last executing test programs: 2m52.715199677s ago: executing program 1 (id=287): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000800018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_connect(0x2, 0x59, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0502030109024700010000000009046900000e010000182403010202"], 0x0) 2m51.10592451s ago: executing program 1 (id=309): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000140)=0x1) write$snddsp(r2, &(0x7f0000000200)="a3", 0x1) 2m50.877205378s ago: executing program 1 (id=312): r0 = socket$inet_sctp(0x2, 0x5, 0x84) close(r0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000008c0)='F', 0x1}, {0x0}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x28, 0x200000b, r2}}], 0x20, 0x2400e044}, 0x0) 2m50.516423447s ago: executing program 1 (id=317): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x12b) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', r0, &(0x7f0000000380)='./file0/../file0\x00', 0x0) 2m50.211849563s ago: executing program 1 (id=320): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x1, r1, 0x0, 0xfffffffffffffff7, 0x6}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000002c0)={0x48, 0x1, r1, 0x0, 0x0, 0x2}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000080)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) close_range(r0, r0, 0x0) 2m49.56232855s ago: executing program 1 (id=324): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000008c0)={0x2c, &(0x7f0000000680)={0x20, 0xf}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 2m48.863146292s ago: executing program 32 (id=324): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000008c0)={0x2c, &(0x7f0000000680)={0x20, 0xf}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 2m32.876591139s ago: executing program 5 (id=481): r0 = socket(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4) sendto$inet(r0, 0x0, 0x0, 0x48800, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f00000023c0)="8ce2ad4d4f95e087a7846d3f81", 0x14, 0x0, &(0x7f0000002400)={0x2, 0x0, @multicast2}, 0x10) syz_extract_tcp_res(&(0x7f0000000380), 0x8, 0x4) 2m32.726752936s ago: executing program 5 (id=482): bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x6c4, &(0x7f0000000080)={0x0, 0x4075, 0x18, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x0, 0x1}, 0x20) 2m32.540487684s ago: executing program 5 (id=485): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='9p_protocol_dump\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000080000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000340), &(0x7f0000000440)}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) 2m32.196480961s ago: executing program 5 (id=488): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x20000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x18d811, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 2m32.038821064s ago: executing program 5 (id=491): r0 = socket$inet6(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) syz_emit_ethernet(0x4e, &(0x7f0000000780)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00 \x00', 0x18, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local, {[], @mld={0x187, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0) 2m31.341945301s ago: executing program 5 (id=500): r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x60b, 0x0) write$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) 2m30.941225831s ago: executing program 33 (id=500): r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r1, 0x60b, 0x0) write$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) 1m50.095030519s ago: executing program 3 (id=837): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a3000000000090002"], 0x54}}, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a"], 0xfdef) 1m48.905655669s ago: executing program 3 (id=842): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff050000", @ANYRES32], 0x48) r0 = socket(0x200000000000011, 0x2, 0x1) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xd50, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1m48.118882708s ago: executing program 3 (id=847): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000b00)=0x6) io_setup(0x7, &(0x7f0000000280)=0x0) io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) r2 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r2, 0xc0044dff, &(0x7f0000000100)=0x9) 1m47.860480365s ago: executing program 3 (id=849): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1b73404, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) move_mount(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0/../file0/../file0/../file0\x00', 0x14) 1m47.683190172s ago: executing program 3 (id=851): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f03fe7f03", 0x5, 0x0, 0x0, 0x0) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001540)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)=@newtaction={0x68, 0x30, 0x301, 0x0, 0x20000, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x1, r3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8040}, 0x0) 1m46.860098939s ago: executing program 3 (id=858): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x4801) recvmmsg(r1, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/48, 0x30}], 0x1}, 0x18}], 0x1, 0x101, 0x0) 1m46.288424623s ago: executing program 34 (id=858): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x4801) recvmmsg(r1, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/48, 0x30}], 0x1}, 0x18}], 0x1, 0x101, 0x0) 1m14.64372781s ago: executing program 4 (id=502): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000) shutdown(r0, 0x2) 1m2.38730051s ago: executing program 4 (id=502): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000) shutdown(r0, 0x2) 46.528648624s ago: executing program 4 (id=502): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000) shutdown(r0, 0x2) 34.578299488s ago: executing program 4 (id=502): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000) shutdown(r0, 0x2) 20.510057044s ago: executing program 4 (id=502): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000) shutdown(r0, 0x2) 10.673150364s ago: executing program 4 (id=502): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000100)="12", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000240)=' ', 0x1}], 0x1}}], 0x2, 0x4008000) shutdown(r0, 0x2) 2.632519848s ago: executing program 7 (id=1686): r0 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r0) 2.609050583s ago: executing program 7 (id=1688): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="2503000003000000000008"], 0x14}}, 0x0) 2.478086602s ago: executing program 7 (id=1690): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$packet(0x11, 0xa, 0x300) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0x2f9, 0xffffca88, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632f77fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28) 2.385123177s ago: executing program 6 (id=1691): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$kcm(r1, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0) 2.151189369s ago: executing program 7 (id=1694): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x0, &(0x7f0000000140)=0x4, 0x0, 0x4) syz_io_uring_submit(r0, 0x0, 0x0) 1.998015177s ago: executing program 0 (id=1696): r0 = creat(&(0x7f0000000100)='./file0\x00', 0x3) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x2000000000000088}}, 0x40) 1.839245083s ago: executing program 2 (id=1697): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x4, 0xefffffff, 0x0, [{0x2, 0x8, 0x9, '\x00', 0x3}, {0x3, 0xd, 0xfc, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0x1}, {0x11, 0xb, 0x1, '\x00', 0xea}, {0x0, 0x0, 0xfc}, {0x0, 0x0, 0x4, '\x00', 0x2}, {0x1f, 0x1, 0xfd}, {0xfd, 0x0, 0x0, '\x00', 0x2}, {0x0, 0xf, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x1, '\x00', 0x11}, {0xb, 0x9}, {0x1, 0xd, 0x4, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x1}, {0x2, 0x0, 0x6}, {0xc2, 0x0, 0x0, '\x00', 0x49}, {0x1, 0x2, 0x80}, {0xf7, 0x0, 0x0, '\x00', 0x81}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x7, 0x4, 0xd, '\x00', 0xfd}, {0x8, 0xc0, 0x2}, {0x0, 0x12, 0x3, '\x00', 0x35}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x12, 0x2, 0x9}, {0x80, 0xff, 0x3, '\x00', 0xb}]}}) 1.825959552s ago: executing program 0 (id=1698): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c0c5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x9, &(0x7f0000000040)=r3, 0x4) 1.694853083s ago: executing program 0 (id=1699): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xd4bb, 0x0, 0xfffffffd}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x80800}) listen(r0, 0x5) io_uring_enter(r1, 0x3517, 0xc2de, 0x9, 0x0, 0x0) 1.674501899s ago: executing program 2 (id=1700): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000400)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x34325241, 0x3, [0x2, 0x0, 0x0, r4], [0x80ffff], [], [0x400000000000000]}) 1.526917999s ago: executing program 2 (id=1701): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) syz_clone(0x80001000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.413445449s ago: executing program 6 (id=1702): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d8500"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000180)={0x0, 0x0, 0xfffffffd}) ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x0) 1.312578628s ago: executing program 0 (id=1703): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x26) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e20, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x5853, 0x0, 0x24}, {0x0, 0x4}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x3}, {{@in=@empty, 0x800, 0x33}, 0xa, @in=@empty, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x0) 1.296038746s ago: executing program 2 (id=1704): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000740)={0x36, 0x0, 0x7462, 0x760, 0x4, "1012a2c2e0d997451f6388080d00"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x9) 1.168195706s ago: executing program 7 (id=1705): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000100)={'veth0_to_team\x00', 0x400}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000440)={'veth1\x00', 0x600}) 1.063316283s ago: executing program 2 (id=1706): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 908.62562ms ago: executing program 6 (id=1707): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)=ANY=[]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 782.097248ms ago: executing program 7 (id=1708): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000028c0)=""/4096, 0x1000}], 0x1}, 0xf}], 0x1, 0x2101, 0x0) 780.980949ms ago: executing program 0 (id=1709): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0xca000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde9809c8814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3130180613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000c80)={"c45579385ba1b56e9e1a24f4f4ac822a55d3ee36e77270296e00ad471afdb6ade75ed1f2c844497502a2f18dc9f12d3335934bdb3f5a1b4707aff545367b8d6d426c0e0769da623d3b9af0b281e3ccddfae3a09c33da0db7f164339701a21ff849d3b51e5ac8afd3ba9428461de7fc5ba7712df1f1f12cb6ccb367e735c8b376163ab9b4ebb0ac9d58452118bfdb1e81928eefb150e1e5b996c1f34eda710526938a6c6c8ef44966d61b3520fa9f3d2b8bbcdab3cbb57456090415447260600c17ec12bd62dc8042992118ef72e94b6c5462ce871b79388223461332ba51346a2c1bbf779ac4b97d2b266d47306c0e058cefabfd48e6382461e1b92d7494a4f02bcbc7469885ebd1578ee4ce9b6ee3b47bf418ecc12ffd16237b12ab028b035f9627468b5cbb4aaa72242e3f6a9bd29dd62d723115eefe1b0a506acf89e18b314214270aba0a5592be196f85560b898062a29147978f1c6a15952db5caed9ae420deb92419e3e6ec0048ddf997648e9324bcdc54d4a1eb3113904477e22d3a9fe1bab6ae808e6cf9d535aeba56916040597a55e1a8d001095047a8e993974802a21abfae61af8cf81cc04e814af5425db758a998baed90436ab5d0c9a7f8f4cb8cf56d6b831aeead1d42170cb53816d4e9789f0d96635cbcbf4143556936fede2a53f09bec9cc28afe8777d40dec2ad860236d4f84cdb32645c2fdd4f448189f1617e89d5523d042149a7931f1efe58780b9a46829e0d4020480800b2f8cebe5898e2d2b6f2b17eebbbf629a2f51555b2fb14a54d03f234789a5147593963cb8747f5b6e5e98972425296a7a26bfda2f3612c1893ff29bcc3197e4c25718584ed6dcdaede94cfdba853a8922614c17efb80e15a0978a0c54edad8ff7f64d1176f1f6afa4991d17eed3051d0d680f606f322c96f6099bd573a9cb7be436e3ffa2ac6782bebc0a0d3da441fa29cd5f7543e642b7f2886f677d5d4f574f236aee8c306d7603616ac04ad893fbeeb1a4539b3cbae75e5dafd0bb6084294dd469af2d0ea22c8bbe4200b502e059033187b7916d1905417dd156594bf2d652461213be62cd90fb43cd3389427be2f7743174a45bf1cbb352c97ada4629deec9251fbfc7393760745a9236d231d6ff2f57bf93f47571549a5a7ad3a35cff11ceb63bc8176ee29e41889bc4e6df6ed44e1a29bc9a7207da35496bcf806df57de0fcab006fafe59590e2bc4f35b15657f303bcdd343eec89b1ce663203697e58cad65abad17fe9a715ce1357e791becfa93c9eae8a36427c4929839213f3dd4a7eff441a384593750005f2e948c1951d1f0c06362443eaf194dd87523d2d1f7c417674495219f67d1d56e5b67c63a48eeb3b2fd13480cc14aa54d9bd3db1c0add1cec433556f36967ecc9a9a6f10e3f80de35a908a76384d55bbf4c50fcaacaed9a798a5a"}) 565.723224ms ago: executing program 