last executing test programs: 17.939400284s ago: executing program 0 (id=626): ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x72, 0x0, 0xf}]}) unshare(0x5c000000) close_range(r1, 0xffffffffffffffff, 0x0) 17.645774301s ago: executing program 1 (id=627): bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r0 = getpid() fsopen(0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setgroups(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x800448d7, &(0x7f0000000080)='{') ioctl$sock_bt_hci(r3, 0x800448f0, &(0x7f0000000100)) 16.713356451s ago: executing program 0 (id=629): io_setup(0x9, &(0x7f0000000000)) syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x103000) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000005c0)=0xd) ioctl$sock_SIOCADDDLCI(r1, 0x5452, &(0x7f0000000100)={'veth1\x00'}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x7) 16.581161125s ago: executing program 1 (id=631): openat$ptp0(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x3501) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0xa1, &(0x7f00000004c0)={0x40, 0x18, 0x5, 0x1}, 0x8, 0x0, 0x20008, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, &(0x7f0000000000)) r3 = socket$can_bcm(0x1d, 0x2, 0x2) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x4011, 0x4) connect$can_bcm(r3, &(0x7f00000005c0), 0x10) setsockopt$sock_int(r3, 0x1, 0x29, &(0x7f00000001c0)=0x7f, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.swap.events\x00', 0x275a, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x2a, &(0x7f0000000100)=r6, 0x4) recvmsg(r4, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) sendmsg$unix(r5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c0000"], 0x20}, 0x40004) recvmmsg(r3, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}], 0x1, 0x10002, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x2710], 0x48}}, 0x0) ioctl$KVM_GET_DIRTY_LOG(r6, 0x4010ae42, &(0x7f00000000c0)={0x3, 0x0, &(0x7f00002d0000/0x3000)=nil}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000280)=[@in6={0xa, 0x4e24, 0xdcdf, @loopback, 0xffff}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000180)={r7, @in={{0x2, 0x4e23, @empty}}, 0x9, 0x3}, &(0x7f0000000080)=0x90) r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r8, 0x10c, 0x3, &(0x7f0000002940), &(0x7f0000000140)=0x4) 14.616149072s ago: executing program 0 (id=638): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) syz_open_dev$ndb(0x0, 0x0, 0xc0000) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) r5 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) ftruncate(r5, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r5, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x22bc2fc78e92c4cb) modify_ldt$write(0x1, &(0x7f0000000000)={0xfff, 0x100000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10) ioctl$sock_ifreq(0xffffffffffffffff, 0x8931, &(0x7f0000000300)={'macvtap0\x00', @ifru_ivalue=0x1}) modify_ldt$write2(0x11, &(0x7f0000000080)={0xd7, 0x1000, 0x2000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x401, 0x0, 0x1}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x0, {0x0, 0x0, 0x6}}}}]}, 0x78}}, 0x0) sendto$inet(r0, &(0x7f0000000080)="98473a6265fe8dc600115a10f5387f5f87775db5230fee64b2929758c0f6067ab093218b41ed7e89211e33c088ca71ccc025c884c1d3e19b284dcf14d838f5d81ac9", 0x42, 0x20048001, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00'}) 13.976760149s ago: executing program 1 (id=640): sendmsg$rds(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20) 10.346582344s ago: executing program 2 (id=645): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000540)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000040), 0x2, r2, 0xcccccccc}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000004c0)={0x0, 0x1, &(0x7f0000000440)=[r2], &(0x7f0000000200), &(0x7f0000000580)=[r3], &(0x7f0000000040), 0x0, 0x300}) 10.25866332s ago: executing program 3 (id=646): sendmsg$rds(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20) 10.076941549s ago: executing program 2 (id=647): r0 = socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) rt_tgsigqueueinfo(r1, r1, 0x2a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pipe2$9p(&(0x7f0000002740), 0x80080) r4 = fsopen(&(0x7f0000000040)='ceph\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000100)='test_dummy_encryption', 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v1\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) mount(0x0, 0x0, 0x0, 0x2204c96, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f00000001c0)='\x00', 0x0, r5) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r6, 0xfffd, 0x0) socket$inet6(0xa, 0x2, 0x0) r7 = socket(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000022c0)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000000000000000000300000000020000000200000003000000000000000000000105000000080000000000000001000005000000000000000001000000000000000000a122d481344281c0bb15a77142f5c1de50b2f0400350b2d8548651b10d6af451b983e9cc134849cab4c6f15d498ee0804617d6d5975d6e49fedca8af49f989048cfc5304b1bba50752a9811f359c8e9e101de17491f5ceea003b0373"], 0x0, 0x5a}, 0x20) write(r7, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000000)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00ff0300"]}, 0x108) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x89ff, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xd1, 0x0, 0x0, @loopback, @multicast1}}}}) 8.770183432s ago: executing program 1 (id=648): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x2c, r0, 0x1, 0xfffffffd, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x2c}}, 0x402) 8.71258835s ago: executing program 2 (id=649): io_setup(0x9, &(0x7f0000000000)) syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x103000) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000480), &(0x7f00000004c0)=0x4) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000005c0)=0xd) ioctl$sock_SIOCADDDLCI(r1, 0x5452, &(0x7f0000000100)={'veth1\x00'}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x7) 8.607189704s ago: executing program 1 (id=650): r0 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4) r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, r2, 0xcc6d000) fsmount(r2, 0x0, 0xc) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet(r1, 0x0, 0x0, 0x2400c042) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={0x0, 0x4, 0x1, 0xfffff240}, &(0x7f0000000040)=0x10) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r6, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="300003eeb1dd000022bd7000fbdbdf2508003d0006000000080003000200000008000100"], 0x30}, 0x1, 0x0, 0x0, 0x8812}, 0x4000) r7 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000640), 0x80, 0x0) r8 = openat$rtc(0xffffff9c, &(0x7f0000000f00), 0x0, 0x0) dup2(r7, r8) readv(r8, &(0x7f0000001800)=[{&(0x7f0000001640)=""/87, 0x57}], 0x1) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r4, 0x84, 0x79, &(0x7f0000000080)={r5, 0x4, 0xfd3}, 0x8) r9 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_N2(r9, 0x103, 0x3, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x8, 0x7ffffe39}]}) syz_usb_disconnect(r0) close_range(r3, r3, 0x0) 8.303041518s ago: executing program 4 (id=652): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39000, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r3, 0x0, 0x0) listen(r3, 0x80000003) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x54, r4, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x6}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15b8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x36}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x1}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xe23}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x97b}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x1}]}, 0x54}}, 0x4000) r5 = socket(0x15, 0x5, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r6, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) io_uring_setup(0x291d, 0x0) io_uring_setup(0x4fee, 0x0) ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net\x00') exit(0x100000000000035) getdents(r7, 0x0, 0x0) sendmsg$xdp(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getsockopt(r5, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x1}}}}}}}, 0x0) r8 = memfd_create(&(0x7f0000000840)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n{\xb2\x99tNcp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9769\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-\x94\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\x82\xb8wN\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcat\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xba\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dOU6\xdcXF~(\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17\x93L\xd0\xb3\x99\x9f<\xee\xd6o\xa1\xf8\xd4D\xf1f7\x03_\xf7\x10\x9e]\'\xf2\xa5\xd3\x8e\xb3N`\'2\xa8\x90&\x84\v', 0x0) dup(r8) splice(r8, 0x0, r2, 0x0, 0x5, 0xe) write$binfmt_elf64(r1, &(0x7f0000001b40)=ANY=[], 0xfffffe3e) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_RW(r9, 0x118, 0x0, 0x0, 0x1d) 8.298622308s ago: executing program 0 (id=653): bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r0 = getpid() fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setgroups(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x800448d7, &(0x7f0000000080)='{') ioctl$sock_bt_hci(r3, 0x800448f0, &(0x7f0000000100)) 8.213412951s ago: executing program 2 (id=654): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) socket$igmp(0x2, 0x3, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000740)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000000c0)={r4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r5, 0x3, r2, 0x5}) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0) read$char_usb(r6, &(0x7f0000000280)=""/107, 0x6b) bind$tipc(r0, 0x0, 0x0) 7.144078329s ago: executing program 0 (id=655): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x770d3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000080)={0x48}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f00000007c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0xb, 0x9, 0x0, 0x1, 0x20000000}, {0x66, 0x0, 0x0, 0x256c6c64}}, [@printk={@i, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x5, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x15}}], {{0x7, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 6.956631994s ago: executing program 4 (id=656): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', 0x0, 0x8c, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0) r4 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0x25dfdbfd, {0x2}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x4}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP_DST={0x8, 0x2, @local}}, @NHA_OIF={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4402}, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000080)=0x40000) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r5 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r5, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0x20, @empty=0x1000000}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000100)}], 0x1, &(0x7f0000000300)=[@ip_retopts={{0x24, 0x0, 0x7, {[@lsrr={0x83, 0x13, 0x4, [@private=0xa010102, @loopback, @loopback, @empty]}]}}}], 0x28}, 0x800) 5.278266656s ago: executing program 3 (id=657): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000540)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000040), 0x2, r2, 0xcccccccc}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000004c0)={0x0, 0x1, &(0x7f0000000440)=[r2], &(0x7f0000000200), &(0x7f0000000580)=[r3], &(0x7f0000000040), 0x0, 0x300}) 4.785429378s ago: executing program 2 (id=658): socket$inet6_udp(0xa, 0x2, 0x0) r0 = fsopen(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) munmap(&(0x7f0000006000/0x4000)=nil, 0x4000) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) r4 = syz_create_resource$binfmt(&(0x7f0000000100)='./file1\x00') openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff) execveat$binfmt(0xffffffffffffff9c, r4, 0x0, &(0x7f0000004780)={[], 0xf000}, 0x1000) 3.560731449s ago: executing program 2 (id=659): sendmsg$rds(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20) 3.534266168s ago: executing program 4 (id=660): syz_socket_connect_nvme_tcp() symlinkat(0x0, 0xffffffffffffff9c, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1e0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x68}}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) sendmsg$rds(r3, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@mask_fadd={0x58, 0x118, 0x8, {{0x0, 0x3}, 0x0, 0x0, 0x5c, 0x8}}], 0x58}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_STATUS(r5, 0x84, 0xe, 0x0, &(0x7f0000000180)) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, 0x0, 0x0) 3.396618773s ago: executing program 3 (id=661): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x2c, r0, 0x1, 0xfffffffd, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x2c}}, 0x402) 2.581405865s ago: executing program 3 (id=662): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r0, &(0x7f0000000240)={0x23, 0x0, 0x0, 0xf4}, 0x10) 2.3093907s ago: executing program 4 (id=663): socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000700)=@filter={'filter\x00', 