalize_work [ 360.524841][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 360.524867][ C0] Code: 24 4c 89 e7 e8 0e 25 db f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 59 f6 9d f7 0f 0b e9 f6 f7 ff ff e8 4d f6 9d f7 <0f> 0b e9 48 fb ff ff e8 41 f6 9d f7 48 c7 c7 e0 96 23 8e 4c 89 e6 [ 360.524883][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 360.524902][ C0] RAX: ffffffff89e79a73 RBX: ffffffff89e78876 RCX: ffff8880277b1e00 [ 360.524917][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 360.524930][ C0] RBP: 0000000000000000 R08: ffff8880277b1e00 R09: 0000000000000003 [ 360.524943][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805d43e3c0 [ 360.524956][ C0] R13: dffffc0000000000 R14: ffff88805d43e8b0 R15: ffff88805e11a824 [ 360.524971][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 360.524988][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 360.525002][ C0] CR2: 00007f101fe15a90 CR3: 000000007f680000 CR4: 00000000003506f0 [ 360.525019][ C0] Call Trace: [ 360.525027][ C0] [ 360.525047][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 360.525081][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 360.525110][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 360.525146][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 360.525179][ C0] __iterate_interfaces+0x243/0x500 [ 360.545222][ T6164] [ 360.550938][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 360.559182][ T6164] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 360.566937][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 360.574955][ T6164] ieee80211_csa_finalize+0x59a/0xf00 [ 360.582943][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 360.582972][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 360.591023][ T6164] ? mutex_lock_nested+0x20/0x20 [ 360.599973][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 360.600003][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 360.600030][ C0] ? hw_scan_work+0xf40/0xf40 [ 360.600062][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 360.600082][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 360.600115][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 360.600140][ C0] handle_softirqs+0x280/0x820 [ 360.600164][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 360.600190][ C0] ? do_softirq+0x180/0x180 [ 360.600213][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 360.600243][ C0] __irq_exit_rcu+0xc7/0x190 [ 360.600262][ C0] ? irq_exit_rcu+0x20/0x20 [ 360.600290][ C0] irq_exit_rcu+0x9/0x20 [ 360.600308][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 360.600333][ C0] [ 360.600342][ C0] [ 360.600351][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 360.602700][ T6164] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 360.610000][ C0] RIP: 0010:console_flush_all+0x889/0xd00 [ 360.610028][ C0] Code: ed 01 00 00 e8 a8 32 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 99 32 1b 00 eb 06 e8 92 32 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 50 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f [ 360.610043][ C0] RSP: 0018:ffffc90003a47340 EFLAGS: 00000293 [ 360.610063][ C0] RAX: ffffffff816a5e2e RBX: ffffc90003a474df RCX: ffff8880277b1e00 [ 360.616647][ T6164] ? ieee80211_csa_finalize_work+0x140/0x140 [ 360.636276][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 360.636291][ C0] RBP: ffffc90003a474b0 R08: ffffffff90d945c7 R09: 1ffffffff21b28b8 [ 360.636306][ C0] R10: dffffc0000000000 R11: fffffbfff21b28b9 R12: ffffffff8d4b52e0 [ 360.636321][ C0] R13: 1ffffffff19792f8 R14: ffffffff8d4b5338 R15: dffffc0000000000 [ 360.636343][ C0] ? console_flush_all+0x87e/0xd00 [ 360.636385][ C0] ? __rwlock_init+0x150/0x150 [ 360.636409][ C0] ? console_flush_all+0x10f/0xd00 [ 360.636444][ C0] ? is_console_locked+0x20/0x20 [ 360.636478][ C0] console_unlock+0xae/0x340 [ 360.636509][ C0] ? other_cpu_in_panic+0xf0/0xf0 [ 360.636531][ C0] ? lock_chain_count+0x20/0x20 [ 360.636574][ C0] ? vprintk_emit+0x3f8/0x600 [ 360.636595][ C0] ? vprintk_emit+0x301/0x600 [ 360.636617][ C0] ? vprintk_emit+0x301/0x600 [ 360.636642][ C0] vprintk_emit+0x477/0x600 [ 360.636665][ C0] ? vprintk_emit+0x301/0x600 [ 360.636689][ C0] ? printk_sprint+0x460/0x460 [ 360.636714][ C0] ? _printk+0xd0/0x110 [ 360.644951][ T6164] ? read_lock_is_recursive+0x20/0x20 [ 360.650853][ C0] ? copy_from_kernel_nofault+0x1d2/0x320 [ 360.650944][ C0] _printk+0xd0/0x110 [ 360.654244][ T6164] ieee80211_csa_finalize_work+0xf6/0x140 [ 360.659724][ C0] ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0 [ 360.669856][ T6164] ? process_scheduled_works+0x957/0x15b0 [ 360.673631][ C0] ? load_image+0x3b0/0x3b0 [ 360.681285][ T6164] process_scheduled_works+0xa45/0x15b0 [ 360.691375][ C0] __show_regs+0x34/0x610 [ 360.698357][ T6164] ? assign_work+0x400/0x400 [ 360.703850][ C0] ? dump_stack_print_info+0xf5/0x150 [ 360.724616][ T6164] ? assign_work+0x39e/0x400 [ 360.729510][ C0] show_regs+0x44/0x90 [ 360.729541][ C0] __warn+0x160/0x470 [ 360.737537][ T6164] worker_thread+0xa55/0xfc0 [ 360.745527][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.745556][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.753590][ T6164] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 360.761527][ C0] report_bug+0x2be/0x4f0 [ 360.761552][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.769563][ T6164] ? _raw_spin_unlock+0x40/0x40 [ 360.778504][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.778531][ C0] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 360.785121][ T6164] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 360.793148][ C0] handle_bug+0xcf/0x120 [ 360.793180][ C0] exc_invalid_op+0x1a/0x50 [ 360.793203][ C0] asm_exc_invalid_op+0x1a/0x20 [ 360.796579][ T6164] kthread+0x2fa/0x390 [ 360.799421][ C0] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.799452][ C0] Code: 48 89 df e8 0a bf f0 f7 e9 dc fc ff ff e8 30 51 99 f7 eb 24 e8 29 51 99 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 18 51 99 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 0a 51 99 f7 48 8b 7c 24 08 4c 8b 7c [ 360.799476][ C0] RSP: 0018:ffffc90003a479c0 EFLAGS: 00010293 [ 360.799498][ C0] RAX: ffffffff89ec3bae RBX: 0000000000000001 RCX: ffff8880277b1e00 [ 360.799514][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 360.799527][ C0] RBP: dffffc0000000000 R08: ffff88805d6dd5af R09: 1ffff1100badbab5 [ 360.799542][ C0] R10: dffffc0000000000 R11: ffffed100badbab6 R12: 0000000000000001 [ 360.799558][ C0] R13: ffff88805d6de5d9 R14: ffff888030fbac70 R15: ffff888030fbace8 [ 360.799583][ C0] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 360.799632][ C0] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 360.799666][ C0] ieee80211_csa_finalize+0x59a/0xf00 [ 360.799696][ C0] ? mutex_lock_nested+0x20/0x20 [ 360.799718][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 360.799745][ C0] ? ieee80211_csa_finalize_work+0x140/0x140 [ 360.799775][ C0] ? read_lock_is_recursive+0x20/0x20 [ 360.805334][ T6164] ? pr_cont_work+0x560/0x560 [ 360.810853][ C0] ieee80211_csa_finalize_work+0xf6/0x140 [ 360.810887][ C0] ? process_scheduled_works+0x957/0x15b0 [ 360.810913][ C0] process_scheduled_works+0xa45/0x15b0 [ 360.810992][ C0] ? assign_work+0x400/0x400 [ 360.817792][ T6164] ? kthread_blkcg+0xd0/0xd0 [ 360.823310][ C0] ? assign_work+0x39e/0x400 [ 360.829546][ T6164] ret_from_fork+0x48/0x80 [ 360.831482][ C0] worker_thread+0xa55/0xfc0 [ 360.838683][ T6164] ? kthread_blkcg+0xd0/0xd0 [ 360.844246][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 360.851479][ T6164] ret_from_fork_asm+0x11/0x20 [ 360.856858][ C0] ? _raw_spin_unlock+0x40/0x40 [ 360.863252][ T6164] [ 360.870255][ C0] kthread+0x2fa/0x390 [ 360.875201][ T6164] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 360.875213][ T6164] CPU: 1 PID: 6164 Comm: kworker/u4:10 Not tainted syzkaller #0 [ 360.875281][ T6164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 360.875324][ T6164] Workqueue: phy7 ieee80211_csa_finalize_work [ 360.875426][ T6164] Call Trace: [ 360.875458][ T6164] [ 360.875479][ T6164] dump_stack_lvl+0x16c/0x230 [ 360.875576][ T6164] ? show_regs_print_info+0x20/0x20 [ 360.875672][ T6164] ? load_image+0x3b0/0x3b0 [ 360.875779][ T6164] panic+0x2c0/0x710 [ 360.875851][ T6164] ? bpf_jit_dump+0xd0/0xd0 [ 360.875932][ T6164] ? ret_from_fork_asm+0x11/0x20 [ 360.876012][ T6164] __warn+0x2e0/0x470 [ 360.876059][ T6164] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.876120][ T6164] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.876176][ T6164] report_bug+0x2be/0x4f0 [ 360.876221][ T6164] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.876278][ T6164] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.876341][ T6164] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 360.876416][ T6164] handle_bug+0xcf/0x120 [ 360.876498][ T6164] exc_invalid_op+0x1a/0x50 [ 360.876558][ T6164] asm_exc_invalid_op+0x1a/0x20 [ 360.876600][ T6164] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 360.876666][ T6164] Code: 48 89 df e8 0a bf f0 f7 e9 dc fc ff ff e8 30 51 99 f7 eb 24 e8 29 51 99 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 18 51 99 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 0a 51 99 f7 48 8b 7c 24 08 4c 8b 7c [ 360.876736][ T6164] RSP: 0018:ffffc900035179c0 EFLAGS: 00010293 [ 360.876769][ T6164] RAX: ffffffff89ec3bae RBX: 0000000000000001 RCX: ffff888024863c00 [ 360.876811][ T6164] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 360.876853][ T6164] RBP: dffffc0000000000 R08: ffff88805d43d5af R09: 1ffff1100ba87ab5 [ 360.876882][ T6164] R10: dffffc0000000000 R11: ffffed100ba87ab6 R12: 0000000000000001 [ 360.876929][ T6164] R13: ffff88805d43e5d9 R14: ffff88807b65ac70 R15: ffff88807b65ace8 [ 360.877003][ T6164] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 360.877099][ T6164] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 360.877177][ T6164] ieee80211_csa_finalize+0x59a/0xf00 [ 360.877246][ T6164] ? mutex_lock_nested+0x20/0x20 [ 360.877290][ T6164] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 360.877347][ T6164] ? ieee80211_csa_finalize_work+0x140/0x140 [ 360.877412][ T6164] ? read_lock_is_recursive+0x20/0x20 [ 360.877477][ T6164] ieee80211_csa_finalize_work+0xf6/0x140 [ 360.877544][ T6164] ? process_scheduled_works+0x957/0x15b0 [ 360.877602][ T6164] process_scheduled_works+0xa45/0x15b0 [ 360.877756][ T6164] ? assign_work+0x400/0x400 [ 360.877843][ T6164] ? assign_work+0x39e/0x400 [ 360.877909][ T6164] worker_thread+0xa55/0xfc0 [ 360.877972][ T6164] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 360.878034][ T6164] ? _raw_spin_unlock+0x40/0x40 [ 360.878119][ T6164] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 360.878266][ T6164] kthread+0x2fa/0x390 [ 360.878308][ T6164] ? pr_cont_work+0x560/0x560 [ 360.878369][ T6164] ? kthread_blkcg+0xd0/0xd0 [ 360.878421][ T6164] ret_from_fork+0x48/0x80 [ 360.878461][ T6164] ? kthread_blkcg+0xd0/0xd0 [ 360.878512][ T6164] ret_from_fork_asm+0x11/0x20 [ 360.878615][ T6164] [ 360.880941][ T6164] Kernel Offset: disabled