6 (id=1710): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x1a, 0x5, 0x8}) 467.185278ms ago: executing program 0 (id=1711): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000900)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000680)={r2, r1}) 344.465679ms ago: executing program 2 (id=1712): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r1) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000300)="a4eac90f8e3ae7580e2e693731ef6b447fc2057d9a84e60d40c79e10218d131f865d68b23cd7c3f2b681e2205f67f140252abcc3b8015e176881d81a9e61b6a2c92a9d8e1f51861b64e7b61bf9a131e197f5a6c6d4d887d86c79836e81c69e211d2bf4c595b01c94de464ff9aa72b6058fe774c81142bbce9bd0d83f6239362c3347e3daadb292cf3fee4766a2d43cf006", 0x91}, {&(0x7f0000000000)="affb906cc9f1e15049b0f4eaa9a7499ae5b06d6c1ce700c2d8aa13a12b02583893572f6114a9b95f2d3cfd60f144d54ec2824a54edc37044866f725186c20582c41139f126007b3c807ce9b5488bcdc0ff87a1e93c5b980519248201a1e8c6ee4724626329e20952554f8d5f8118a6557a68446c8b7729edf103e52f7212e766f0eab95c3b5de69a51be69dacd41ad4e8857a44046", 0x95}, {&(0x7f00000023c0)="d88ebe2e7e94eeefe407d750b55262853c897db1d87ecd918552141f5c99fa1fbf7894ccf84f1995e4a16597dc7196827a2c258d1b4290f866c973b5270e650d6874a72ddd1b494f982f56dd26a40908d9756c15efba5a5521ae720482c2256dd62885dfd4bcdad446245d6787655d325545853065c8f4c8d6d567b02c8b64cf80a741c1801271a58b25c47960f4ee096af6bc0f332591230a81264078e00fe2f69e97731509a176ab8f1ad4592150ad62bc9fa629da56a217e79fb7b82f72b238daaccb377397612012e1f25b9d6e62d239729efe3e87904e3309d4be248692460fceddd04e1fbfd90ecdbd34e06883fde755a364d100f3bdd7e3471f831e5c430271eedc20b999abbc790e421b21c3dcf1c1821a2610e0bdb8cc49574c9c8f284212a9fd8cd0b0274aba13beed48fa8625b8ee4303ef039f3f678a60db5acf1fc029dd0a321ca853197d2b05263d77958faec605aea144d9d2384e3ebc7f03ddbde434e25fef8360fc18ffc11367f96a5bcd62f51f796ef245cca0df781b86cf85f1fdb20f60009ee97f9654764bfad3996fb5346eb7886d9539d79f7b5c2ca756ab4722bdef9c902301897b2fbdfa75d8d7e227c3d968d04244fecf975a20c397d1f5f17d6f069da75368a99a7fbc622cc55572810d7d118d7efdda5c5f460ce6db9da156761be87d941e7d7883b4ce446fbf22a59ce2412362bb80a524eff27039db666953c505f6c909489abf9ed82db7ba7aaae0b8214da5b66adb213be75ef3626be11557041f1bf62c619ff1deb5a293c1a3e14b196bb6458ae8da39fe6b542b012a69dfee599ba2e84675ab8d889af71fb781a500f75ac44bf88c160554be2d5af49e864cb023eda1a042bb8d5a6ebdb2b0f074d5751b7498bb322672fe28c5b10eb45e0f58dda91276fa96b2f4120d3f4207c7ca129fa6a5b984b36f7bc74dd17dbe4fb8c3725f7ca98336a1146b9b017d12104a0227844ba19d9423fab7ab9e01981f8c2ea9cc632ccaaf6649c836bee54546dc055880f30d69ff63a4ed4567e32699a2d607dff2c866ca3dc8f50fc33379809c0fbd0dfe8d5b795265b785c8c41c47715cf7bcdcd15287ac911662b5bd0b6aaca4ae8238ba4df87984f8ef2d110b01cb023f0153d93df37559fdf1a1f271638b0ef4da1ab2f3e601ad9372e2e062bb59e728eb26f36bd821530fb9fc011e27b7d1a1ba2506a2b9adff777617d9512d617a069ddf6cbb6807c7d7d8546bd45b3e18fa7a3a3d306afe9f036b49826117be9088da61e1b5b84b2aed6cc8a112549d77e33d846d451956dcd21d405cea5be1473ea4cde2311a431d41cdfc73c29722f011b01cfbac60f386484efaf100720c6202e997b29b08f0f05cacca186f8a6558cf89447eb3993558467a451fe6e42f5c9cacf63f083d99d25921b41f6c932edbaea65a4ef50e20e81018ccb3cf09a49d98393cbc88d0512948df49a22ced8ab65ac75337f2161f7d8708df25c3a912ff0d571cb776af243ed96a703b8e1d8e49ff195eb31f49da51f79e47170e5ae1202c71539d66c12a706db5187fc3a4dfbca3a9904be25d485a2f75224fc6231d80dae955e5a57be765b9f121f891727a0630717801a8a3c7fa2a42ba69c3d87b5a0f26dcd92f0f20a033c40e2bcd7b8375d612c23c1bb324a056ef96328000ae3919cb84fa18d3a2f0d3f2d5c101eb523b0c899c59f9366f014b9cc29af90e4845deb2515eb739ba6143fbffea65d5e728d79aa4c9d90d0718b60ebb7f767fe24202e2003e14668e476585bd4de7b0f7cf0341667af277b961202b9f736f2457a13b2a50dd8497228c831295dfc3190ccc21e4dbda51abcb09d4e6e1e1c1b81c3482bef31de7595fe7b345ed256b9fae6a7f016586b7da541284414e97d531f39628f2e2c47e5c12d060bbd1c198aa699f2d2bfeaf17b827e2f6357935c73501d6787f7ae3d38fef5fbce5322eba73c7cb0313a3a2dd1effdf54e7032cf95d74b908844ab5f51efdc4eccb352bcd4ee76f3529d9cfbf30bdb31315a571e62762ab60fd052d153c07335952f0b55938d24ff33fd227b4c6d21a67eacb26ee626559d9ecf658c200fe46da9f0796f5372742c018f082c9b6d9becd8c7e610224667002397b5a812538f4857eafced314f6c580874f45586b426165a5e2a8a9c8f83573d02497943595fb2f1c9e610a921568525726fc3d781d6bdb7d039552d07c0eb5b99776e2419c27b59fff516c2711ecbec63da7b71cb1a562f965d30a9bfb4b1776406dc351adad343861bb2b030da13c8340d7d39e4522e82d6ea0cb3c4802d96ae7868069e26fc23fd8a52251eb5b9eccb76df9f20c76679c0af6d7cc72d4231fcb1a52025cd94ac523924987a774d266386affcf6ff56234e24386af6e13e088c63f90eaa12a692b946815c5e40555f049e88b5e9636a97ba2b7d877b9ad38492577a29b2c8c0b88e25d98696995ca51ed9efc89fb28899408ca6f709236699cf22092e9570c82dcb74cdc85993d83c475960ea6c58ee31bb130ce814d109104816818fa5c15543a67e493fb0404be102a1dce0336e097f1b6976f53d7f31ba4b5dd36f8da6167da68696b3af953a95a827084e95a5236711e75d04e6913cebe04520d4564172b1f474c84016afe8c7df032e57db2cdd8d3abd1df82a548cc8c60c56ef62bc8347d0c32bad80869e6b54438324b72b656a3219a5e3f866d1a92e99ec659dac0bc55c276958637f2d588a582f4a614e11b995df8c33d1ed066b52bb6c7119fcfb034f57beef04f9b3edf38def8b8cc9860e2605b9d169c5d85d0d41c777abd531bdba95c2a9f43bcc0dceb0295a27b81730eb5dbba0d22711a1407e2bdf94de7f3bfc0d51956dfc75f426bb2514f9d6a22284d9e733f31f93a89f28bd315d91fe1d4d00a68a1d14150632c362eeb14c4001f605647f854ddf0b469ed1ecc4a117f9f88abcf9796980c0c267e9410b6a7eee53c6a8dd2aafb8c25b40496bcdedfd1e53ff289c614e99b1e045dbd50a7c9bd0ec7f0147c36decfb01585677a78e2e97635b663f4ebf79ff2899e3e8c62064638135f0336e7be227d2b2679cf73285655f48dc16f2b44335739a1ba77ff3cba2129cc1291d14e6915f669d4a15449197c5489fcd0df5a53a78cfe550c3487fd1ed5c1b736f228062666b847da278fd7388883ad89723a293c3dcd0f84f125f026d181299d7466db8cf63e05f27bc64696a0ff636181f5d7527e06b12cefb01bd60346848869c0502682fc9cf27a0695b7916364584486ea83717de96a4c829b838ca982214e098a75dacfd25a78204de37df8c0b08e1f2fdd5366761af4d3a6886af81c61cdff34ff2db968eb1d3983a63118ef270f2dc002bcc3aa5c4bc2fa82160e74d7d7a5ee1c861d581965fb0324f25aec1981f5effacde3889e5b10d39f0ea5093ae8079b54cfc09618edc9e1afa17f99fc8a9118a5eeaf0fd322a99a74cbc5db2a83fa0338a947e61e8e2a5b026dadce7d905dcc5947dbe6866f2d1dc54d340ca118abe7b36dfaf480d5690509518f9ac0a0d8dd4a5e9903ba917d32f8d2e7c334f68ccc13da0327e944ae7ab39d6707609049ee810febe51ad3975fa48f643c8131e8aa0309461850fc9fe41151f137d323a8a088047ab4698adae9f6132f7a00b5ca56be9fe9f8a7be675e45dfb748c5de0ee5767870714ddbec2f02bf3805e221a83336bf1060c401e893665e844efb292c42a0b17e0905553f62d144a557202149b6b28e8fd8837b2c97cb8d7faf451827091b53b5096cde661b637b395241f671a959e7ecb0d3afdbb05b4bdd3ca0d2f514c2d364d14dbfdbae1d192f5144f717b6cda9846ceeb3f38fd966558cf0141e18079567978ee74b3823f28229045c600de1dfaf565f6858a3527cb029f899b79d7151ab8757861ca1196954c6817fc2550970d86877e2e7d227859357ef782ae406b4957a2626fecfa380b0f9d8aff95fe5ebe38d3963ed14b42e8b341bdc848f37015e524cd8f9bebad3082729fc2ace06414c55dcf86213727ac0b8ec3bdf07938caf6eeaccae8e2fc60955bd2bb99bdcb47d63ed142283d002239a87d8f9fbb23d713d4f751dbe96ade30cb8bc7a52c49d4d71830cebf7f334a9fd9ca70ccc283077fa240616af237510a0fd4ea29ce4ea250f818d2b49985c3be9e060264ffdbf5e06a5a756631a54673f099f07f4417c3b4fee864382df3509566072b71a739053e0b7b0ae76a5e8db2c6395023b9e24ed80fd89eb702a7ddf9caaf94b5adbc5674db1703cf8b2f886eb11ff350c6d32e7c3742067cb439802505012986843b980ac8a207c5c9dec61bedbe97c628d4d9bb3095081003d504e2d8a367c53a6c0d269fc6680b362e83a2c4dc6c438fd32f6de28b6dd030f496dc9c701da742ca04506e6592a5be5593df4ae7908f2e297b498b29846612b97cd69e5061a3baac79997378474c712343fa5cb6f82fd04f856c13aee5a2f0f88e4b730605c03573f52b7fc5df5e20a22aea9b266fdcb6c12281fb88c645b8fdbbdd57e0c341814545c73eb6dbc2d08d1611e0b89945c0f0e1f22078d3abcc29fa2626936e2a8a5c08541a52ee814c7848c2977a9286aa80369d75be3477904249720448a9f1e8e532d5a5f63a54eec64d021921ca3a442c7753bfd8d2098438f3526be0614f8dfd103358350ce84e472e9474868c96511c8256e5f7eaf56c3f27851d3f90283f8f4e4299b5589a4f3c07a528aea445e32561731d2550ad32f121132c504643689a8b94d654457f66c6410ef488a57e4e50508bce9ce2c52e179b02c6dd95d0ea77712dabfb168e9e2dc91a619de65ff268d55d3fa259828f59d695b8150ffb9fe634ba29933ad140318af0db35a2e6344a3952eaf5e70685ccbdb9be5926d91571b8012eb661a942298307a0138a810cd92b849870ef18d302b6be9f60585479a804c6e97254bd16aa5ab5b1fe388a745f331084d9125dc49708129d08376519a20fd8ede72936bef14c5956ee6268308b463afe88aad3daa284eb181b96ba164a0ce1ae253f13becaacf3ec6c6fb56741b21f1bbc7d2aebaedc849b900823df665a8dc1f0df5543e9e1fdbe7d635a0a8e675e2b386c5b422d35c254cd6451f239aa3c9a10f4dbccbb6fe2332fb11d168716b2d6ecc0f9a8f6fb56102e0f29b9d66b293dc662bca3e42388b15e93beb5b422b1b2b40b2a53a30091bdc95320cc0f8f7513a7bd8fb1130cab6214689fcebf54273587737bd5e71e1770f8ece5b0389aa7c88dab956c19abf8a14ed844f", 0xeab}], 0x3) 190.013917ms ago: executing program 6 (id=1713): r0 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x1, 0x56, 0x3}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r0, &(0x7f0000000880)=""/202, 0x8f, 0x200000000004, 0x0) 0s ago: executing program 6 (id=1714): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) sendto$inet6(r0, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000340)="2f6c62fdf406a1a0175bd356c35c10e4d1be87033978d275293527325d1cd47e250c", 0x22}], 0x1}, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f00000000c0), 0x4) kernel console output (not intermixed with test programs): network, BSSID 50:50:50:50:50:50 [ 180.984097][ T5889] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 181.023712][ T7996] netlink: 12 bytes leftover after parsing attributes in process `syz.6.734'. [ 181.033609][ T7995] netlink: 8 bytes leftover after parsing attributes in process `syz.3.733'. [ 181.091212][ T7995] netlink: 4 bytes leftover after parsing attributes in process `syz.3.733'. [ 181.121444][ T7998] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 181.155377][ T5889] usb 1-1: Using ep0 maxpacket: 32 [ 181.178378][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.199952][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.226514][ T5889] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 181.251466][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.272985][ T5889] usb 1-1: config 0 descriptor?? [ 181.281889][ T8000] loop6: detected capacity change from 0 to 524287999 [ 181.292978][ T5889] hub 1-1:0.0: USB hub found [ 181.504549][ T5889] hub 1-1:0.0: 1 port detected [ 181.742141][ T8005] netlink: 116 bytes leftover after parsing attributes in process `syz.2.738'. [ 181.776041][ T8007] netlink: 9 bytes leftover after parsing attributes in process `syz.6.739'. [ 181.843373][ T1002] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.917872][ T8009] netlink: 5 bytes leftover after parsing attributes in process `syz.6.739'. [ 181.976007][ T8007] gretap0: entered promiscuous mode [ 182.020890][ T8009] 0{X: renamed from gretap0 [ 182.068377][ T8009] 0{X: left promiscuous mode [ 182.092184][ T8009] 0{X: entered allmulticast mode [ 182.111335][ T8009] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 182.119368][ T5824] hub 1-1:0.0: activate --> -90 [ 182.223570][ T1002] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.548889][ T5824] usb 1-1-port1: config error [ 182.553964][ T1002] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.554465][ T24] usb 1-1: USB disconnect, device number 10 [ 182.599422][ T8024] vcan0: tx drop: invalid da for name 0x00000000000000c8 [ 182.739661][ T1002] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.002929][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 183.014212][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 183.022907][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 183.032485][ T1002] bridge_slave_1: left allmulticast mode [ 183.039184][ T1002] bridge_slave_1: left promiscuous mode [ 183.045916][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 183.053750][ T1002] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.075720][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 183.110038][ T1002] bridge_slave_0: left allmulticast mode [ 183.117600][ T1002] bridge_slave_0: left promiscuous mode [ 183.123465][ T1002] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.650780][ T8055] netlink: 12 bytes leftover after parsing attributes in process `syz.6.758'. [ 183.682367][ T1002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.695439][ T1002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.707964][ T1002] bond0 (unregistering): Released all slaves [ 183.849171][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807be3f400: rx timeout, send abort [ 184.104537][ T1002] hsr_slave_0: left promiscuous mode [ 184.113401][ T1002] hsr_slave_1: left promiscuous mode [ 184.129330][ T1002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.142601][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.152622][ T1002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.190520][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.261992][ T1002] veth1_macvtap: left promiscuous mode [ 184.274603][ T1002] veth0_macvtap: left promiscuous mode [ 184.294010][ T1002] veth1_vlan: left promiscuous mode [ 184.316424][ T1002] veth0_vlan: left promiscuous mode [ 