0x42, 0x4, 0x3c8, 0xffffffff, 0x330, 0x0, 0xc8, 0xffffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0x0, 'wg1\x00', 'nr0\x00', {}, {}, 0x0, 0x3}, 0x74000002, 0xa0, 0xc8, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@cluster={{0x30}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x287, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@connlabel={{0x28}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x168, 0x1a8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0xde, 0x0, 'syz1\x00'}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$vcs(0xffffffffffffff9c, 0x0, 0x101402, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, 0x0, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) dup(0xffffffffffffffff) r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) 2.308398358s ago: executing program 3 (id=664): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d0020070000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 1.506738759s ago: executing program 4 (id=665): bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r0 = getpid() fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setgroups(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) shmctl$IPC_RMID(0x0, 0x0) shmctl$SHM_INFO(0x0, 0xe, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r3, 0x800448d7, &(0x7f0000000080)='{') ioctl$sock_bt_hci(r3, 0x800448f0, &(0x7f0000000100)) 1.473429032s ago: executing program 1 (id=666): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39000, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r3, 0x0, 0x0) listen(r3, 0x80000003) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x54, r4, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x6}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x15b8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x36}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x1}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xe23}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x97b}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x1}]}, 0x54}}, 0x4000) r5 = socket(0x15, 0x5, 0x0) r6 = socket(0x40000000015, 0x5, 0x0) connect$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r6, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) io_uring_setup(0x291d, 0x0) io_uring_setup(0x4fee, 0x0) ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, 0x0) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net\x00') exit(0x100000000000035) getdents(r7, 0x0, 0x0) sendmsg$xdp(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getsockopt(r5, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x40}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x1}}}}}}}, 0x0) r8 = memfd_create(&(0x7f0000000840)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n{\xb2\x99tNcp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9769\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-\x94\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\x82\xb8wN\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcat\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xba\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dOU6\xdcXF~(\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17\x93L\xd0\xb3\x99\x9f<\xee\xd6o\xa1\xf8\xd4D\xf1f7\x03_\xf7\x10\x9e]\'\xf2\xa5\xd3\x8e\xb3N`\'2\xa8\x90&\x84\v', 0x0) dup(r8) splice(r8, 0x0, r2, 0x0, 0x5, 0xe) write$binfmt_elf64(r1, &(0x7f0000001b40)=ANY=[], 0xfffffe3e) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$nfc_llcp_NFC_LLCP_RW(r9, 0x118, 0x0, 0x0, 0x1d) 1.437985135s ago: executing program 3 (id=667): sendmsg$rds(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20) 466.571µs ago: executing program 0 (id=668): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000180)='proc\x00', 0x1) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) pread64(0xffffffffffffffff, &(0x7f0000000780)=""/4096, 0x1000, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000240)={'wlan1\x00', &(0x7f00000002c0)=@ethtool_stats}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0x8044) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000000)=0x9) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0xffffffff, @host}, 0x10) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f0000000100)={0x0, 0xea60}, 0x10) connect$vsock_stream(r0, &(0x7f0000000300)={0x28, 0x0, 0xffffffff}, 0x10) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x2711, @my=0x1}, 0x10) 0s ago: executing program 4 (id=669): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ff199610b90661408801010203010902120001000000000904"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_clone3(&(0x7f00000026c0)={0x20000000, &(0x7f0000000400), 0x0, &(0x7f0000000480), {0x11}, 0x0, 0x0, 0x0, &(0x7f0000002680)}, 0x58) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') lseek(r2, 0x2000, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="090b29bd7000fddbdf2505000000", @ANYRES32=0x0, @ANYBLOB="ae8c8af7a58fa1fe1997db4421f3e1d4c97e5131972cb54c00392a8b1f4849d5342aa88480e49c919b1a117b266761cda8a7d97bc6ddd62817fa6fa29f899529392bf095563b42c00ab4d0976f1b45ca5578b8e85183bba0ab57e04dcdb8b97986a68db2a80149495fb1551c4886af6be0b6894a"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x80) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2e, 0x401, 0xf0bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @uid}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. [ 77.822953][ T5805] cgroup: Unknown subsys name 'net' [ 78.063088][ T5805] cgroup: Unknown subsys name 'cpuset' [ 78.118535][ T5805] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.741211][ T5805] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.580341][ T2094] cfg80211: failed to load regulatory.db [ 82.187553][ T5135] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.196954][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.221456][ T5135] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.238053][ T5135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.239987][ T5135] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.241372][ T5135] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.243203][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.244858][ T5825] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.245072][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.251812][ T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.336474][ T5825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.361665][ T5825] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.367740][ T5825] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.368794][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.369594][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.375441][ T5825] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.376468][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.377691][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.380479][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.381576][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 82.461783][ T5823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 82.482587][ T5823] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 82.496011][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 82.502488][ T5823] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 82.514895][ T5823] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 83.506021][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 83.584088][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 83.590913][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 83.632964][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 83.637820][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 83.851210][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.851877][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.852177][ T5827] bridge_slave_0: entered allmulticast mode [ 83.853931][ T5827] bridge_slave_0: entered promiscuous mode [ 83.914679][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.914745][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.914839][ T5827] bridge_slave_1: entered allmulticast mode [ 83.916233][ T5827] bridge_slave_1: entered promiscuous mode [ 83.986930][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.986996][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.987126][ T5833] bridge_slave_0: entered allmulticast mode [ 83.989670][ T5833] bridge_slave_0: entered promiscuous mode [ 83.994703][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.994844][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.994985][ T5822] bridge_slave_0: entered allmulticast mode [ 83.997318][ T5822] bridge_slave_0: entered promiscuous mode [ 84.060208][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.060293][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.060398][ T5833] bridge_slave_1: entered allmulticast mode [ 84.061752][ T5833] bridge_slave_1: entered promiscuous mode [ 84.066443][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.066525][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.066619][ T5822] bridge_slave_1: entered allmulticast mode [ 84.068787][ T5822] bridge_slave_1: entered promiscuous mode [ 84.070782][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.070887][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.071019][ T5831] bridge_slave_0: entered allmulticast mode [ 84.073527][ T5831] bridge_slave_0: entered promiscuous mode [ 84.076054][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.076158][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.076295][ T5821] bridge_slave_0: entered allmulticast mode [ 84.082251][ T5821] bridge_slave_0: entered promiscuous mode [ 84.091645][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.129553][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.129683][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.129835][ T5831] bridge_slave_1: entered allmulticast mode [ 84.133660][ T5831] bridge_slave_1: entered promiscuous mode [ 84.136560][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.136690][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.136834][ T5821] bridge_slave_1: entered allmulticast mode [ 84.139816][ T5821] bridge_slave_1: entered promiscuous mode [ 84.147391][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.249196][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.251902][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.295408][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.297310][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.301919][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.306382][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.313683][ T5827] team0: Port device team_slave_0 added [ 84.330318][ T5829] Bluetooth: hci1: command tx timeout [ 84.357363][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.360497][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.363313][ T5827] team0: Port device team_slave_1 added [ 84.418187][ T5829] Bluetooth: hci0: command tx timeout [ 84.488209][ T5823] Bluetooth: hci3: command tx timeout [ 84.488477][ T5829] Bluetooth: hci2: command tx timeout [ 84.568236][ T5829] Bluetooth: hci4: command tx timeout [ 84.662171][ T5833] team0: Port device team_slave_0 added [ 84.664356][ T5822] team0: Port device team_slave_0 added [ 84.704037][ T5833] team0: Port device team_slave_1 added [ 84.705751][ T5822] team0: Port device team_slave_1 added [ 84.707420][ T5831] team0: Port device team_slave_0 added [ 84.714809][ T5821] team0: Port device team_slave_0 added [ 84.716880][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.716893][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.716915][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.779519][ T5831] team0: Port device team_slave_1 added [ 84.782069][ T5821] team0: Port device team_slave_1 added [ 84.783140][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.783152][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.783176][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.870927][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.870943][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.870964][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.872932][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.872945][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.872963][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.918613][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.918628][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.918651][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.012699][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.012714][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.012737][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.014035][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.014046][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.014068][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.021191][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.021204][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.021226][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.047315][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.047331][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.047354][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.050669][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.050682][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.050705][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.189841][ T5827] hsr_slave_0: entered promiscuous mode [ 85.191408][ T5827] hsr_slave_1: entered promiscuous mode [ 85.269310][ T5833] hsr_slave_0: entered promiscuous mode [ 85.270068][ T5833] hsr_slave_1: entered promiscuous mode [ 85.270636][ T5833] debugfs: 'hsr0' already exists in 'hsr' [ 85.270699][ T5833] Cannot create hsr debugfs directory [ 85.275842][ T5822] hsr_slave_0: entered promiscuous mode [ 85.276589][ T5822] hsr_slave_1: entered promiscuous mode [ 85.277066][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 85.277082][ T5822] Cannot create hsr debugfs directory [ 85.345144][ T5831] hsr_slave_0: entered promiscuous mode [ 85.345859][ T5831] hsr_slave_1: entered promiscuous mode [ 85.346416][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 85.346432][ T5831] Cannot create hsr debugfs directory [ 85.355099][ T5821] hsr_slave_0: entered promiscuous mode [ 85.356315][ T5821] hsr_slave_1: entered promiscuous mode [ 85.357122][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 85.357143][ T5821] Cannot create hsr debugfs directory [ 86.324320][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.375508][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 86.379671][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.402461][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 86.404051][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.408162][ T5829] Bluetooth: hci1: command tx timeout [ 86.443427][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 86.464750][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.488079][ T5829] Bluetooth: hci0: command tx timeout [ 86.505671][ T5827] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 86.568901][ T5823] Bluetooth: hci3: command tx timeout [ 86.569155][ T5829] Bluetooth: hci2: command tx timeout [ 86.616606][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.643672][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 86.648678][ T5829] Bluetooth: hci4: command tx timeout [ 86.653478][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.692956][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 86.694380][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.735922][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 86.761382][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.792578][ T5821] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 86.907602][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.933575][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 86.946462][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.983211][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 86.986324][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.021037][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 87.046403][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.083888][ T5822] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 87.189576][ T5831] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.226042][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 87.245940][ T5831] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.271959][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 87.285818][ T5831] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.311890][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 87.333420][ T5831] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.373540][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 87.446014][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.506796][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 87.540588][ T5833] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 87.547642][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 87.572800][ T5833] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 87.577597][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 87.621931][ T5833] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 87.629451][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 87.670372][ T5833] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 87.708888][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.760705][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.776951][ T1305] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.777837][ T1305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.823966][ T1305] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.824159][ T1305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.907848][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.944853][ T3559] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.944996][ T3559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.954499][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.986530][ T3569] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.986664][ T3569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.064319][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.085134][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.104499][ T1305] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.104616][ T1305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.153045][ T1305] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.153172][ T1305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.260548][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.315224][ T3569] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.315352][ T3569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.338963][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.377653][ T3569] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.377853][ T3569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.483237][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.489675][ T5829] Bluetooth: hci1: command tx timeout [ 88.552363][ T1305] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.552563][ T1305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.568053][ T5829] Bluetooth: hci0: command tx timeout [ 88.614006][ T3569] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.620327][ T3569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.648222][ T5823] Bluetooth: hci3: command tx timeout [ 88.648306][ T5829] Bluetooth: hci2: command tx timeout [ 88.671666][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.729896][ T5829] Bluetooth: hci4: command tx timeout [ 88.865851][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.034336][ T5827] veth0_vlan: entered promiscuous mode [ 89.051223][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.120502][ T5827] veth1_vlan: entered promiscuous mode [ 89.165242][ T5821] veth0_vlan: entered promiscuous mode [ 89.237211][ T5821] veth1_vlan: entered promiscuous mode [ 89.290824][ T5827] veth0_macvtap: entered promiscuous mode [ 89.313592][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.327012][ T5822] veth0_vlan: entered promiscuous mode [ 89.332855][ T5827] veth1_macvtap: entered promiscuous mode [ 89.367869][ T5822] veth1_vlan: entered promiscuous mode [ 89.397237][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.410352][ T5821] veth0_macvtap: entered promiscuous mode [ 89.439295][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.465763][ T5821] veth1_macvtap: entered promiscuous mode [ 89.483595][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.542359][ T3569] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.561095][ T3569] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.575922][ T3569] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.593766][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.596688][ T3569] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.674075][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.705491][ T5822] veth0_macvtap: entered promiscuous mode [ 89.716163][ T5831] veth0_vlan: entered promiscuous mode [ 89.831555][ T5822] veth1_macvtap: entered promiscuous mode [ 89.840555][ T3559] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.845666][ T3559] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.851598][ T3559] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.912166][ T3559] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.969873][ T5831] veth1_vlan: entered promiscuous mode [ 90.169220][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.236945][ T3559] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.236970][ T3559] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.363800][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.436828][ T1305] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.462953][ T1305] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.480914][ T1305] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.485991][ T5833] veth0_vlan: entered promiscuous mode [ 90.491356][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.491372][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.514555][ T1305] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.534291][ T5831] veth0_macvtap: entered promiscuous mode [ 90.579788][ T5829] Bluetooth: hci1: command tx timeout [ 90.645456][ T5831] veth1_macvtap: entered promiscuous mode [ 90.648624][ T5829] Bluetooth: hci0: command tx timeout [ 90.659158][ T5833] veth1_vlan: entered promiscuous mode [ 90.661064][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.661081][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.728533][ T5823] Bluetooth: hci3: command tx timeout [ 90.728576][ T5829] Bluetooth: hci2: command tx timeout [ 90.820140][ T5829] Bluetooth: hci4: command tx timeout [ 91.025446][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.052432][ T3569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.052452][ T3569] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.084859][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.271697][ T56] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.276483][ T56] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.303138][ T5833] veth0_macvtap: entered promiscuous mode [ 91.313195][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.313213][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.360644][ T56] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.384154][ T56] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.427406][ T5833] veth1_macvtap: entered promiscuous mode [ 92.734099][ T3583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.734117][ T3583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.976272][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.098220][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.225157][ T5952] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8'. [ 93.308994][ T5952] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8'. [ 94.020113][ T56] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.199447][ T56] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.232481][ T56] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.278150][ T1562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.278169][ T1562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.296112][ T56] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.334926][ T5957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11'. [ 94.397778][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11'. [ 94.459379][ T5957] lo: entered promiscuous mode [ 94.459405][ T5957] lo: entered allmulticast mode [ 94.490745][ T5957] tunl0: entered promiscuous mode [ 94.490868][ T5957] tunl0: entered allmulticast mode [ 94.493272][ T5957] gre0: entered promiscuous mode [ 94.493291][ T5957] gre0: entered allmulticast mode [ 94.500115][ T5957] gretap0: entered promiscuous mode [ 94.500138][ T5957] gretap0: entered allmulticast mode [ 94.516355][ T5957] erspan0: entered promiscuous mode [ 94.516377][ T5957] erspan0: entered allmulticast mode [ 94.517909][ T5957] ip_vti0: entered promiscuous mode [ 94.523620][ T5957] ip_vti0: entered allmulticast mode [ 94.524276][ T5957] ip6_vti0: entered promiscuous mode [ 94.524294][ T5957] ip6_vti0: entered allmulticast mode [ 94.525090][ T5957] sit0: entered promiscuous mode [ 94.525107][ T5957] sit0: entered allmulticast mode [ 94.525599][ T5957] ip6tnl0: entered promiscuous mode [ 94.525615][ T5957] ip6tnl0: entered allmulticast mode [ 94.533110][ T5957] ip6gre0: entered promiscuous mode [ 94.533131][ T5957] ip6gre0: entered allmulticast mode [ 94.535864][ T5957] syz_tun: entered promiscuous mode [ 94.535884][ T5957] syz_tun: entered allmulticast mode [ 94.550280][ T5957] ip6gretap0: entered promiscuous mode [ 94.550302][ T5957] ip6gretap0: entered allmulticast mode [ 94.564467][ T5957] bridge0: entered promiscuous mode [ 94.564490][ T5957] bridge0: entered allmulticast mode [ 94.862299][ T5957] vcan0: entered promiscuous mode [ 94.862325][ T5957] vcan0: entered allmulticast mode [ 94.866845][ T5957] bond0: entered promiscuous mode [ 94.866864][ T5957] bond_slave_0: entered promiscuous mode [ 94.867073][ T5957] bond_slave_1: entered promiscuous mode [ 94.867280][ T5957] bond0: entered allmulticast mode [ 94.867293][ T5957] bond_slave_0: entered allmulticast mode [ 94.867309][ T5957] bond_slave_1: entered