184.358666][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807be3f400: abort rx timeout. Force session deactivation [ 184.837373][ T121] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 185.025346][ T121] usb 4-1: Using ep0 maxpacket: 32 [ 185.042261][ T121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11 [ 185.067098][ T121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024 [ 185.088498][ T121] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 185.098252][ T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.145410][ T5820] Bluetooth: hci3: command tx timeout [ 185.158399][ T121] usb 4-1: config 0 descriptor?? [ 185.166974][ T8072] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 185.180497][ T121] hub 4-1:0.0: USB hub found [ 185.304856][ T8084] 9pnet: p9_errstr2errno: server reported unknown error @pA;KZ44/@qkp [ 185.304856][ T8084] C<+P5"kx [ 185.386671][ T121] hub 4-1:0.0: 1 port detected [ 185.602276][ T1002] team0 (unregistering): Port device team_slave_1 removed [ 185.840061][ T1002] team0 (unregistering): Port device team_slave_0 removed [ 186.255720][ T121] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 186.643156][ T8100] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.777'. [ 187.075878][ T9] usb 4-1: USB disconnect, device number 10 [ 187.205473][ T5820] Bluetooth: hci3: command tx timeout [ 187.262028][ T8037] chnl_net:caif_netlink_parms(): no params data found [ 187.300998][ T30] audit: type=1326 audit(1751461938.878:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 187.404604][ T30] audit: type=1326 audit(1751461938.878:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 187.435550][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 187.443931][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 187.456192][ T30] audit: type=1326 audit(1751461938.878:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 187.477661][ T30] audit: type=1326 audit(1751461938.878:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 187.499510][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 187.509814][ T30] audit: type=1326 audit(1751461938.878:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 187.615919][ T30] audit: type=1326 audit(1751461938.888:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 187.693083][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 187.836053][ T8127] 9pnet: p9_errstr2errno: server reported unknown error @L O! [ 187.968591][ T30] audit: type=1326 audit(1751461938.888:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 188.003135][ T30] audit: type=1326 audit(1751461938.888:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 188.025466][ T30] audit: type=1326 audit(1751461938.888:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 188.054545][ T30] audit: type=1326 audit(1751461938.888:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8118 comm="syz.0.784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 188.195071][ T8037] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.221486][ T8037] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.228866][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 188.279598][ T8037] bridge_slave_0: entered allmulticast mode [ 188.301509][ T8037] bridge_slave_0: entered promiscuous mode [ 188.312992][ T8037] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.341496][ T8037] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.373577][ T8141] Bluetooth: hci0: too big key_count value 32767 [ 188.381187][ T8037] bridge_slave_1: entered allmulticast mode [ 188.392422][ T8037] bridge_slave_1: entered promiscuous mode [ 188.520113][ T8037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.552526][ T8037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.692447][ T8037] team0: Port device team_slave_0 added [ 188.698699][ T5889] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 188.706442][ T8037] team0: Port device team_slave_1 added [ 188.758412][ T8037] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.765859][ T8037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 188.795829][ T8037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.816179][ T8037] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.824451][ T8037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 188.853408][ T8037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.893215][ T5889] usb 1-1: Using ep0 maxpacket: 8 [ 188.905650][ T121] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 188.917074][ T5889] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 188.935197][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.943610][ T5889] usb 1-1: Product: syz [ 188.948792][ T5889] usb 1-1: Manufacturer: syz [ 188.957925][ T5889] usb 1-1: SerialNumber: syz [ 188.971370][ T5889] usb 1-1: config 0 descriptor?? [ 188.978256][ T8037] hsr_slave_0: entered promiscuous mode [ 188.985064][ T8037] hsr_slave_1: entered promiscuous mode [ 188.994643][ T5889] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 189.067585][ T121] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 189.114312][ T121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 189.139599][ T121] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 189.156153][ T121] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 189.173281][ T121] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 189.183487][ T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.200667][ T121] usb 4-1: config 0 descriptor?? [ 189.285405][ T5820] Bluetooth: hci3: command tx timeout [ 189.634212][ T121] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 189.656616][ T121] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 189.685277][ T8037] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 189.702466][ T8037] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 189.714126][ T8037] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 189.726184][ T8037] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 189.897816][ T8037] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.923305][ T43] usb 4-1: USB disconnect, device number 11 [ 189.949667][ T8037] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.981652][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.988967][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.008213][ T1002] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.015477][ T1002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.224505][ T5889] gspca_sonixj: reg_w1 err -71 [ 190.286439][ T5889] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 190.312046][ T5889] usb 1-1: USB disconnect, device number 11 [ 190.552162][ T8037] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.944366][ T8211] input: syz0 as /devices/virtual/input/input10 [ 191.148454][ T8037] veth0_vlan: entered promiscuous mode [ 191.197038][ T8037] veth1_vlan: entered promiscuous mode [ 191.303115][ T8037] veth0_macvtap: entered promiscuous mode [ 191.337032][ T8037] veth1_macvtap: entered promiscuous mode [ 191.368569][ T5820] Bluetooth: hci3: command tx timeout [ 191.424115][ T8037] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.461858][ T8037] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.490682][ T8037] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.505827][ T8037] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.524817][ T8037] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.545071][ T8037] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.766169][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.807415][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.945275][ T1332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.953170][ T1332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.066722][ T8239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.826'. [ 192.688243][ T8260] netlink: 'syz.2.835': attribute type 29 has an invalid length. [ 192.711440][ T8260] netlink: 'syz.2.835': attribute type 29 has an invalid length. [ 192.756695][ T8260] netlink: 500 bytes leftover after parsing attributes in process `syz.2.835'. [ 193.033516][ T8267] 9pnet_fd: Insufficient options for proto=fd [ 193.241033][ T1332] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.480034][ T1332] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.622910][ T1332] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.784115][ T1332] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.884366][ T1332] bridge_slave_1: left allmulticast mode [ 193.890259][ T1332] bridge_slave_1: left promiscuous mode [ 193.896325][ T1332] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.907300][ T1332] bridge_slave_0: left allmulticast mode [ 193.913018][ T1332] bridge_slave_0: left promiscuous mode [ 193.918943][ T1332] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.492344][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.501432][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.574362][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 194.583876][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 194.604728][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 194.613437][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 194.621626][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 195.693782][ T1332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.720141][ T1332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.742999][ T1332] bond0 (unregistering): Released all slaves [ 195.958631][ T8315] Invalid ELF header magic: != ELF [ 196.275380][ T1332] hsr_slave_0: left promiscuous mode [ 196.310419][ T1332] hsr_slave_1: left promiscuous mode [ 196.336029][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.343529][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.382216][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.390489][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.461029][ T1332] veth1_macvtap: left promiscuous mode [ 196.477232][ T1332] veth0_macvtap: left promiscuous mode [ 196.482993][ T1332] veth1_vlan: left promiscuous mode [ 196.505378][ T1332] veth0_vlan: left promiscuous mode [ 196.725382][ T5820] Bluetooth: hci3: command tx timeout [ 197.398216][ T5828] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 197.409109][ T5828] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 197.423387][ T5828] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 197.446056][ T5828] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 197.455515][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 197.759635][ T5889] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 197.842414][ T1332] team0 (unregistering): Port device team_slave_1 removed [ 197.920565][ T1332] team0 (unregistering): Port device team_slave_0 removed [ 197.928999][ T5889] usb 7-1: Using ep0 maxpacket: 16 [ 197.944706][ T5889] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 197.955549][ T5889] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.963641][ T5889] usb 7-1: Product: syz [ 197.973207][ T5889] usb 7-1: Manufacturer: syz [ 197.981096][ T5889] usb 7-1: SerialNumber: syz [ 198.000121][ T5889] usb 7-1: config 0 descriptor?? [ 198.019994][ T5889] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected [ 198.042054][ T5889] usb 7-1: Detected FT232H [ 198.263293][ T5889] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 198.280149][ T5889] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 198.302621][ T5889] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71 [ 198.316224][ T5889] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 198.342238][ T5889] usb 7-1: USB disconnect, device number 3 [ 198.363999][ T5889] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 198.392759][ T5889] ftdi_sio 7-1:0.0: device disconnected [ 198.807662][ T5820] Bluetooth: hci3: command tx timeout [ 199.374231][ T8285] chnl_net:caif_netlink_parms(): no params data found [ 199.525405][ T5820] Bluetooth: hci4: command tx timeout [ 199.695721][ T8374] netlink: 4 bytes leftover after parsing attributes in process `syz.2.874'. [ 199.783821][ T8374] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.792398][ T8374] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.800727][ T8374] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.809636][ T8374] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.821684][ T8374] vxlan0: entered promiscuous mode [ 199.869671][ T8285] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.882358][ T8285] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.890006][ T8285] bridge_slave_0: entered allmulticast mode [ 199.898141][ T8285] bridge_slave_0: entered promiscuous mode [ 199.906809][ T8342] chnl_net:caif_netlink_parms(): no params data found [ 199.931432][ T8285] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.939205][ T8285] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.946857][ T8285] bridge_slave_1: entered allmulticast mode [ 199.955802][ T8285] bridge_slave_1: entered promiscuous mode [ 200.052909][ T8285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.071223][ T8285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.164701][ T8342] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.172679][ T8342] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.180926][ T8342] bridge_slave_0: entered allmulticast mode [ 200.190565][ T8342] bridge_slave_0: entered promiscuous mode [ 200.203280][ T8285] team0: Port device team_slave_0 added [ 200.214229][ T8342] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.221891][ T8342] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.229702][ T8342] bridge_slave_1: entered allmulticast mode [ 200.238517][ T8342] bridge_slave_1: entered promiscuous mode [ 200.263329][ T8285] team0: Port device team_slave_1 added [ 200.321498][ T8342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.339254][ T8342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.419776][ T8285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.427136][ T8285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.454817][ T8285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.483917][ T8285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.503126][ T8285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.529930][ T8285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.548513][ T8342] team0: Port device team_slave_0 added [ 200.603520][ T8342] team0: Port device team_slave_1 added [ 200.681698][ T30] kauditd_printk_skb: 186 callbacks suppressed [ 200.681715][ T30] audit: type=1326 audit(1751461952.258:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8400 comm="syz.2.883" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9e4c18e929 code=0x0 [ 200.729468][ T8342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.736645][ T8342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.773122][ T8342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.869610][ T30] audit: type=1326 audit(1751461952.448:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 200.887523][ T5820] Bluetooth: hci3: command tx timeout [ 200.953795][ T8285] hsr_slave_0: entered promiscuous mode [ 200.959612][ T30] audit: type=1326 audit(1751461952.448:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 200.996374][ T8285] hsr_slave_1: entered promiscuous mode [ 201.011488][ T8342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.019793][ T8342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.064293][ T30] audit: type=1326 audit(1751461952.448:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 201.087188][ T30] audit: type=1326 audit(1751461952.448:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 201.112214][ T8342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.140427][ T30] audit: type=1326 audit(1751461952.448:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 201.199364][ T30] audit: type=1326 audit(1751461952.448:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 201.223771][ T30] audit: type=1326 audit(1751461952.448:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 201.334210][ T30] audit: type=1326 audit(1751461952.448:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 201.356692][ T30] audit: type=1326 audit(1751461952.448:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 201.396793][ T8342] hsr_slave_0: entered promiscuous mode [ 201.416780][ T8342] hsr_slave_1: entered promiscuous mode [ 201.440667][ T8342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.456276][ T8342] Cannot create hsr debugfs directory [ 201.568428][ T8414] netlink: 566 bytes leftover after parsing attributes in process `syz.6.887'. [ 201.605634][ T5820] Bluetooth: hci4: command tx timeout [ 201.620224][ T8417] netlink: 'syz.2.889': attribute type 1 has an invalid length. [ 201.743318][ T8417] 8021q: adding VLAN 0 to HW filter on device bond1 [ 201.811629][ T8422] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 201.907943][ T8426] kvm: Disabled LAPIC found during irq injection [ 201.987384][ T8429] netlink: 8 bytes leftover after parsing attributes in process `syz.2.893'. [ 202.455470][ T8342] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 202.468599][ T8342] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 202.479561][ T8342] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 202.507464][ T8342] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 202.574257][ T8285] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 202.590481][ T8285] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 202.614593][ T8285] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 202.659693][ T8285] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 202.965760][ T5820] Bluetooth: hci3: command tx timeout [ 202.982791][ T8342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.082243][ T8342] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.110512][ T8285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.133760][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.140978][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.231881][ T1002] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.239146][ T1002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.294492][ T8285] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.343615][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.350879][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.399836][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.407088][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.686189][ T5820] Bluetooth: hci4: command tx timeout [ 204.161129][ T8342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.283773][ T8285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.350978][ T8501] overlayfs: upper fs does not support file handles, falling back to index=off. [ 205.131279][ T8342] veth0_vlan: entered promiscuous mode [ 205.203745][ T8342] veth1_vlan: entered promiscuous mode [ 205.312918][ T8342] veth0_macvtap: entered promiscuous mode [ 205.346818][ T8342] veth1_macvtap: entered promiscuous mode [ 205.366143][ T8285] veth0_vlan: entered promiscuous mode [ 205.412489][ T8285] veth1_vlan: entered promiscuous mode [ 205.459328][ T8342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.493253][ T8342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.506389][ T5824] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 205.534567][ T8342] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.565429][ T8342] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.574212][ T8342] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.585012][ T8342] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.639566][ T8285] veth0_macvtap: entered promiscuous mode [ 205.673162][ T8285] veth1_macvtap: entered promiscuous mode [ 205.690718][ T5824] usb 7-1: Using ep0 maxpacket: 8 [ 205.699644][ T5824] usb 7-1: config 0 has an invalid interface number: 52 but max is 0 [ 205.708409][ T5824] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 205.727451][ T5824] usb 7-1: config 0 has no interface number 0 [ 205.743671][ T5824] usb 7-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 205.760396][ T5824] usb 7-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 205.768243][ T5820] Bluetooth: hci4: command tx timeout [ 205.781055][ T5824] usb 7-1: config 0 interface 52 has no altsetting 0 [ 205.797041][ T5824] usb 7-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 205.824098][ T8285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.834744][ T5824] usb 7-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 205.848153][ T8285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.885192][ T5824] usb 7-1: Manufacturer: syz [ 205.897125][ T8285] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.906428][ T5824] usb 7-1: config 0 descriptor?? [ 205.928123][ T8285] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.945211][ T8285] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.957887][ T8285] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.007120][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.015058][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.100345][ T4409] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.117142][ T4409] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.178836][ T5824] input: syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.52/input/input11 [ 206.274791][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.300411][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.383477][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.384313][ T8559] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 206.406077][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.426821][ T5820] Bluetooth: hci0: ISO packet for unknown connection handle 238 [ 206.429893][ T5889] usb 7-1: USB disconnect, device number 4 [ 206.434542][ C1] synaptics_usb 7-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 206.785437][ T5911] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 206.906855][ T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.956580][ T5911] usb 1-1: Using ep0 maxpacket: 32 [ 206.968374][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.989809][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.015318][ T5911] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 207.024523][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.050748][ T5911] usb 1-1: config 0 descriptor?? [ 207.068922][ T5911] hub 1-1:0.0: USB hub found [ 207.229801][ T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.284096][ T5911] hub 1-1:0.0: 1 port detected [ 207.310573][ T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.444056][ T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.571659][ T59] bridge_slave_1: left allmulticast mode [ 207.577454][ T59] bridge_slave_1: left promiscuous mode [ 207.583610][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.596500][ T59] bridge_slave_0: left allmulticast mode [ 207.602200][ T59] bridge_slave_0: left promiscuous mode [ 207.613928][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.920207][ T5911] hub 1-1:0.0: activate --> -90 [ 208.126167][ T5911] usb 1-1-port1: config error [ 208.328257][ T5911] usb 1-1-port1: cannot disable (err = -71) [ 208.328811][ T5824] usb 1-1: USB disconnect, device number 12 [ 208.402800][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 208.421154][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 208.437100][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 208.451976][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 208.473198][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 208.575671][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.609589][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.627368][ T59] bond0 (unregistering): Released all slaves [ 208.656053][ T8591] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1814518830 (232258410240 ns) > initial count (2458284544 ns). Using initial count to start timer. [ 209.318078][ T8613] Bluetooth: hci0: invalid length 0, exp 2 for type 23 [ 209.794967][ T59] hsr_slave_0: left promiscuous mode [ 209.910756][ T59] hsr_slave_1: left promiscuous mode [ 209.926578][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 209.934082][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.003399][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.028766][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.104505][ T59] veth1_macvtap: left promiscuous mode [ 210.146288][ T59] veth0_macvtap: left promiscuous mode [ 210.161380][ T59] veth1_vlan: left promiscuous mode [ 210.185414][ T59] veth0_vlan: left promiscuous mode [ 210.576825][ T5820] Bluetooth: hci3: command tx timeout [ 210.602691][ T30] kauditd_printk_skb: 162 callbacks suppressed [ 210.602710][ T30] audit: type=1800 audit(1751461962.178:396): pid=8644 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.972" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 210.984009][ T30] audit: type=1800 audit(1751461962.558:397): pid=8658 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.977" name="file1" dev="tmpfs" ino=89 res=0 errno=0 [ 211.677055][ T59] team0 (unregistering): Port device team_slave_1 removed [ 211.724498][ T59] team0 (unregistering): Port device team_slave_0 removed [ 212.250893][ T8588] chnl_net:caif_netlink_parms(): no params data found [ 212.589770][ T8588] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.606482][ T8588] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.614109][ T8588] bridge_slave_0: entered allmulticast mode [ 212.626445][ T8588] bridge_slave_0: entered promiscuous mode [ 212.656652][ T5820] Bluetooth: hci3: command tx timeout [ 212.684442][ T8588] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.725603][ T8588] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.732936][ T8588] bridge_slave_1: entered allmulticast mode [ 212.803081][ T8588] bridge_slave_1: entered promiscuous mode [ 212.922953][ T8588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.973768][ T8588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.091083][ T8588] team0: Port device team_slave_0 added [ 213.113287][ T8588] team0: Port device team_slave_1 added [ 213.248434][ T8588] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.273741][ T8588] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.315226][ T5824] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 213.355230][ T8588] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.384732][ T8588] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.401846][ T8588] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.467685][ T8588] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.527176][ T5824] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 213.550181][ T5824] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 213.573984][ T5824] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 213.593353][ T5824] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 213.623972][ T8588] hsr_slave_0: entered promiscuous mode [ 213.641488][ T8588] hsr_slave_1: entered promiscuous mode [ 213.647756][ T5824] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 213.675177][ T5824] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.712658][ T5824] usb 7-1: config 0 descriptor?? [ 214.171878][ T5824] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 214.449900][ T8733] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input13 [ 214.632358][ T8588] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 214.642897][ T8588] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 214.653964][ T8588] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 214.667658][ T8588] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 214.726452][ T5820] Bluetooth: hci3: command tx timeout [ 214.768491][ T8588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.790691][ T8588] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.804556][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.811907][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.834634][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.841869][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.959447][ T5911] usb 7-1: USB disconnect, device number 5 [ 215.166028][ T8588] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.531977][ T8588] veth0_vlan: entered promiscuous mode [ 215.583536][ T8588] veth1_vlan: entered promiscuous mode [ 215.729834][ T8588] veth0_macvtap: entered promiscuous mode [ 215.748267][ T8588] veth1_macvtap: entered promiscuous mode [ 215.950483][ T8588] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.014484][ T8588] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.051936][ T8588] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.063286][ T8588] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.081943][ T8588] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.099906][ T8588] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.194631][ T8771] loop6: detected capacity change from 0 to 524287999 [ 216.367443][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.382672][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.416765][ T8776] binder: 8775:8776 ioctl c0306201 2000000003c0 returned -14 [ 216.453011][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.471252][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.614346][ T8778] loop8: detected capacity change from 0 to 1 [ 216.652591][ T8778] loop8: [POWERTEC] p1 p2 p3 p4 p5 [ 216.673081][ T8778] loop8: p1 start 7 is beyond EOD, truncated [ 216.703371][ T8778] loop8: p2 size 7 extends beyond EOD, truncated [ 216.722832][ T8778] loop8: p3 start 65545 is beyond EOD, truncated [ 216.730261][ T8778] loop8: p4 start 2814540723 is beyond EOD, truncated [ 216.781050][ T8778] loop8: p5 start 3659533425 is beyond EOD, truncated [ 217.045425][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 217.203179][ T8792] netlink: 140 bytes leftover after parsing attributes in process `syz.6.1024'. [ 217.220969][ T8792] netlink: 140 bytes leftover after parsing attributes in process `syz.6.1024'. [ 217.570700][ T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.123403][ T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.406736][ T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.551832][ T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.825284][ T24] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 218.983350][ T13] bridge_slave_1: left allmulticast mode [ 218.995229][ T13] bridge_slave_1: left promiscuous mode [ 219.001239][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.036136][ T13] bridge_slave_0: left allmulticast mode [ 219.041942][ T13] bridge_slave_0: left promiscuous mode [ 219.063577][ T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 219.075838][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.104400][ T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 219.136435][ T24] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 219.146022][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.165337][ T24] usb 7-1: Product: syz [ 219.169710][ T24] usb 7-1: Manufacturer: syz [ 219.174652][ T24] usb 7-1: SerialNumber: syz [ 219.298530][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 219.321363][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 219.331110][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 219.341517][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 219.350675][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 219.433152][ T24] usb 7-1: 0:2 : does not exist [ 219.533967][ T24] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 219.625842][ T24] usb 7-1: USB disconnect, device number 6 [ 219.732459][ T8847] loop2: detected capacity change from 0 to 7 [ 219.775459][ T8847] Dev loop2: unable to read RDB block 7 [ 219.781166][ T8847] loop2: unable to read partition table [ 219.793619][ T8847] loop2: partition table beyond EOD, truncated [ 219.801644][ T8847] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 220.555906][ T8867] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1053'. [ 220.829864][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 220.847703][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 220.866186][ T13] bond0 (unregistering): Released all slaves [ 221.446777][ T5828] Bluetooth: hci3: command tx timeout [ 221.528020][ T13] hsr_slave_0: left promiscuous mode [ 221.575734][ T13] hsr_slave_1: left promiscuous mode [ 221.585426][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.598103][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.616526][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.633634][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.682498][ T13] veth1_macvtap: left promiscuous mode [ 221.689308][ T13] veth0_macvtap: left promiscuous mode [ 221.695443][ T13] veth1_vlan: left promiscuous mode [ 221.701040][ T13] veth0_vlan: left promiscuous mode [ 222.584112][ T13] team0 (unregistering): Port device team_slave_1 removed [ 222.657266][ T13] team0 (unregistering): Port device team_slave_0 removed [ 223.352872][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1078'. [ 223.484699][ T8836] chnl_net:caif_netlink_parms(): no params data found [ 223.526160][ T5828] Bluetooth: hci3: command tx timeout [ 223.861959][ T8836] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.875817][ T8836] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.883202][ T8836] bridge_slave_0: entered allmulticast mode [ 223.899459][ T8836] bridge_slave_0: entered promiscuous mode [ 223.917219][ T8836] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.924449][ T8836] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.944003][ T8836] bridge_slave_1: entered allmulticast mode [ 223.970115][ T8836] bridge_slave_1: entered promiscuous mode [ 224.025934][ T8836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.039424][ T8836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.075715][ T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 224.133112][ T8836] team0: Port device team_slave_0 added [ 224.144900][ T8836] team0: Port device team_slave_1 added [ 224.251128][ T24] usb 7-1: config 0 has no interfaces? [ 224.261296][ T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 224.287756][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.301410][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 224.312270][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.340286][ T24] usb 7-1: config 0 descriptor?? [ 224.356112][ T8836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 224.377713][ T8836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 224.384728][ T8836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.413074][ T8836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 224.570877][ T8836] hsr_slave_0: entered promiscuous mode [ 224.591542][ T8836] hsr_slave_1: entered promiscuous mode [ 224.765776][ T8940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.789309][ T8940] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.811834][ T43] usb 7-1: USB disconnect, device number 7 [ 225.600859][ T8836] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 225.608946][ T5828] Bluetooth: hci3: command tx timeout [ 225.646378][ T8836] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 225.663768][ T8836] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 225.679486][ T8836] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 225.844585][ T8836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.891849][ T8836] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.909038][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.916360][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.940924][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.948329][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.353236][ T8836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.555493][ T5911] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 226.723202][ T5911] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 226.770040][ T5911] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 226.786195][ T1332] Bluetooth: hci5: Frame reassembly failed (-84) [ 226.798225][ T5911] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 226.820280][ T5911] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 226.844320][ T5911] usb 7-1: SerialNumber: syz [ 226.932188][ T8836] veth0_vlan: entered promiscuous mode [ 226.950016][ T8836] veth1_vlan: entered promiscuous mode [ 226.994685][ T8836] veth0_macvtap: entered promiscuous mode [ 227.008354][ T8836] veth1_macvtap: entered promiscuous mode [ 227.059113][ T8836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.084534][ T5911] usb 7-1: 0:2 : does not exist [ 227.101231][ T8836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.102470][ T5911] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 227.137023][ T8836] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.146520][ T8836] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.155462][ T8836] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.164416][ T8836] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.172491][ T5911] usb 7-1: USB disconnect, device number 8 [ 227.273099][ T1332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.283070][ T1332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.317535][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.327673][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.169586][ T49] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x4b [ 228.237071][ T1332] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.805417][ T5820] Bluetooth: hci5: command 0x1003 tx timeout [ 228.811928][ T5828] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 229.011737][ T1332] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.582770][ T1332] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.674476][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 229.689307][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 229.706657][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 229.717478][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 229.726255][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 229.745555][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 229.783236][ T1332] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.975670][ T43] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 230.030814][ T30] audit: type=1326 audit(1751461981.608:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.036733][ T1332] bridge_slave_1: left allmulticast mode [ 230.058948][ T1332] bridge_slave_1: left promiscuous mode [ 230.064776][ T1332] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.073381][ T30] audit: type=1326 audit(1751461981.638:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.096353][ T30] audit: type=1326 audit(1751461981.638:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.121905][ T30] audit: type=1326 audit(1751461981.638:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.122995][ T1332] bridge_slave_0: left allmulticast mode [ 230.150918][ T30] audit: type=1326 