allmulticast mode [ 94.873931][ T5957] team0: entered promiscuous mode [ 94.873950][ T5957] team_slave_0: entered promiscuous mode [ 94.874200][ T5957] team_slave_1: entered promiscuous mode [ 94.874391][ T5957] team0: entered allmulticast mode [ 94.874404][ T5957] team_slave_0: entered allmulticast mode [ 94.874421][ T5957] team_slave_1: entered allmulticast mode [ 94.876435][ T5957] dummy0: entered promiscuous mode [ 94.876457][ T5957] dummy0: entered allmulticast mode [ 96.019628][ T5967] process 'syz.0.1' launched './file1' with NULL argv: empty string added [ 96.755876][ T5957] nlmon0: entered promiscuous mode [ 96.755902][ T5957] nlmon0: entered allmulticast mode [ 96.945347][ T5957] caif0: entered promiscuous mode [ 96.945364][ T5957] caif0: entered allmulticast mode [ 96.958822][ T5957] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 97.043897][ T5973] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.251776][ T5960] team_slave_0: left promiscuous mode [ 97.251979][ T5960] team_slave_0: left allmulticast mode [ 97.951132][ T5960] team0 (unregistering): Port device team_slave_0 removed [ 97.968378][ T5960] team_slave_1: left promiscuous mode [ 97.968564][ T5960] team_slave_1: left allmulticast mode [ 98.878344][ T5960] team0 (unregistering): Port device team_slave_1 removed [ 100.136224][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.136244][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.251118][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.251140][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.380854][ T6020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.29'. [ 103.500653][ T6017] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 103.500698][ T6022] netlink: 'syz.3.4': attribute type 1 has an invalid length. [ 103.500713][ T6022] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4'. [ 103.504215][ T6017] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.540933][ T6020] team0 (unregistering): Port device team_slave_0 removed [ 103.582075][ T6020] team0 (unregistering): Port device team_slave_1 removed [ 103.606268][ T6017] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 103.686849][ T6017] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 103.686974][ T6017] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.811451][ T6017] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.936900][ T6017] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 103.937163][ T6017] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.993914][ T6028] fuse: Bad value for 'fd' [ 104.013419][ T6017] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 104.074649][ T6017] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 104.074765][ T6017] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 104.083545][ T1517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.083565][ T1517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.154594][ T6017] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 104.284220][ T6017] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 104.284421][ T6017] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 104.375884][ T6017] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 105.934067][ T5823] Bluetooth: hci0: command 0x0c1a tx timeout [ 105.934179][ T5823] Bluetooth: hci1: command 0x0c1a tx timeout [ 106.025764][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 106.092471][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 106.339401][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 107.419957][ T6058] Zero length message leads to an empty skb [ 108.009024][ T5829] Bluetooth: hci1: command 0x0c1a tx timeout [ 108.009057][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 108.088033][ T5823] Bluetooth: hci2: command 0x0c1a tx timeout [ 108.245547][ T5823] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.497058][ T5823] Bluetooth: hci4: command 0x0c1a tx timeout [ 108.702525][ T6081] IPv6: syztnl0: Disabled Multicast RS [ 110.303901][ T6092] netlink: 'syz.1.50': attribute type 10 has an invalid length. [ 110.312086][ T6092] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.315598][ T6092] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 110.329814][ T5823] Bluetooth: hci0: command 0x0c1a tx timeout [ 110.329848][ T5823] Bluetooth: hci1: command 0x0c1a tx timeout [ 110.329870][ T5823] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.329898][ T5823] Bluetooth: hci3: command 0x0c1a tx timeout [ 110.574531][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 111.633239][ T6104] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.56'. [ 113.101224][ T31] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 113.396446][ T31] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 113.396472][ T31] usb 2-1: config 0 has no interface number 0 [ 113.396518][ T31] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 113.396543][ T31] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 113.396584][ T31] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 113.396606][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.480041][ T6130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.64'. [ 113.480079][ T6130] lo: entered promiscuous mode [ 113.480098][ T6130] lo: entered allmulticast mode [ 113.514768][ T6130] tunl0: entered promiscuous mode [ 113.514790][ T6130] tunl0: entered allmulticast mode [ 113.624318][ T6130] gre0: entered promiscuous mode [ 113.624340][ T6130] gre0: entered allmulticast mode [ 113.712431][ T6130] gretap0: entered promiscuous mode [ 113.712456][ T6130] gretap0: entered allmulticast mode [ 113.770966][ T6134] netlink: 4 bytes leftover after parsing attributes in process `syz.3.64'. [ 113.790666][ T31] usb 2-1: config 0 descriptor?? [ 114.402649][ T6130] erspan0: entered promiscuous mode [ 114.402674][ T6130] erspan0: entered allmulticast mode [ 114.561471][ T6130] ip_vti0: entered promiscuous mode [ 114.561489][ T6130] ip_vti0: entered allmulticast mode [ 114.582598][ T6130] ip6_vti0: entered promiscuous mode [ 114.582614][ T6130] ip6_vti0: entered allmulticast mode [ 114.609134][ T6130] sit0: entered promiscuous mode [ 114.609151][ T6130] sit0: entered allmulticast mode [ 114.654904][ T31] usb 2-1: can't set config #0, error -71 [ 114.658484][ T6130] ip6tnl0: entered promiscuous mode [ 114.658505][ T6130] ip6tnl0: entered allmulticast mode [ 114.659253][ T6130] ip6gre0: entered promiscuous mode [ 114.659271][ T6130] ip6gre0: entered allmulticast mode [ 114.678507][ T6130] syz_tun: entered promiscuous mode [ 114.678531][ T6130] syz_tun: entered allmulticast mode [ 114.679937][ T6130] ip6gretap0: entered promiscuous mode [ 114.679957][ T6130] ip6gretap0: entered allmulticast mode [ 114.689455][ T6130] bridge0: entered promiscuous mode [ 114.689477][ T6130] bridge0: entered allmulticast mode [ 114.788657][ T6130] vcan0: entered promiscuous mode [ 114.788682][ T6130] vcan0: entered allmulticast mode [ 114.789461][ T6130] bond0: entered promiscuous mode [ 114.789477][ T6130] bond_slave_0: entered promiscuous mode [ 114.838011][ T6130] bond_slave_1: entered promiscuous mode [ 114.838181][ T6130] bond0: entered allmulticast mode [ 114.838191][ T6130] bond_slave_0: entered allmulticast mode [ 114.838200][ T6130] bond_slave_1: entered allmulticast mode [ 114.843727][ T6130] team0: entered promiscuous mode [ 114.843740][ T6130] team_slave_0: entered promiscuous mode [ 114.843909][ T6130] team_slave_1: entered promiscuous mode [ 114.861759][ T6130] team0: entered allmulticast mode [ 114.861778][ T6130] team_slave_0: entered allmulticast mode [ 114.861794][ T6130] team_slave_1: entered allmulticast mode [ 114.909637][ T31] usb 2-1: USB disconnect, device number 2 [ 114.922659][ T6130] dummy0: entered promiscuous mode [ 114.922674][ T6130] dummy0: entered allmulticast mode [ 114.929022][ T6130] nlmon0: entered promiscuous mode [ 114.929044][ T6130] nlmon0: entered allmulticast mode [ 114.981255][ T6130] caif0: entered promiscuous mode [ 114.981274][ T6130] caif0: entered allmulticast mode [ 114.981292][ T6130] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 115.039772][ T6139] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.67'. [ 117.738967][ T6157] syz.0.69 (6157) used greatest stack depth: 18528 bytes left [ 118.458262][ T6096] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 118.647315][ T6096] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.647369][ T6096] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.647408][ T6096] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 118.647432][ T6096] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.132755][ T6096] usb 4-1: config 0 descriptor?? [ 119.797374][ T6180] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.78'. [ 119.827745][ T6096] waltop 0003:172F:0501.0001: item fetching failed at offset 5/7 [ 119.844439][ T6096] waltop 0003:172F:0501.0001: probe with driver waltop failed with error -22 [ 119.922094][ T6096] usb 4-1: USB disconnect, device number 2 [ 123.072842][ T6223] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.90'. [ 123.981095][ T6231] loop2: detected capacity change from 0 to 7 [ 124.286415][ T6231] loop2: [ 124.286440][ T6231] loop2: partition table partially beyond EOD, truncated [ 124.731258][ T6244] ======================================================= [ 124.731258][ T6244] WARNING: The mand mount option has been deprecated and [ 124.731258][ T6244] and is ignored by this kernel. Remove the mand [ 124.731258][ T6244] option from the mount to silence this warning. [ 124.731258][ T6244] ======================================================= [ 124.732553][ T6244] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 124.756824][ T36] audit: type=1326 audit(1776769279.281:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6242 comm="syz.1.100" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f865073c819 code=0x0 [ 125.110891][ T6251] 9p: Bad value for 'rfdno' [ 125.228069][ T2094] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 125.398039][ T2094] usb 3-1: Using ep0 maxpacket: 8 [ 125.401521][ T2094] usb 3-1: unable to get BOS descriptor or descriptor too short [ 125.402952][ T2094] usb 3-1: config 7 has an invalid interface number: 58 but max is 0 [ 125.402975][ T2094] usb 3-1: config 7 has no interface number 0 [ 125.403016][ T2094] usb 3-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 125.403102][ T2094] usb 3-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 125.403127][ T2094] usb 3-1: config 7 interface 58 has no altsetting 0 [ 125.447019][ T2094] usb 3-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 125.447049][ T2094] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.447069][ T2094] usb 3-1: Product: syz [ 125.447083][ T2094] usb 3-1: Manufacturer: syz [ 125.447097][ T2094] usb 3-1: SerialNumber: syz [ 125.616260][ T6257] netlink: 212396 bytes leftover after parsing attributes in process `syz.4.103'. [ 125.846516][ T2094] usb 3-1: USB disconnect, device number 2 [ 128.418825][ T2094] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 129.198035][ T2094] usb 5-1: Using ep0 maxpacket: 16 [ 129.219746][ T2094] usb 5-1: config index 0 descriptor too short (expected 51443, got 18) [ 129.679867][ T2094] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 129.679898][ T2094] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.679918][ T2094] usb 5-1: Product: syz [ 129.679932][ T2094] usb 5-1: Manufacturer: syz [ 129.679946][ T2094] usb 5-1: SerialNumber: syz [ 130.668306][ T2094] r8152-cfgselector 5-1: Unknown version 0x0000 [ 130.668332][ T2094] r8152-cfgselector 5-1: config 0 descriptor?? [ 131.345823][ T2094] r8152-cfgselector 5-1: Unknown version 0x0000 [ 131.390351][ T2094] r8152-cfgselector 5-1: No union descriptors [ 131.440665][ T2094] r8152-cfgselector 5-1: USB disconnect, device number 2 [ 133.234631][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 143.888543][ T5908] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 144.118000][ T5908] usb 3-1: Using ep0 maxpacket: 16 [ 144.948092][ T5908] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 144.948117][ T5908] usb 3-1: config 0 has no interface number 0 [ 144.978554][ T5908] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 144.978572][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.978582][ T5908] usb 3-1: Product: syz [ 144.978590][ T5908] usb 3-1: Manufacturer: syz [ 144.978597][ T5908] usb 3-1: SerialNumber: syz [ 145.048318][ T5908] usb 3-1: config 0 descriptor?? [ 145.437966][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 145.672601][ T5908] usb 3-1: selecting invalid altsetting 1 [ 145.672629][ T5908] speedtch 3-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 145.672674][ T5908] speedtch 3-1:0.1: usbatm_usb_probe: bind failed: -22! [ 145.672730][ T5908] speedtch 3-1:0.1: probe with driver speedtch failed with error -22 [ 145.728870][ T5908] usb 3-1: USB disconnect, device number 3 [ 149.453145][ T6356] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 149.625582][ T6356] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.625615][ T6356] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.625652][ T6356] usb 2-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 149.625673][ T6356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.686026][ T6356] usb 2-1: config 0 descriptor?? [ 150.163697][ T6356] usbhid 2-1:0.0: can't add hid device: -71 [ 150.163823][ T6356] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 150.202770][ T6356] usb 2-1: USB disconnect, device number 3 [ 152.448119][ T5929] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 152.572422][ T6519] 9p: Bad value for 'wfdno' [ 153.448727][ T5929] usb 4-1: Using ep0 maxpacket: 8 [ 153.451932][ T5929] usb 4-1: unable to get BOS descriptor or descriptor too short [ 153.453238][ T5929] usb 4-1: config 7 has an invalid interface number: 58 but max is 0 [ 153.453261][ T5929] usb 4-1: config 7 has no interface number 0 [ 153.453300][ T5929] usb 4-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 153.453324][ T5929] usb 4-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 153.453347][ T5929] usb 4-1: config 7 interface 58 has no altsetting 0 [ 153.516813][ T5929] usb 4-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 153.516843][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.516862][ T5929] usb 4-1: Product: syz [ 153.516876][ T5929] usb 4-1: Manufacturer: syz [ 153.516890][ T5929] usb 4-1: SerialNumber: syz [ 154.075980][ T5929] usb 4-1: USB disconnect, device number 3 [ 156.600562][ T6553] 9p: Bad value for 'wfdno' [ 156.721745][ T6558] netlink: 36 bytes leftover after parsing attributes in process `syz.4.197'. [ 157.358035][ T5824] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 158.386588][ T6569] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 158.538034][ T5824] usb 1-1: Using ep0 maxpacket: 16 [ 158.564555][ T5824] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 158.564581][ T5824] usb 1-1: config 0 has no interface number 0 [ 158.600431][ T5824] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 158.600450][ T5824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.600460][ T5824] usb 1-1: Product: syz [ 158.600467][ T5824] usb 1-1: Manufacturer: syz [ 158.600475][ T5824] usb 1-1: SerialNumber: syz [ 158.654004][ T5824] usb 1-1: config 0 descriptor?? [ 160.408114][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 160.836376][ T5824] usb 1-1: selecting invalid altsetting 1 [ 160.836398][ T5824] speedtch 1-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 160.837715][ T5824] speedtch 1-1:0.1: usbatm_usb_probe: bind failed: -22! [ 160.837778][ T5824] speedtch 1-1:0.1: probe with driver speedtch failed with error -22 [ 160.976586][ T5824] usb 1-1: USB disconnect, device number 2 [ 162.372611][ T6589] 9p: Bad value for 'wfdno' [ 162.438069][ T5824] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 163.529268][ T5824] usb 1-1: Using ep0 maxpacket: 8 [ 163.553030][ T5824] usb 1-1: unable to get BOS descriptor or descriptor too short [ 163.554426][ T5824] usb 1-1: config 7 has an invalid interface number: 58 but max is 0 [ 163.554451][ T5824] usb 1-1: config 7 has no interface number 0 [ 163.554492][ T5824] usb 1-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 163.554518][ T5824] usb 1-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 163.554543][ T5824] usb 1-1: config 7 interface 58 has no altsetting 0 [ 163.609654][ T5824] usb 1-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 163.609683][ T5824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.609702][ T5824] usb 1-1: Product: syz [ 163.609715][ T5824] usb 1-1: Manufacturer: syz [ 163.609728][ T5824] usb 1-1: SerialNumber: syz [ 164.827963][ T6604] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 165.447239][ T5824] usb 1-1: USB disconnect, device number 3 [ 166.489985][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 166.868666][ T2094] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 167.028071][ T2094] usb 2-1: Using ep0 maxpacket: 16 [ 167.029616][ T2094] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 167.029639][ T2094] usb 2-1: config 0 has no interface number 0 [ 167.034498][ T2094] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 167.034526][ T2094] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.034546][ T2094] usb 2-1: Product: syz [ 167.034560][ T2094] usb 2-1: Manufacturer: syz [ 167.034574][ T2094] usb 2-1: SerialNumber: syz [ 167.115127][ T2094] usb 2-1: config 0 descriptor?? [ 167.162946][ T6626] 9p: Bad value for 'wfdno' [ 169.057795][ T2094] usb 2-1: selecting invalid altsetting 1 [ 169.057817][ T2094] speedtch 2-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 169.057857][ T2094] speedtch 2-1:0.1: usbatm_usb_probe: bind failed: -22! [ 169.109437][ T2094] speedtch 2-1:0.1: probe with driver speedtch failed with error -22 [ 169.141000][ T2094] usb 2-1: USB disconnect, device number 4 [ 169.223989][ T6647] netlink: 20 bytes leftover after parsing attributes in process `syz.0.225'. [ 169.403465][ T6628] ALSA: mixer_oss: invalid OSS volume 'VOLU' [ 169.518215][ T2094] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 169.546366][ T6642] dvmrp1: entered allmulticast mode [ 169.628276][ T6642] dvmrp1: left allmulticast mode [ 169.668980][ T2094] usb 2-1: Using ep0 maxpacket: 8 [ 170.587716][ T2094] usb 2-1: unable to get BOS descriptor or descriptor too short [ 170.607197][ T2094] usb 2-1: config 7 has an invalid interface number: 58 but max is 0 [ 170.607225][ T2094] usb 2-1: config 7 has no interface number 0 [ 170.607267][ T2094] usb 2-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 170.607293][ T2094] usb 2-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.607318][ T2094] usb 2-1: config 7 interface 58 has no altsetting 0 [ 170.671480][ T2094] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 170.671511][ T2094] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.671532][ T2094] usb 2-1: Product: syz [ 170.671546][ T2094] usb 2-1: Manufacturer: syz [ 170.671560][ T2094] usb 2-1: SerialNumber: syz [ 171.056139][ T2094] usb 2-1: USB disconnect, device number 5 [ 171.108263][ T6172] udevd[6172]: setting owner of /dev/bus/usb/002/005 to uid=0, gid=0 failed: No such file or directory [ 171.771611][ T6669] 9p: Bad value for 'wfdno' [ 173.078088][ T2094] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 173.238089][ T2094] usb 2-1: Using ep0 maxpacket: 16 [ 173.244529][ T2094] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 173.244553][ T2094] usb 2-1: config 0 has no interface number 0 [ 173.276573][ T2094] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 173.276601][ T2094] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.276617][ T2094] usb 2-1: Product: syz [ 173.276624][ T2094] usb 2-1: Manufacturer: syz [ 173.276632][ T2094] usb 2-1: SerialNumber: syz [ 173.331849][ T2094] usb 2-1: config 0 descriptor?? [ 173.525179][ T6688] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.240'. [ 174.142730][ T2094] usb 2-1: selecting invalid altsetting 1 [ 174.142753][ T2094] speedtch 2-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 174.142797][ T2094] speedtch 2-1:0.1: usbatm_usb_probe: bind failed: -22! [ 174.142856][ T2094] speedtch 2-1:0.1: probe with driver speedtch failed with error -22 [ 174.183662][ T2094] usb 2-1: USB disconnect, device number 6 [ 174.339336][ T6694] ALSA: mixer_oss: invalid OSS volume 'VOLU' [ 174.458089][ T5929] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 174.558692][ T5824] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 174.708001][ T5824] usb 4-1: Using ep0 maxpacket: 8 [ 174.750073][ T5929] usb 1-1: Using ep0 maxpacket: 32 [ 174.754694][ T5929] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 174.754720][ T5929] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 174.754744][ T5929] usb 1-1: config 0 interface 0 has no altsetting 0 [ 174.759176][ T5824] usb 4-1: unable to get BOS descriptor or descriptor too short [ 174.778873][ T5824] usb 4-1: config 7 has an invalid interface number: 58 but max is 0 [ 174.778907][ T5824] usb 4-1: config 7 has no interface number 0 [ 174.778950][ T5824] usb 4-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 174.778974][ T5824] usb 4-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 174.778998][ T5824] usb 4-1: config 7 interface 58 has no altsetting 0 [ 174.786430][ T5929] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 174.786447][ T5929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.786457][ T5929] usb 1-1: Product: syz [ 174.786464][ T5929] usb 1-1: Manufacturer: syz [ 174.786471][ T5929] usb 1-1: SerialNumber: syz [ 175.515956][ T5929] usb 1-1: config 0 descriptor?? [ 175.714186][ T5824] usb 4-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 175.714217][ T5824] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.714237][ T5824] usb 4-1: Product: syz [ 175.714253][ T5824] usb 4-1: Manufacturer: syz [ 175.714267][ T5824] usb 4-1: SerialNumber: syz [ 176.069883][ T5824] usb 4-1: USB disconnect, device number 4 [ 177.260139][ T5929] gs_usb 1-1:0.0: Couldn't get device config: (err=-110) [ 177.260183][ T5929] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -110 [ 177.580248][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 177.580868][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.635805][ T6722] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 177.636357][ T6722] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.730942][ T5929] usb 1-1: USB disconnect, device number 4 [ 178.518047][ T5907] usb 3-1: new low-speed USB device number 4 using dummy_hcd [ 178.796619][ T5907] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 178.796646][ T5907] usb 3-1: config 0 has no interface number 0 [ 178.796682][ T5907] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 178.796697][ T5907] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 178.796719][ T5907] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 178.796731][ T5907] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.863544][ T5907] usb 3-1: config 0 descriptor?? [ 178.866820][ T6742] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 178.957349][ T5907] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 179.188092][ T5929] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 179.243456][ T6096] usb 3-1: USB disconnect, device number 4 [ 179.243456][ C1] iowarrior 3-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 179.338020][ T5929] usb 2-1: Using ep0 maxpacket: 16 [ 179.343795][ T5929] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 179.343820][ T5929] usb 2-1: config 0 has no interface number 0 [ 179.372630][ T5929] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 179.372657][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.372681][ T5929] usb 2-1: Product: syz [ 179.372695][ T5929] usb 2-1: Manufacturer: syz [ 179.372707][ T5929] usb 2-1: SerialNumber: syz [ 179.489577][ T5929] usb 2-1: config 0 descriptor?? [ 179.782963][ T5929] usb 2-1: selecting invalid altsetting 1 [ 179.782986][ T5929] speedtch 2-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 179.783031][ T5929] speedtch 2-1:0.1: usbatm_usb_probe: bind failed: -22! [ 179.783091][ T5929] speedtch 2-1:0.1: probe with driver speedtch failed with error -22 [ 179.825717][ T5929] usb 2-1: USB disconnect, device number 7 [ 180.689104][ T6779] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 180.695543][ T36] audit: type=1326 audit(1776769335.221:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6778 comm="syz.3.266" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a2c68c819 code=0x0 [ 181.202865][ T36] audit: type=1326 audit(1776769335.731:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6793 comm="syz.4.271" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbc61fac819 code=0x0 [ 182.159525][ T5907] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 182.329702][ T5907] usb 3-1: Using ep0 maxpacket: 16 [ 182.332739][ T5907] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 182.332763][ T5907] usb 3-1: config 0 has no interface number 0 [ 182.336862][ T5907] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 182.336979][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.336999][ T5907] usb 3-1: Product: syz [ 182.337014][ T5907] usb 3-1: Manufacturer: syz [ 182.337028][ T5907] usb 3-1: SerialNumber: syz [ 182.449190][ T5907] usb 3-1: config 0 descriptor?? [ 182.775260][ T5907] usb 3-1: selecting invalid altsetting 1 [ 182.775275][ T5907] speedtch 3-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 182.775299][ T5907] speedtch 3-1:0.1: usbatm_usb_probe: bind failed: -22! [ 182.775350][ T5907] speedtch 3-1:0.1: probe with driver speedtch failed with error -22 [ 182.856307][ T5907] usb 3-1: USB disconnect, device number 5 [ 185.618035][ T5807] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 185.768117][ T5807] usb 2-1: Using ep0 maxpacket: 8 [ 185.774654][ T5807] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 185.774674][ T5807] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 185.774687][ T5807] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 185.774700][ T5807] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 185.774722][ T5807] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 185.774746][ T5807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.140733][ T36] audit: type=1326 audit(1776769340.641:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6843 comm="syz.0.288" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3c2dc819 