audit(1751461981.638:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.174680][ T43] usb 1-1: config 0 has an invalid interface number: 230 but max is 0 [ 230.183326][ T43] usb 1-1: config 0 has no interface number 0 [ 230.204355][ T30] audit: type=1326 audit(1751461981.638:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.226486][ T43] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 230.237776][ T1332] bridge_slave_0: left promiscuous mode [ 230.243617][ T1332] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.252086][ T43] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 230.263722][ T43] usb 1-1: config 0 interface 230 has no altsetting 0 [ 230.271928][ T30] audit: type=1326 audit(1751461981.638:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.299827][ T30] audit: type=1326 audit(1751461981.638:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.342980][ T30] audit: type=1326 audit(1751461981.638:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.366949][ T43] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 230.377407][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.385748][ T43] usb 1-1: Product: syz [ 230.389969][ T43] usb 1-1: Manufacturer: syz [ 230.416006][ T43] usb 1-1: SerialNumber: syz [ 230.422925][ T30] audit: type=1326 audit(1751461981.638:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9066 comm="syz.6.1126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x7fc00000 [ 230.456375][ T43] usb 1-1: config 0 descriptor?? [ 230.462287][ T9087] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 230.470706][ T9087] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 230.489998][ T43] ums-usbat 1-1:0.230: USB Mass Storage device detected [ 230.524283][ T43] ums-usbat 1-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 231.845567][ T5828] Bluetooth: hci3: command tx timeout [ 231.868615][ T1332] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.884845][ T1332] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.897035][ T1332] bond0 (unregistering): Released all slaves [ 232.115397][ T9082] chnl_net:caif_netlink_parms(): no params data found [ 232.489693][ T5824] IPVS: starting estimator thread 0... [ 232.496254][ T9137] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 232.615827][ T9146] IPVS: using max 38 ests per chain, 91200 per kthread [ 232.785634][ T43] ums-usbat 1-1:0.230: probe with driver ums-usbat failed with error -5 [ 232.826913][ T9082] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.843887][ T9082] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.871963][ T9082] bridge_slave_0: entered allmulticast mode [ 232.900760][ T9082] bridge_slave_0: entered promiscuous mode [ 232.931000][ T1332] hsr_slave_0: left promiscuous mode [ 232.945727][ T9] usb 1-1: USB disconnect, device number 13 [ 232.964040][ T1332] hsr_slave_1: left promiscuous mode [ 232.971087][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.979656][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.988139][ T1332] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 233.003776][ T1332] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 233.202183][ T1332] veth1_macvtap: left promiscuous mode [ 233.221991][ T1332] veth0_macvtap: left promiscuous mode [ 233.229613][ T1332] veth1_vlan: left promiscuous mode [ 233.234926][ T1332] veth0_vlan: left promiscuous mode [ 233.926247][ T5828] Bluetooth: hci3: command tx timeout [ 234.677322][ T1332] team0 (unregistering): Port device team_slave_1 removed [ 234.758658][ T1332] team0 (unregistering): Port device team_slave_0 removed [ 235.504233][ T9082] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.514601][ T9082] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.522712][ T9082] bridge_slave_1: entered allmulticast mode [ 235.530503][ T9082] bridge_slave_1: entered promiscuous mode [ 235.637845][ T9082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.677738][ T9082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.820452][ T9202] ceph: No mds server is up or the cluster is laggy [ 235.865839][ T9082] team0: Port device team_slave_0 added [ 235.897627][ T9082] team0: Port device team_slave_1 added [ 235.998050][ T9082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.005523][ T5828] Bluetooth: hci3: command tx timeout [ 236.007972][ T9082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.066938][ T9082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.130357][ T9082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.145334][ T9082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.215298][ T9082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.337769][ T9082] hsr_slave_0: entered promiscuous mode [ 236.344814][ T9082] hsr_slave_1: entered promiscuous mode [ 236.865861][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 236.865881][ T30] audit: type=1326 audit(1751461988.448:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.2.1186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e4c18e929 code=0x7fc00000 [ 236.925468][ T43] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 237.016128][ T9082] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 237.051537][ T9082] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 237.079418][ T9082] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 237.107897][ T43] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 237.112342][ T9082] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 237.133526][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.159073][ T43] usb 1-1: config 0 descriptor?? [ 237.178542][ T43] cp210x 1-1:0.0: cp210x converter detected [ 237.384920][ T9082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.385309][ T5824] kernel read not supported for file /input/event2 (pid: 5824 comm: kworker/1:3) [ 237.410992][ T43] usb 1-1: cp210x converter now attached to ttyUSB0 [ 237.453035][ T9082] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.469215][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.476583][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.527667][ T30] audit: type=1326 audit(1751461989.108:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.2.1186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e4c18e929 code=0x7fc00000 [ 237.553667][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.561032][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.597570][ T9249] loop8: detected capacity change from 0 to 7 [ 237.612154][ T9249] Dev loop8: unable to read RDB block 7 [ 237.621033][ T9249] loop8: AHDI p1 p3 p4 [ 237.633539][ T9] usb 1-1: USB disconnect, device number 14 [ 237.635259][ T9249] loop8: partition table partially beyond EOD, truncated [ 237.657167][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 237.671147][ T9249] loop8: p1 start 975770946 is beyond EOD, truncated [ 237.688288][ T9] cp210x 1-1:0.0: device disconnected [ 237.691362][ T9249] loop8: p3 start 6514546 is beyond EOD, truncated [ 238.085696][ T5820] Bluetooth: hci3: command tx timeout [ 238.192806][ T9082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.978552][ T9082] veth0_vlan: entered promiscuous mode [ 239.022064][ T9082] veth1_vlan: entered promiscuous mode [ 239.098290][ T9082] veth0_macvtap: entered promiscuous mode [ 239.114751][ T9082] veth1_macvtap: entered promiscuous mode [ 239.169828][ T9082] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.197931][ T9082] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.237218][ T9082] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.253235][ T9082] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.264094][ T9082] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.278701][ T9082] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.483940][ T1002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.535766][ T1002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.600211][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.612110][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.173244][ T5820] Bluetooth: hci3: command 0x0405 tx timeout [ 240.613261][ T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.752873][ T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.943457][ T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.137385][ T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.232761][ T49] bridge_slave_1: left allmulticast mode [ 241.238681][ T49] bridge_slave_1: left promiscuous mode [ 241.244422][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.255744][ T49] bridge_slave_0: left allmulticast mode [ 241.261480][ T49] bridge_slave_0: left promiscuous mode [ 241.267944][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.660107][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 241.673335][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 241.684652][ T49] bond0 (unregistering): Released all slaves [ 242.323820][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 242.335692][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 242.347785][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 242.367101][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 242.398663][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 242.576321][ T49] hsr_slave_0: left promiscuous mode [ 242.592532][ T49] hsr_slave_1: left promiscuous mode [ 242.605904][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.613424][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 242.651095][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.675266][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 242.761542][ T49] veth1_macvtap: left promiscuous mode [ 242.779698][ T49] veth0_macvtap: left promiscuous mode [ 242.812304][ T49] veth1_vlan: left promiscuous mode [ 242.849697][ T49] veth0_vlan: left promiscuous mode [ 244.486600][ T5820] Bluetooth: hci3: command tx timeout [ 244.705669][ T49] team0 (unregistering): Port device team_slave_1 removed [ 244.810761][ T49] team0 (unregistering): Port device team_slave_0 removed [ 246.432452][ T9443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1271'. [ 246.450754][ T9443] netlink: 'syz.2.1271': attribute type 30 has an invalid length. [ 246.567056][ T5820] Bluetooth: hci3: command tx timeout [ 246.587613][ T9443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1271'. [ 246.598685][ T9443] netlink: 'syz.2.1271': attribute type 30 has an invalid length. [ 246.779767][ T9360] chnl_net:caif_netlink_parms(): no params data found [ 247.177573][ T9360] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.191905][ T9360] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.202617][ T9360] bridge_slave_0: entered allmulticast mode [ 247.221935][ T9360] bridge_slave_0: entered promiscuous mode [ 247.235944][ T9360] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.244049][ T9360] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.259456][ T9360] bridge_slave_1: entered allmulticast mode [ 247.274982][ T9360] bridge_slave_1: entered promiscuous mode [ 247.432532][ T9360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.458624][ T49] bridge_slave_1: left allmulticast mode [ 247.477540][ T49] bridge_slave_1: left promiscuous mode [ 247.489872][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.509745][ T49] bridge_slave_0: left allmulticast mode [ 247.524180][ T49] bridge_slave_0: left promiscuous mode [ 247.548718][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.839506][ T9454] input: syz0 as /devices/virtual/input/input14 [ 248.483575][ T9507] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1294'. [ 248.494050][ T9507] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1294'. [ 248.603103][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 248.622470][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 248.634173][ T49] bond0 (unregistering): Released all slaves [ 248.645268][ T5820] Bluetooth: hci3: command tx timeout [ 248.666077][ T9360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.699149][ T9507] erspan0: entered promiscuous mode [ 248.706373][ T9507] gretap0: entered promiscuous mode [ 249.420177][ T9360] team0: Port device team_slave_0 added [ 249.469858][ T9360] team0: Port device team_slave_1 added [ 249.766188][ T9360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.773724][ T9360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.867639][ T9360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.887406][ T9360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.894428][ T9360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.958010][ T9360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.048637][ T49] hsr_slave_0: left promiscuous mode [ 250.056471][ T5910] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 250.084143][ T49] hsr_slave_1: left promiscuous mode [ 250.100769][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 250.111055][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.130010][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.141773][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.192616][ T49] veth1_macvtap: left promiscuous mode [ 250.202672][ T49] veth0_macvtap: left promiscuous mode [ 250.211225][ T49] veth1_vlan: left promiscuous mode [ 250.224819][ T49] veth0_vlan: left promiscuous mode [ 250.235410][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.254691][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.273026][ T5910] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 250.283980][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.328949][ T5910] usb 1-1: config 0 descriptor?? [ 250.508306][ T9550] netlink: 596 bytes leftover after parsing attributes in process `syz.2.1308'. [ 250.725273][ T5820] Bluetooth: hci3: command tx timeout [ 250.766890][ T5910] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0 [ 250.786911][ T5910] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0006/input/input15 [ 250.816190][ T5910] cm6533_jd 0003:0D8C:0022.