code=0x0 [ 186.433424][ T5807] usb 2-1: GET_CAPABILITIES returned 0 [ 186.433473][ T5807] usbtmc 2-1:16.0: can't read capabilities [ 186.670106][ T6836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.076261][ T6836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.284351][ T5807] usb 2-1: USB disconnect, device number 8 [ 187.948690][ T6356] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 188.118007][ T6356] usb 1-1: Using ep0 maxpacket: 16 [ 188.122514][ T6356] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 188.122537][ T6356] usb 1-1: config 0 has no interface number 0 [ 188.131793][ T6356] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 188.131819][ T6356] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.131838][ T6356] usb 1-1: Product: syz [ 188.131851][ T6356] usb 1-1: Manufacturer: syz [ 188.131863][ T6356] usb 1-1: SerialNumber: syz [ 188.166621][ T6356] usb 1-1: config 0 descriptor?? [ 188.484868][ T6356] usb 1-1: selecting invalid altsetting 1 [ 188.484892][ T6356] speedtch 1-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 188.484937][ T6356] speedtch 1-1:0.1: usbatm_usb_probe: bind failed: -22! [ 188.484997][ T6356] speedtch 1-1:0.1: probe with driver speedtch failed with error -22 [ 188.510193][ T6356] usb 1-1: USB disconnect, device number 5 [ 189.386521][ T6885] netlink: 8 bytes leftover after parsing attributes in process `syz.1.303'. [ 189.386557][ T6885] lo: entered promiscuous mode [ 189.386572][ T6885] lo: entered allmulticast mode [ 189.403687][ T6885] tunl0: entered promiscuous mode [ 189.403709][ T6885] tunl0: entered allmulticast mode [ 189.410326][ T6885] gre0: entered promiscuous mode [ 189.410347][ T6885] gre0: entered allmulticast mode [ 189.411085][ T6885] gretap0: entered promiscuous mode [ 189.411104][ T6885] gretap0: entered allmulticast mode [ 189.436951][ T6885] erspan0: entered promiscuous mode [ 189.436975][ T6885] erspan0: entered allmulticast mode [ 189.466947][ T6885] ip_vti0: entered promiscuous mode [ 189.466972][ T6885] ip_vti0: entered allmulticast mode [ 189.467853][ T6885] ip6_vti0: entered promiscuous mode [ 189.467875][ T6885] ip6_vti0: entered allmulticast mode [ 189.476251][ T6885] sit0: entered promiscuous mode [ 189.476271][ T6885] sit0: entered allmulticast mode [ 189.476926][ T6885] ip6tnl0: entered promiscuous mode [ 189.476944][ T6885] ip6tnl0: entered allmulticast mode [ 189.496553][ T6885] ip6gre0: entered promiscuous mode [ 189.496574][ T6885] ip6gre0: entered allmulticast mode [ 189.499359][ T6885] syz_tun: entered promiscuous mode [ 189.499385][ T6885] syz_tun: entered allmulticast mode [ 189.502778][ T6885] ip6gretap0: entered promiscuous mode [ 189.502796][ T6885] ip6gretap0: entered allmulticast mode [ 189.504662][ T6885] bridge0: entered promiscuous mode [ 189.504683][ T6885] bridge0: entered allmulticast mode [ 189.553139][ T6885] vcan0: entered promiscuous mode [ 189.553162][ T6885] vcan0: entered allmulticast mode [ 189.583513][ T6885] bond0: entered promiscuous mode [ 189.593172][ T6885] bond_slave_0: entered promiscuous mode [ 189.593393][ T6885] bond_slave_1: entered promiscuous mode [ 189.593564][ T6885] batadv0: entered promiscuous mode [ 189.593785][ T6885] bond0: entered allmulticast mode [ 189.593799][ T6885] bond_slave_0: entered allmulticast mode [ 189.593814][ T6885] bond_slave_1: entered allmulticast mode [ 189.593830][ T6885] batadv0: entered allmulticast mode [ 189.599650][ T6885] team0: entered promiscuous mode [ 189.599667][ T6885] team_slave_0: entered promiscuous mode [ 189.599834][ T6885] team_slave_1: entered promiscuous mode [ 189.600043][ T6885] team0: entered allmulticast mode [ 189.600055][ T6885] team_slave_0: entered allmulticast mode [ 189.600070][ T6885] team_slave_1: entered allmulticast mode [ 189.604557][ T6885] dummy0: entered promiscuous mode [ 189.604577][ T6885] dummy0: entered allmulticast mode [ 189.615534][ T6885] nlmon0: entered promiscuous mode [ 189.615555][ T6885] nlmon0: entered allmulticast mode [ 189.724747][ T6885] caif0: entered promiscuous mode [ 189.724760][ T6885] caif0: entered allmulticast mode [ 189.724771][ T6885] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 192.333173][ T5807] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 192.454877][ T6919] dvmrp1: entered allmulticast mode [ 192.456554][ T6918] dvmrp1: left allmulticast mode [ 192.490005][ T5807] usb 5-1: Using ep0 maxpacket: 16 [ 192.505296][ T5807] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 192.505323][ T5807] usb 5-1: config 0 has no interface number 0 [ 192.553689][ T5807] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 192.553720][ T5807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.553738][ T5807] usb 5-1: Product: syz [ 192.553745][ T5807] usb 5-1: Manufacturer: syz [ 192.553752][ T5807] usb 5-1: SerialNumber: syz [ 192.604089][ T5807] usb 5-1: config 0 descriptor?? [ 192.837123][ T5807] usb 5-1: selecting invalid altsetting 1 [ 192.837147][ T5807] speedtch 5-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 192.837191][ T5807] speedtch 5-1:0.1: usbatm_usb_probe: bind failed: -22! [ 192.837250][ T5807] speedtch 5-1:0.1: probe with driver speedtch failed with error -22 [ 192.893516][ T5807] usb 5-1: USB disconnect, device number 3 [ 192.987076][ T6928] netlink: 8 bytes leftover after parsing attributes in process `syz.1.319'. [ 193.044563][ T6928] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 193.297936][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 194.859696][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.612486][ T6356] psmouse serio6: Failed to reset mouse on : -5 [ 197.998813][ T6953] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 197.999022][ T6953] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 197.999197][ T6953] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 197.999401][ T6953] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 198.003675][ T6953] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 198.183220][ T6970] netlink: 'syz.1.330': attribute type 83 has an invalid length. [ 198.348008][ T5907] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 198.657248][ T5907] usb 5-1: unable to get BOS descriptor or descriptor too short [ 198.667057][ T5907] usb 5-1: config 1 has an invalid descriptor of length 244, skipping remainder of the config [ 198.667073][ T5907] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 198.668785][ T6096] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 200.009508][ T5823] Bluetooth: hci3: command 0x0c1a tx timeout [ 200.009577][ T5829] Bluetooth: hci4: command 0x0c1a tx timeout [ 200.143473][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 200.151320][ T5823] Bluetooth: hci1: command 0x0c1a tx timeout [ 200.151376][ T5829] Bluetooth: hci2: command 0x0c1a tx timeout [ 200.229078][ T5907] usb 5-1: New USB device found, idVendor=200c, idProduct=100b, bcdDevice= 0.40 [ 200.229108][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.229126][ T5907] usb 5-1: Product: syz [ 200.229140][ T5907] usb 5-1: Manufacturer: syz [ 200.229153][ T5907] usb 5-1: SerialNumber: syz [ 200.348011][ T6096] usb 1-1: Using ep0 maxpacket: 16 [ 200.384943][ T6096] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 200.384959][ T6096] usb 1-1: config 0 has no interface number 0 [ 200.408639][ T6096] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 200.408669][ T6096] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.408687][ T6096] usb 1-1: Product: syz [ 200.408694][ T6096] usb 1-1: Manufacturer: syz [ 200.408702][ T6096] usb 1-1: SerialNumber: syz [ 200.525257][ T6096] usb 1-1: config 0 descriptor?? [ 200.814043][ T6096] usb 1-1: selecting invalid altsetting 1 [ 200.814066][ T6096] speedtch 1-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 200.814107][ T6096] speedtch 1-1:0.1: usbatm_usb_probe: bind failed: -22! [ 200.814142][ T6096] speedtch 1-1:0.1: probe with driver speedtch failed with error -22 [ 200.821088][ T6981] netlink: 4 bytes leftover after parsing attributes in process `syz.3.333'. [ 200.904154][ T6096] usb 1-1: USB disconnect, device number 6 [ 200.981827][ T6981] team_slave_0: left promiscuous mode [ 200.982059][ T6981] team_slave_0: left allmulticast mode [ 201.041281][ T6981] team0 (unregistering): Port device team_slave_0 removed [ 201.041842][ T6981] team_slave_1: left promiscuous mode [ 201.042020][ T6981] team_slave_1: left allmulticast mode [ 201.098715][ T6981] team0 (unregistering): Port device team_slave_1 removed [ 202.191640][ T6356] misc userio: Buffer overflowed, userio client isn't keeping up [ 202.484435][ T5907] usb 5-1: USB disconnect, device number 4 [ 204.667092][ T6356] input: PS/2 Generic Mouse as /devices/serio6/input/input10 [ 204.775738][ T6171] udevd[6171]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 204.919750][ T6356] psmouse serio6: Failed to enable mouse on [ 204.970401][ T7006] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.970597][ T7006] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 204.971772][ T7006] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 205.012093][ T7006] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.021287][ T7006] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 205.526205][ T7020] netlink: 'syz.0.344': attribute type 83 has an invalid length. [ 207.014583][ T7037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.351'. [ 207.118308][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 207.139217][ T5823] Bluetooth: hci2: command 0x0c1a tx timeout [ 207.139252][ T5823] Bluetooth: hci1: command 0x0c1a tx timeout [ 207.139308][ T5829] Bluetooth: hci3: command 0x0c1a tx timeout [ 207.139335][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout [ 208.239701][ T6096] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 208.337928][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 208.419512][ T6096] usb 5-1: Using ep0 maxpacket: 16 [ 208.424806][ T6096] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 208.425003][ T6096] usb 5-1: config 0 has no interface number 0 [ 208.458991][ T6096] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 208.459019][ T6096] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.459039][ T6096] usb 5-1: Product: syz [ 208.459052][ T6096] usb 5-1: Manufacturer: syz [ 208.459061][ T6096] usb 5-1: SerialNumber: syz [ 208.519863][ T6096] usb 5-1: config 0 descriptor?? [ 208.835854][ T6096] usb 5-1: selecting invalid altsetting 1 [ 208.835869][ T6096] speedtch 5-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 208.835894][ T6096] speedtch 5-1:0.1: usbatm_usb_probe: bind failed: -22! [ 208.835928][ T6096] speedtch 5-1:0.1: probe with driver speedtch failed with error -22 [ 208.879258][ T6096] usb 5-1: USB disconnect, device number 5 [ 214.545629][ T7089] netlink: 4 bytes leftover after parsing attributes in process `syz.2.365'. [ 216.124580][ T7094] netlink: 'syz.3.366': attribute type 83 has an invalid length. [ 216.709756][ T7113] IPv6: syztnl0: Disabled Multicast RS [ 217.337643][ T5908] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 217.338485][ T5929] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 217.518289][ T5908] usb 1-1: Using ep0 maxpacket: 16 [ 218.417115][ T5929] usb 5-1: Using ep0 maxpacket: 16 [ 218.419869][ T5929] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 218.419892][ T5929] usb 5-1: config 0 has no interface number 0 [ 218.422012][ T5929] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 218.422036][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.422054][ T5929] usb 5-1: Product: syz [ 218.422067][ T5929] usb 5-1: Manufacturer: syz [ 218.422081][ T5929] usb 5-1: SerialNumber: syz [ 218.430893][ T5929] usb 5-1: config 0 descriptor?? [ 218.571508][ T5908] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 218.571535][ T5908] usb 1-1: config 0 has no interface number 0 [ 218.575098][ T5908] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 218.575125][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.575144][ T5908] usb 1-1: Product: syz [ 218.575158][ T5908] usb 1-1: Manufacturer: syz [ 218.575171][ T5908] usb 1-1: SerialNumber: syz [ 219.115387][ T5908] usb 1-1: config 0 descriptor?? [ 219.509750][ T5929] usb 5-1: selecting invalid altsetting 1 [ 219.509788][ T5929] speedtch 5-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 219.509926][ T5929] speedtch 5-1:0.1: usbatm_usb_probe: bind failed: -22! [ 219.510065][ T5929] speedtch 5-1:0.1: probe with driver speedtch failed with error -22 [ 219.595966][ T5929] usb 5-1: USB disconnect, device number 6 [ 219.816991][ T5908] usb 1-1: selecting invalid altsetting 1 [ 219.817015][ T5908] speedtch 1-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 219.817059][ T5908] speedtch 1-1:0.1: usbatm_usb_probe: bind failed: -22! [ 219.817117][ T5908] speedtch 1-1:0.1: probe with driver speedtch failed with error -22 [ 220.753986][ T5908] usb 1-1: USB disconnect, device number 7 [ 223.072079][ T7151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.382'. [ 223.977895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 224.037896][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 224.628358][ T7155] netlink: 'syz.3.385': attribute type 83 has an invalid length. [ 225.051878][ T5929] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 225.298301][ T5929] usb 5-1: Using ep0 maxpacket: 16 [ 225.311289][ T5929] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 225.311315][ T5929] usb 5-1: config 0 has no interface number 0 [ 225.325284][ T5929] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 225.325312][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.325330][ T5929] usb 5-1: Product: syz [ 225.325343][ T5929] usb 5-1: Manufacturer: syz [ 225.325357][ T5929] usb 5-1: SerialNumber: syz [ 225.376493][ T5929] usb 5-1: config 0 descriptor?? [ 225.648114][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 225.683968][ T7187] ALSA: mixer_oss: invalid OSS volume '' [ 225.818157][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 225.821674][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 225.825843][ T10] usb 2-1: config 7 has an invalid interface number: 58 but max is 0 [ 225.825858][ T10] usb 2-1: config 7 has no interface number 0 [ 225.825882][ T10] usb 2-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 225.825903][ T10] usb 2-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 225.825916][ T10] usb 2-1: config 7 interface 58 has no altsetting 0 [ 225.840175][ T10] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 225.840201][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.840219][ T10] usb 2-1: Product: syz [ 225.840280][ T10] usb 2-1: Manufacturer: syz [ 225.840294][ T10] usb 2-1: SerialNumber: syz [ 227.355730][ T10] usb 2-1: USB disconnect, device number 9 [ 228.850124][ T36] audit: type=1326 audit(1776769383.351:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7204 comm="syz.3.400" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a2c68c819 code=0x0 [ 230.492878][ T5929] usb 5-1: selecting invalid altsetting 1 [ 230.492903][ T5929] speedtch 5-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 230.492948][ T5929] speedtch 5-1:0.1: usbatm_usb_probe: bind failed: -22! [ 230.493010][ T5929] speedtch 5-1:0.1: probe with driver speedtch failed with error -22 [ 230.608916][ T5929] usb 5-1: USB disconnect, device number 7 [ 230.786726][ T7215] netlink: 'syz.0.403': attribute type 83 has an invalid length. [ 230.857199][ T7220] tipc: Failed to remove unknown binding: 66,1,1/0:3199629696/3199629698 [ 233.106923][ T36] audit: type=1326 audit(1776769387.631:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7243 comm="syz.0.412" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff3c2dc819 code=0x0 [ 233.198671][ T6356] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 233.397812][ T6356] usb 2-1: Using ep0 maxpacket: 8 [ 233.412500][ T6356] usb 2-1: unable to get BOS descriptor or descriptor too short [ 233.416702][ T6356] usb 2-1: config 7 has an invalid interface number: 58 but max is 0 [ 233.416726][ T6356] usb 2-1: config 7 has no interface number 0 [ 233.416769][ T6356] usb 2-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 233.416802][ T6356] usb 2-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 233.416828][ T6356] usb 2-1: config 7 interface 58 has no altsetting 0 [ 233.488913][ T6356] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 233.488943][ T6356] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.488962][ T6356] usb 2-1: Product: syz [ 233.488976][ T6356] usb 2-1: Manufacturer: syz [ 233.488990][ T6356] usb 2-1: SerialNumber: syz [ 233.965128][ T6356] usb 2-1: USB disconnect, device number 10 [ 235.272357][ T7267] netlink: 'syz.0.420': attribute type 83 has an invalid length. [ 235.318034][ T5929] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 235.468063][ T5929] usb 2-1: Using ep0 maxpacket: 16 [ 235.470511][ T5929] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 235.470526][ T5929] usb 2-1: config 0 has no interface number 0 [ 235.483789][ T5929] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 235.483815][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.483833][ T5929] usb 2-1: Product: syz [ 235.483846][ T5929] usb 2-1: Manufacturer: syz [ 235.483860][ T5929] usb 2-1: SerialNumber: syz [ 235.506591][ T5929] usb 2-1: config 0 descriptor?? [ 236.750629][ T36] audit: type=1326 audit(1776769391.251:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7278 comm="syz.4.425" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbc61fac819 code=0x0 [ 239.717677][ T7293] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 240.149717][ T7299] misc userio: No port type given on /dev/userio [ 240.205442][ T7300] misc userio: The device must be registered before sending interrupts [ 240.229445][ T5929] usb 2-1: selecting invalid altsetting 1 [ 240.229460][ T5929] speedtch 2-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 240.229485][ T5929] speedtch 2-1:0.1: usbatm_usb_probe: bind failed: -22! [ 240.229520][ T5929] speedtch 2-1:0.1: probe with driver speedtch failed with error -22 [ 240.322480][ T5929] usb 2-1: USB disconnect, device number 11 [ 240.665834][ T7310] fuse: Bad value for 'rootmode' [ 241.292317][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 241.657505][ T7316] netlink: 'syz.4.434': attribute type 83 has an invalid length. [ 241.701147][ T7326] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.437'. [ 242.729493][ T7332] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 243.340681][ T7349] CIFS: VFS: UNC: path must begin with // or \\ [ 243.340697][ T7349] Malformed UNC in devname [ 243.340697][ T7349] [ 243.340919][ T7349] CIFS: VFS: Malformed UNC in devname [ 243.369429][ T1255] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 243.416542][ T7351] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.448'. [ 243.598359][ T1255] usb 2-1: Using ep0 maxpacket: 8 [ 243.643180][ T7362] fuse: Bad value for 'rootmode' [ 244.431810][ T1255] usb 2-1: unable to get BOS descriptor or descriptor too short [ 244.436912][ T1255] usb 2-1: config 7 has an invalid interface number: 58 but max is 0 [ 244.436937][ T1255] usb 2-1: config 7 has no interface number 0 [ 244.436980][ T1255] usb 2-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 244.437006][ T1255] usb 2-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 244.437032][ T1255] usb 2-1: config 7 interface 58 has no altsetting 0 [ 244.445286][ T1255] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 244.445314][ T1255] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.445334][ T1255] usb 2-1: Product: syz [ 244.445348][ T1255] usb 2-1: Manufacturer: syz [ 244.445361][ T1255] usb 2-1: SerialNumber: syz [ 244.488143][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 244.786171][ T1255] usb 2-1: USB disconnect, device number 12 [ 245.256713][ T7378] IPv6: syztnl0: Disabled Multicast RS [ 245.611472][ T7369] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 245.943917][ T7384] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.459'. [ 246.433766][ T7388] netlink: 'syz.4.455': attribute type 83 has an invalid length. [ 246.580628][ T7398] CIFS: VFS: UNC: path must begin with // or \\ [ 246.580643][ T7398] Malformed UNC in devname [ 246.580643][ T7398] [ 246.580656][ T7398] CIFS: VFS: Malformed UNC in devname [ 247.581170][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 247.792271][ T7411] fuse: Unknown parameter 'use00000000000000000000' [ 249.557292][ T7417] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 250.487247][ T7428] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.470'. [ 250.668019][ T6356] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 250.857995][ T6356] usb 3-1: Using ep0 maxpacket: 8 [ 250.861097][ T6356] usb 3-1: unable to get BOS descriptor or descriptor too short [ 250.863132][ T6356] usb 3-1: config 7 has an invalid interface number: 58 but max is 0 [ 250.863155][ T6356] usb 3-1: config 7 has no interface number 0 [ 250.863198][ T6356] usb 3-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 250.863225][ T6356] usb 3-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 250.863251][ T6356] usb 3-1: config 7 interface 58 has no altsetting 0 [ 250.874632][ T6356] usb 3-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 250.874660][ T6356] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.874679][ T6356] usb 3-1: Product: syz [ 250.874693][ T6356] usb 3-1: Manufacturer: syz [ 250.874707][ T6356] usb 3-1: SerialNumber: syz [ 251.025113][ T5907] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 251.035200][ T7440] CIFS: VFS: UNC: path must begin with // or \\ [ 251.035213][ T7440] Malformed UNC in devname [ 251.035213][ T7440] [ 251.035226][ T7440] CIFS: VFS: Malformed UNC in devname [ 251.048029][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 251.224531][ T5907] usb 2-1: config index 0 descriptor too short (expected 100, got 36) [ 251.224561][ T5907] usb 2-1: config 2 has an invalid interface number: 174 but max is 0 [ 251.224582][ T5907] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 251.224600][ T5907] usb 2-1: config 2 has no interface number 0 [ 251.224641][ T5907] usb 2-1: config 2 interface 174 altsetting 0 has an endpoint descriptor with address 0x9E, changing to 0x8E [ 251.224666][ T5907] usb 2-1: config 2 interface 174 altsetting 0 endpoint 0x8E has invalid maxpacket 255, setting to 64 [ 251.224693][ T5907] usb 2-1: config 2 interface 174 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 251.227801][ T5907] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e [ 251.239681][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.239708][ T5907] usb 2-1: Product: syz [ 251.239723][ T5907] usb 2-1: Manufacturer: syz [ 251.239737][ T5907] usb 2-1: SerialNumber: syz [ 251.325800][ T7448] fuse: Unknown parameter 'use00000000000000000000' [ 252.314370][ T7436] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 252.331102][ T6356] usb 3-1: USB disconnect, device number 6 [ 254.952398][ T5907] usb 2-1: probing VID:PID(0424:012C) [ 255.192627][ T5907] usb 2-1: vub300 testing BULK IN EndPoint(0) 8E [ 255.192654][ T5907] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs [ 255.279566][ T5907] vub300 2-1:2.174: probe with driver vub300 failed with error -22 [ 255.310733][ T5907] usb 2-1: USB disconnect, device number 13 [ 255.353020][ T7479] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.486'. [ 255.397739][ T5840] udevd[5840]: setting mode of /dev/bus/usb/002/013 to 020664 failed: No such file or directory [ 255.403992][ T5840] udevd[5840]: setting owner of /dev/bus/usb/002/013 to uid=0, gid=0 failed: No such file or directory [ 255.475911][ T7478] netlink: 'syz.3.485': attribute type 83 has an invalid length. [ 255.907894][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 255.936313][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.192240][ T7496] fuse: Unknown parameter 'use00000000000000000000' [ 256.423328][ T7488] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 257.257947][ T5907] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 258.125020][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 258.527921][ T5907] usb 3-1: Using ep0 maxpacket: 8 [ 258.533103][ T5907] usb 3-1: unable to get BOS descriptor or descriptor too short [ 258.535074][ T5907] usb 3-1: config 7 has an invalid interface number: 58 but max is 0 [ 258.535098][ T5907] usb 3-1: config 7 has no interface number 0 [ 258.535140][ T5907] usb 3-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 0, changing to 7 [ 258.535166][ T5907] usb 3-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 258.535192][ T5907] usb 3-1: config 7 interface 58 has no altsetting 0 [ 258.538573][ T5907] usb 3-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f [ 258.538600][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.538619][ T5907] usb 3-1: Product: syz [ 258.538633][ T5907] usb 3-1: Manufacturer: syz [ 258.538647][ T5907] usb 3-1: SerialNumber: syz [ 258.811919][ T5907] usb 3-1: USB disconnect, device number 7 [ 259.983849][ T7518] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.498'. [ 265.165732][ T7540] netlink: 'syz.4.506': attribute type 83 has an invalid length. [ 265.432183][ T7548] fuse: Unknown parameter 'user_i00000000000000000000' [ 266.043173][ T7547] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 267.457112][ T7563] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.511'. [ 268.337845][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 271.313041][ T7598] fuse: Unknown parameter 'user_i00000000000000000000' [ 271.635507][ T7591] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 272.899513][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 273.227913][ T7615] IPv6: syztnl0: Disabled Multicast RS [ 274.042362][ T7619] netlink: 'syz.2.524': attribute type 83 has an invalid length. [ 275.274252][ T7632] netlink: 68 bytes leftover after parsing attributes in process `syz.1.528'. [ 276.437871][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 277.070395][ T7646] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 277.164224][ T7650] fuse: Unknown parameter 'user_i00000000000000000000' [ 278.089194][ T7654] netlink: 40 bytes leftover after parsing attributes in process `syz.1.535'. [ 278.480027][ T7658] IPv6: syztnl0: Disabled Multicast RS [ 278.888381][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 280.893498][ T7672] netlink: 'syz.4.541': attribute type 83 has an invalid length. [ 280.969653][ T7675] netlink: 68 bytes leftover after parsing attributes in process `syz.3.540'. [ 282.011590][ T7690] fuse: Unknown parameter 'user_id00000000000000000000' [ 286.453885][ T7736] fuse: Unknown parameter 'user_id00000000000000000000' [ 288.287890][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 289.977338][ T7758] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 291.852083][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 293.023688][ T7786] fuse: Unknown parameter 'user_id00000000000000000000' [ 294.268014][ T6096] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 295.009913][ T6096] usb 3-1: Using ep0 maxpacket: 16 [ 295.412158][ T7804] netlink: 'syz.4.577': attribute type 83 has an invalid length. [ 295.580636][ T6096] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 295.580666][ T6096] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.580686][ T6096] usb 3-1: Product: syz [ 295.580701][ T6096] usb 3-1: Manufacturer: syz [ 295.580715][ T6096] usb 3-1: SerialNumber: syz [ 295.594132][ T6096] usb 3-1: config 0 descriptor?? [ 296.264806][ T6096] speedtch 3-1:0.0: speedtch_bind: data interface not found! [ 296.264829][ T6096] speedtch 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 296.353268][ T6096] usb 3-1: USB disconnect, device number 8 [ 296.942233][ T7822] CIFS: VFS: UNC: path must begin with // or \\ [ 296.942267][ T7822] Malformed UNC in devname [ 296.942267][ T7822] [ 296.942301][ T7822] CIFS: VFS: Malformed UNC in devname [ 297.743406][ T7834] fuse: Bad value for 'fd' [ 297.845049][ T5907] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 298.661179][ T5907] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 298.661231][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 298.661271][ T5907] usb 5-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 298.661294][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.696866][ T5907] usb 5-1: config 0 descriptor?? [ 299.813909][ T5907] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 301.191621][ T7856] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 301.399094][ T6096] usb 5-1: USB disconnect, device number 8 [ 301.699073][ T7866] netlink: 'syz.4.593': attribute type 83 has an invalid length. [ 301.994963][ T7873] CIFS: VFS: UNC: path must begin with // or \\ [ 301.994997][ T7873] Malformed UNC in devname [ 301.994997][ T7873] [ 301.995031][ T7873] CIFS: VFS: Malformed UNC in devname [ 302.571772][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 302.709011][ T7876] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 302.793707][ T36] audit: type=1326 audit(1776769457.321:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7875 comm="syz.1.596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f865073c819 code=0x0 [ 303.082499][ T7884] fuse: Bad value for 'fd' [ 306.388031][ T5929] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 306.592657][ T7920] CIFS: VFS: UNC: path must begin with // or \\ [ 306.592692][ T7920] Malformed UNC in devname [ 306.592692][ T7920] [ 306.592725][ T7920] CIFS: VFS: Malformed UNC in devname [ 307.366016][ T7924] fuse: Bad value for 'fd' [ 307.439544][ T5929] usb 1-1: device descriptor read/all, error -71 [ 308.396311][ T7934] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 308.474612][ T36] audit: type=1326 audit(1776769463.001:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7930 comm="syz.4.610" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc61fac819 code=0x0 [ 309.065989][ T7943] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 310.808018][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 311.837990][ T5807] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 311.990146][ T5807] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 311.990192][ T5807] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 311.990214][ T5807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.012389][ T5807] usb 4-1: config 0 descriptor?? [ 312.063162][ T5807] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 313.044078][ T7989] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 313.074452][ T36] audit: type=1326 audit(1776769467.601:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7988 comm="syz.0.626" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7eff3c2dc819 code=0x0 [ 314.091818][ T7994] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 314.214253][ T6356] usb 4-1: USB disconnect, device number 5 [ 314.752420][ T8005] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 315.990062][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 316.393886][ T8029] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 316.414547][ T36] audit: type=1326 audit(1776769470.941:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8028 comm="syz.4.639" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbc61fac819 code=0x0 [ 316.478461][ T6096] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 316.629189][ T6096] usb 4-1: Using ep0 maxpacket: 16 [ 316.659621][ T6096] usb 4-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 316.659639][ T6096] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.659650][ T6096] usb 4-1: Product: syz [ 316.659657][ T6096] usb 4-1: Manufacturer: syz [ 316.659664][ T6096] usb 4-1: SerialNumber: syz [ 316.667372][ T6096] usb 4-1: config 0 descriptor?? [ 317.053232][ T6096] speedtch 4-1:0.0: speedtch_bind: data interface not found! [ 317.053248][ T6096] speedtch 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 317.065344][ T1333] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.131993][ T6096] usb 4-1: USB disconnect, device number 6 [ 318.200586][ T8044] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 318.297872][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 319.715011][ T5807] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 319.758227][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 320.761438][ T5807] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 320.761487][ T5807] usb 5-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 320.761509][ T5807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.822843][ T5807] usb 5-1: config 0 descriptor?? [ 320.835696][ T5807] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 322.310307][ T5824] usb 5-1: USB disconnect, device number 9 [ 322.848347][ T5807] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 323.541542][ T8084] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 323.696502][ T5807] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 323.696530][ T5807] usb 2-1: config 0 has no interface number 0 [ 323.696572][ T5807] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 323.696598][ T5807] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 323.696639][ T5807] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 323.696662][ T5807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.778666][ T5807] usb 2-1: config 0 descriptor?? [ 323.779507][ T8072] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 323.811923][ T5807] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 323.974014][ T8087] tipc: Failed to remove unknown binding: 66,1,1/0:1002901285/1002901287 [ 325.058381][ T5829] Bluetooth: hci0: command 0x0c1a tx timeout [ 325.334561][ T5824] usb 2-1: USB disconnect, device number 14 [ 330.300644][ T8133] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 331.079728][ T5907] ================================================================== [ 331.079742][ T5907] BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190 [ 331.079772][ T5907] Read of size 8 at addr ffffc900113f6008 by task kworker/1:5/5907 [ 331.079788][ T5907] [ 331.079812][ T5907] CPU: 1 UID: 0 PID: 5907 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 331.079839][ T5907] Tainted: [L]=SOFTLOCKUP [ 331.079845][ T5907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 331.079857][ T5907] Workqueue: usb_hub_wq hub_event [ 331.079885][ T5907] Call Trace: [ 331.079893][ T5907] [ 331.079900][ T5907] dump_stack_lvl+0xe8/0x150 [ 331.079930][ T5907] print_address_description+0x55/0x1e0 [ 331.079958][ T5907] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 331.079979][ T5907] print_report+0x58/0x70 [ 331.080004][ T5907] kasan_report+0x117/0x150 [ 331.080024][ T5907] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 331.080049][ T5907] __list_del_entry_valid_or_report+0xb5/0x190 [ 331.080072][ T5907] kcov_remote_start+0x2af/0x710 [ 331.080102][ T5907] hub_event+0x150/0x4f60 [ 331.080120][ T5907] ? trace_sched_exit_tp+0x3a/0x130 [ 331.080145][ T5907] ? __schedule+0x1697/0x54c0 [ 331.080162][ T5907] ? ktime_get+0x45/0x220 [ 331.080182][ T5907] ? look_up_lock_class+0x57/0x110 [ 331.080202][ T5907] ? lapic_next_event+0x11/0x20 [ 331.080223][ T5907] ? __lock_acquire+0x6b5/0x2cf0 [ 331.080250][ T5907] ? __pfx___schedule+0x10/0x10 [ 331.080268][ T5907] ? irqentry_exit+0x218/0x730 [ 331.080287][ T5907] ? trace_irq_disable+0x3b/0x140 [ 331.080307][ T5907] ? __pfx_hub_event+0x10/0x10 [ 331.080325][ T5907] ? process_scheduled_works+0xa70/0x1860 [ 331.080354][ T5907] ? preempt_schedule_thunk+0x16/0x30 [ 331.080378][ T5907] ? process_scheduled_works+0xa70/0x1860 [ 331.080404][ T5907] ? process_scheduled_works+0xa70/0x1860 [ 331.080432][ T5907] process_scheduled_works+0xb5d/0x1860 [ 331.080473][ T5907] ? __pfx_process_scheduled_works+0x10/0x10 [ 331.080503][ T5907] ? assign_work+0x3d5/0x5e0 [ 331.080531][ T5907] worker_thread+0xa53/0xfc0 [ 331.080560][ T5907] kthread+0x388/0x470 [ 331.080580][ T5907] ? __pfx_worker_thread+0x10/0x10 [ 331.080596][ T5907] ? __pfx_kthread+0x10/0x10 [ 331.080617][ T5907] ret_from_fork+0x514/0xb70 [ 331.080636][ T5907] ? __pfx_ret_from_fork+0x10/0x10 [ 331.080653][ T5907] ? __switch_to+0xc79/0x1410 [ 331.080678][ T5907] ? __pfx_kthread+0x10/0x10 [ 331.080706][ T5907] ret_from_fork_asm+0x1a/0x30 [ 331.080732][ T5907] [ 331.080739][ T5907] [ 331.080743][ T5907] The buggy address belongs to a vmalloc virtual mapping [ 331.080758][ T5907] Memory state around the buggy address: [ 331.080768][ T5907] ffffc900113f5f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 331.080784][ T5907] ffffc900113f5f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 331.080796][ T5907] >ffffc900113f6000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 331.080805][ T5907] ^ [ 331.080814][ T5907] ffffc900113f6080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 331.080826][ T5907] ffffc900113f6100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 331.080835][ T5907] ================================================================== [ 331.080846][ T5907] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 331.080861][ T5907] CPU: 1 UID: 0 PID: 5907 Comm: kworker/1:5 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 331.080885][ T5907] Tainted: [L]=SOFTLOCKUP [ 331.080892][ T5907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 331.080903][ T5907] Workqueue: usb_hub_wq hub_event [ 331.080924][ T5907] Call Trace: [ 331.080930][ T5907] [ 331.080937][ T5907] vpanic+0x56c/0xa60 [ 331.080957][ T5907] ? __pfx_vpanic+0x10/0x10 [ 331.080980][ T5907] panic+0xc5/0xd0 [ 331.080996][ T5907] ? __pfx_panic+0x10/0x10 [ 331.081015][ T5907] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 331.081037][ T5907] ? rcu_is_watching+0x15/0xb0 [ 331.081064][ T5907] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 331.081085][ T5907] check_panic_on_warn+0x89/0xb0 [ 331.081108][ T5907] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 331.081130][ T5907] end_report+0x73/0x170 [ 331.081147][ T5907] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 331.081168][ T5907] kasan_report+0x128/0x150 [ 331.081186][ T5907] ? __list_del_entry_valid_or_report+0xb5/0x190 [ 331.081212][ T5907] __list_del_entry_valid_or_report+0xb5/0x190 [ 331.081235][ T5907] kcov_remote_start+0x2af/0x710 [ 331.081263][ T5907] hub_event+0x150/0x4f60 [ 331.081281][ T5907] ? trace_sched_exit_tp+0x3a/0x130 [ 331.081305][ T5907] ? __schedule+0x1697/0x54c0 [ 331.081321][ T5907] ? ktime_get+0x45/0x220 [ 331.081341][ T5907] ? look_up_lock_class+0x57/0x110 [ 331.081361][ T5907] ? lapic_next_event+0x11/0x20 [ 331.081381][ T5907] ? __lock_acquire+0x6b5/0x2cf0 [ 331.081408][ T5907] ? __pfx___schedule+0x10/0x10 [ 331.081426][ T5907] ? irqentry_exit+0x218/0x730 [ 331.081444][ T5907] ? trace_irq_disable+0x3b/0x140 [ 331.081464][ T5907] ? __pfx_hub_event+0x10/0x10 [ 331.081482][ T5907] ? process_scheduled_works+0xa70/0x1860 [ 331.081511][ T5907] ? preempt_schedule_thunk+0x16/0x30 [ 331.081534][ T5907] ? process_scheduled_works+0xa70/0x1860 [ 331.081560][ T5907] ? process_scheduled_works+0xa70/0x1860 [ 331.081588][ T5907] process_scheduled_works+0xb5d/0x1860 [ 331.081628][ T5907] ? __pfx_process_scheduled_works+0x10/0x10 [ 331.081658][ T5907] ? assign_work+0x3d5/0x5e0 [ 331.081692][ T5907] worker_thread+0xa53/0xfc0 [ 331.081721][ T5907] kthread+0x388/0x470 [ 331.081742][ T5907] ? __pfx_worker_thread+0x10/0x10 [ 331.081757][ T5907] ? __pfx_kthread+0x10/0x10 [ 331.081779][ T5907] ret_from_fork+0x514/0xb70 [ 331.081797][ T5907] ? __pfx_ret_from_fork+0x10/0x10 [ 331.081814][ T5907] ? __switch_to+0xc79/0x1410 [ 331.081839][ T5907] ? __pfx_kthread+0x10/0x10 [ 331.081860][ T5907] ret_from_fork_asm+0x1a/0x30 [ 331.081886][ T5907] [ 331.082556][ T5907] Kernel Offset: disabled