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 251.011355][ T5910] usb 1-1: USB disconnect, device number 15 [ 251.193738][ T49] team0 (unregistering): Port device team_slave_1 removed [ 251.235794][ T5896] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 251.258590][ T49] team0 (unregistering): Port device team_slave_0 removed [ 251.427757][ T5896] usb 7-1: config 0 has an invalid interface number: 58 but max is 0 [ 251.439751][ T5896] usb 7-1: config 0 has no interface number 0 [ 251.455270][ T5896] usb 7-1: New USB device found, idVendor=085a, idProduct=0008, bcdDevice=7f.81 [ 251.470691][ T5896] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.479077][ T5896] usb 7-1: Product: syz [ 251.483306][ T5896] usb 7-1: Manufacturer: syz [ 251.489061][ T5896] usb 7-1: SerialNumber: syz [ 251.496775][ T5896] usb 7-1: config 0 descriptor?? [ 251.734841][ T5896] kaweth 7-1:0.58: Firmware present in device. [ 251.743065][ T5896] kaweth 7-1:0.58: Error reading configuration (-71), no net device created [ 251.773918][ T5896] kaweth 7-1:0.58: probe with driver kaweth failed with error -5 [ 251.801601][ T5896] usb 7-1: USB disconnect, device number 9 [ 252.059420][ T9548] netlink: 'syz.2.1308': attribute type 29 has an invalid length. [ 252.184503][ T9360] hsr_slave_0: entered promiscuous mode [ 252.196386][ T9360] hsr_slave_1: entered promiscuous mode [ 252.705273][ T5910] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 252.784301][ T9589] netlink: 68 bytes leftover after parsing attributes in process `syz.7.1324'. [ 252.866507][ T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 252.888303][ T5910] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 252.898755][ T5910] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 252.911366][ T5910] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 252.941179][ T5910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.950947][ T5910] usb 7-1: Product: syz [ 252.955510][ T5910] usb 7-1: Manufacturer: syz [ 252.960226][ T5910] usb 7-1: SerialNumber: syz [ 253.044806][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 253.066991][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 253.092385][ T9] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 253.101981][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.104160][ T9360] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 253.118199][ T9] usb 1-1: Product: syz [ 253.122537][ T9] usb 1-1: Manufacturer: syz [ 253.128945][ T9] usb 1-1: SerialNumber: syz [ 253.144461][ T9] usb 1-1: config 0 descriptor?? [ 253.151200][ T9360] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 253.152676][ T9582] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 253.169736][ T9360] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 253.189331][ T9582] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 253.192148][ T9360] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 253.348761][ T9360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.377411][ T9360] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.397754][ T5910] usb 7-1: USB disconnect, device number 10 [ 253.408615][ T9582] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 253.417689][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.424952][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.434201][ T9582] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 253.458127][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.465430][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.483185][ T30] audit: type=1326 audit(1751462005.058:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9603 comm="syz.7.1328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce438e929 code=0x7fc00000 [ 253.780520][ T9360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.115358][ T30] audit: type=1326 audit(1751462005.688:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9603 comm="syz.7.1328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3ce438e929 code=0x7fc00000 [ 254.315387][ T121] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 254.378769][ T9360] veth0_vlan: entered promiscuous mode [ 254.439524][ T9360] veth1_vlan: entered promiscuous mode [ 254.478216][ T9] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71 [ 254.514573][ T9] dm9601 1-1:0.0 eth9: register 'dm9601' at usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet, 6e:f1:98:9e:dd:08 [ 254.558208][ T9] usb 1-1: USB disconnect, device number 16 [ 254.582099][ T9] dm9601 1-1:0.0 eth9: unregister 'dm9601' usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet [ 254.591501][ T9360] veth0_macvtap: entered promiscuous mode [ 254.632315][ T9360] veth1_macvtap: entered promiscuous mode [ 254.649784][ T121] usb 7-1: config 0 has an invalid interface number: 255 but max is 0 [ 254.674533][ T121] usb 7-1: config 0 has no interface number 0 [ 254.710687][ T121] usb 7-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 254.724115][ T121] usb 7-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 254.743706][ T121] usb 7-1: config 0 interface 255 has no altsetting 0 [ 254.757555][ T121] usb 7-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 254.770246][ T9360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 254.777790][ T121] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.791199][ T121] usb 7-1: config 0 descriptor?? [ 254.811041][ T121] ums-realtek 7-1:0.255: USB Mass Storage device detected [ 254.910457][ T9360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 254.925001][ T9360] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.935024][ T9360] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.955172][ T9360] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.964039][ T9360] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.039207][ T9] usb 7-1: USB disconnect, device number 11 [ 255.246676][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.272782][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.343094][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.360676][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.606359][ T121] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 255.681614][ T9651] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1341'. [ 255.730121][ T9653] overlayfs: failed to clone upperpath [ 255.737273][ T9651] netlink: 'syz.7.1341': attribute type 18 has an invalid length. [ 255.797489][ T121] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 255.826210][ T30] audit: type=1326 audit(1751462007.408:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9654 comm="syz.6.1343" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f600fb8e929 code=0x0 [ 255.826522][ T121] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 255.879318][ T9651] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.888534][ T9651] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.900162][ T9651] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.910301][ T9651] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 255.923875][ T121] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 255.934152][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.941640][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.951664][ T9651] vxlan0: entered promiscuous mode [ 255.956956][ T121] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.973327][ T9642] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 255.988103][ T121] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 256.193049][ T121] usb 1-1: USB disconnect, device number 17 [ 256.372408][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.741234][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.840229][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.895816][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.024738][ T12] bridge_slave_1: left allmulticast mode [ 257.030567][ T12] bridge_slave_1: left promiscuous mode [ 257.036446][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.051010][ T12] bridge_slave_0: left allmulticast mode [ 257.056975][ T12] bridge_slave_0: left promiscuous mode [ 257.062694][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.472279][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.483529][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.494484][ T12] bond0 (unregistering): Released all slaves [ 258.427585][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 258.437400][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 258.453591][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 258.462522][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 258.482971][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 258.522533][ T12] hsr_slave_0: left promiscuous mode [ 258.545846][ T12] hsr_slave_1: left promiscuous mode [ 258.551822][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 258.567996][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.581461][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 258.596024][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.630885][ T12] veth1_macvtap: left promiscuous mode [ 258.636823][ T12] veth0_macvtap: left promiscuous mode [ 258.642668][ T12] veth1_vlan: left promiscuous mode [ 258.649030][ T12] veth0_vlan: left promiscuous mode [ 258.836165][ T9716] IPv6: Can't replace route, no match found [ 259.014870][ T9720] trusted_key: syz.2.1369 sent an empty control message without MSG_MORE. [ 259.646821][ T5824] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 259.722774][ T12] team0 (unregistering): Port device team_slave_1 removed [ 259.819668][ T5824] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 259.838093][ T5824] usb 1-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 259.857768][ T5824] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.881079][ T5824] usb 1-1: config 0 descriptor?? [ 259.913068][ T12] team0 (unregistering): Port device team_slave_0 removed [ 260.295942][ T9743] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1379'. [ 260.410355][ T5824] logitech 0003:046D:CA03.0007: hidraw0: USB HID v0.00 Device [HID 046d:ca03] on usb-dummy_hcd.0-1/input0 [ 260.453248][ T5824] logitech 0003:046D:CA03.0007: no inputs found [ 260.539819][ T5824] usb 1-1: USB disconnect, device number 18 [ 260.567650][ T5820] Bluetooth: hci3: command tx timeout [ 261.655389][ T121] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 261.818446][ T121] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.874709][ T121] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.901440][ T121] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 261.911730][ T121] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.934219][ T121] usb 1-1: config 0 descriptor?? [ 262.577323][ T121] usb 1-1: string descriptor 0 read error: -22 [ 262.645328][ T5820] Bluetooth: hci3: command tx timeout [ 262.780660][ T9699] chnl_net:caif_netlink_parms(): no params data found [ 262.796917][ T121] input: HID 256c:006d as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0008/input/input16 [ 262.911873][ T121] uclogic 0003:256C:006D.0008: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 262.994369][ T24] usb 1-1: USB disconnect, device number 19 [ 263.204368][ T9800] overlayfs: failed to clone lowerpath [ 263.237860][ T9800] overlayfs: failed to clone lowerpath [ 263.388219][ T9699] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.417909][ T9699] bridge0: port 1(bridge_slave_0) entered disabled state [ 263.445526][ T9699] bridge_slave_0: entered allmulticast mode [ 263.453521][ T9699] bridge_slave_0: entered promiscuous mode [ 263.506091][ T9699] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.513520][ T9699] bridge0: port 2(bridge_slave_1) entered disabled state [ 263.537967][ T9699] bridge_slave_1: entered allmulticast mode [ 263.553787][ T9699] bridge_slave_1: entered promiscuous mode [ 263.625804][ T9699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 263.659028][ T9699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 263.748881][ T9699] team0: Port device team_slave_0 added [ 263.763631][ T9699] team0: Port device team_slave_1 added [ 263.816813][ T9699] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 263.837568][ T9699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.872958][ T30] audit: type=1326 audit(1751462015.448:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 263.897208][ T9699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 263.916200][ T24] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 263.958947][ T9699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 263.990161][ T9699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 264.033957][ T30] audit: type=1326 audit(1751462015.448:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 264.055516][ C1] vkms_vblank_simulate: vblank timer overrun [ 264.062295][ T30] audit: type=1326 audit(1751462015.448:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 264.086877][ T9699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 264.132707][ T30] audit: type=1326 audit(1751462015.448:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 264.154251][ C1] vkms_vblank_simulate: vblank timer overrun [ 264.160623][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 264.209414][ T24] usb 7-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 264.223174][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.233112][ T24] usb 7-1: Product: syz [ 264.249090][ T30] audit: type=1326 audit(1751462015.448:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 264.276301][ T24] usb 7-1: Manufacturer: syz [ 264.285246][ T24] usb 7-1: SerialNumber: syz [ 264.318801][ T24] usb 7-1: config 0 descriptor?? [ 264.327234][ T9699] hsr_slave_0: entered promiscuous mode [ 264.333285][ T30] audit: type=1326 audit(1751462015.448:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa81758e929 code=0x7ffc0000 [ 264.357869][ T9699] hsr_slave_1: entered promiscuous mode [ 264.367339][ T24] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 264.423767][ T30] audit: type=1326 audit(1751462015.448:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 264.523965][ T30] audit: type=1326 audit(1751462015.448:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 264.605062][ T30] audit: type=1326 audit(1751462015.448:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 264.700328][ T30] audit: type=1326 audit(1751462015.448:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9812 comm="syz.0.1407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa81752ab19 code=0x7ffc0000 [ 264.729986][ T5820] Bluetooth: hci3: command tx timeout [ 265.580410][ T9699] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 265.592990][ T9699] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 265.601902][ T24] gspca_topro: reg_w err -71 [ 265.606741][ T9699] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 265.623746][ T9699] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 265.638825][ T24] gspca_topro: Sensor soi763a [ 265.661450][ T24] usb 7-1: USB disconnect, device number 12 [ 265.744245][ T9699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.768289][ T9699] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.783243][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.790523][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.808432][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.815815][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 266.098320][ T9699] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.289647][ T9832] ceph: No mds server is up or the cluster is laggy [ 266.550171][ T9699] veth0_vlan: entered promiscuous mode [ 266.571201][ T9699] veth1_vlan: entered promiscuous mode [ 266.622028][ T9699] veth0_macvtap: entered promiscuous mode [ 266.633766][ T9699] veth1_macvtap: entered promiscuous mode [ 266.662225][ T9699] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 266.680400][ T9699] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 266.693366][ T9699] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.704683][ T9699] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.723600][ T9699] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.732528][ T9699] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.806292][ T5828] Bluetooth: hci3: command tx timeout [ 266.860803][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.892628][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.969141][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 267.008049][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 267.446654][ T5828] Bluetooth: hci5: command 0x1003 tx timeout [ 267.447269][ T5820] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 267.605650][ T9891] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 268.054113][ T9910] loop3: detected capacity change from 0 to 1 [ 268.081284][ T9910] Dev loop3: unable to read RDB block 1 [ 268.107359][ T9910] loop3: unable to read partition table [ 268.119333][ T9910] loop3: partition table beyond EOD, truncated [ 268.129189][ T9910] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 269.772762][ T9922] input: syz1 as /devices/virtual/input/input17 [ 270.323027][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 270.347153][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 270.356107][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 270.378349][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 270.389625][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 271.395759][ T9955] netlink: 'syz.6.1452': attribute type 13 has an invalid length. [ 271.429687][ T1002] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.629805][ T9955] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.638654][ T9955] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.842146][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.859803][ T9955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 272.012928][ T9955] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.031908][ T9955] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.045867][ T9955] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.054988][ T9955] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.241047][ T1002] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.278321][ T9970] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1458'. [ 272.398880][ T1002] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.496348][ T5820] Bluetooth: hci3: command tx timeout [ 272.573134][ T1002] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.007686][ T1002] bridge_slave_1: left allmulticast mode [ 273.022659][ T1002] bridge_slave_1: left promiscuous mode [ 273.049747][ T1002] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.077274][ T1002] bridge_slave_0: left allmulticast mode [ 273.094975][ T1002] bridge_slave_0: left promiscuous mode [ 273.103517][ T49] nci: nci_ntf_packet: unknown ntf opcode 0x101 [ 273.121277][ T1002] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.385423][ T1002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 274.426437][ T1002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 274.464963][ T1002] bond0 (unregistering): Released all slaves [ 274.582672][ T5820] Bluetooth: hci3: command tx timeout [ 274.605253][T10042] ip6_tunnel: ip6gretap0 xmit: Routing loop! Remote address found on this node! [ 274.625566][ T9] ip6_tunnel: ip6gretap0 xmit: Routing loop! Remote address found on this node! [ 274.644292][ T9935] chnl_net:caif_netlink_parms(): no params data found [ 275.017655][T10058] geneve2: entered promiscuous mode [ 275.022968][T10058] geneve2: entered allmulticast mode [ 275.323590][ T9935] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.343919][ T9935] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.354840][ T9935] bridge_slave_0: entered allmulticast mode [ 275.384322][ T9935] bridge_slave_0: entered promiscuous mode [ 275.435853][ T1002] hsr_slave_0: left promiscuous mode [ 275.446143][ T9] ip6_tunnel: ip6gretap0 xmit: Routing loop! Remote address found on this node! [ 275.471475][ T1002] hsr_slave_1: left promiscuous mode [ 275.493398][ T1002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.502907][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.520773][ T1002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.528931][ T1002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.577129][ T1002] veth1_macvtap: left promiscuous mode [ 275.582912][ T1002] veth0_macvtap: left promiscuous mode [ 275.589206][ T1002] veth1_vlan: left promiscuous mode [ 275.594732][ T1002] veth0_vlan: left promiscuous mode [ 276.510212][T10097] fuse: Bad value for 'fd' [ 276.566127][ T1002] team0 (unregistering): Port device team_slave_1 removed [ 276.620322][ T1002] team0 (unregistering): Port device team_slave_0 removed [ 276.648982][ T5828] Bluetooth: hci3: command tx timeout [ 277.045602][ T5828] Bluetooth: hci1: command 0x0406 tx timeout [ 277.045843][T10051] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 277.174448][ T9935] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.182245][ T9935] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.191469][ T9935] bridge_slave_1: entered allmulticast mode [ 277.199603][ T9935] bridge_slave_1: entered promiscuous mode [ 277.274599][ T9935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.301756][ T9935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 277.403928][ T9935] team0: Port device team_slave_0 added [ 277.432769][ T9935] team0: Port device team_slave_1 added [ 277.476499][ T9935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 277.483511][ T9935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 277.510507][ T9935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 277.526192][ T9935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 277.533275][ T9935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 277.559508][ T9935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 277.621555][ T9935] hsr_slave_0: entered promiscuous mode [ 277.628518][ T9935] hsr_slave_1: entered promiscuous mode [ 277.762244][T10051] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 277.799899][T10051] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 277.809670][T10051] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 277.819159][T10051] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 277.825438][T10051] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 277.862297][T10051] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 277.901253][T10051] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 277.909703][T10051] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 277.919782][T10051] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 278.142954][T10109] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.1514'. [ 278.340930][T10116] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340 [ 278.580813][ T9935] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 278.611141][ T9935] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 278.639420][ T9935] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 278.689140][ T9935] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 278.926871][ T9935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 278.977450][ T9935] 8021q: adding VLAN 0 to HW filter on device team0 [ 279.026160][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.033434][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 279.100446][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.107733][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 279.128023][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 279.596841][ T121] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 279.679592][ T9935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 279.788771][ T121] usb 7-1: config index 0 descriptor too short (expected 30768, got 18) [ 279.802403][ T121] usb 7-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 279.832469][ T121] usb 7-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config [ 279.851383][ T5820] Bluetooth: hci4: command 0x0c1a tx timeout [ 279.858855][ T5820] Bluetooth: hci0: command 0x0406 tx timeout [ 279.889613][ T121] usb 7-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 279.905317][ T121] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 279.914637][ T121] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.925297][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 280.154973][ T121] usb 7-1: string descriptor 0 read error: -22 [ 280.270227][T10174] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 280.299201][T10174] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.357329][ T43] usb 7-1: USB disconnect, device number 13 [ 280.410561][T10183] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 280.462755][T10174] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 280.480657][T10174] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.532783][ T9935] veth0_vlan: entered promiscuous mode [ 280.598173][T10174] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 280.614426][T10174] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.636219][ T9935] veth1_vlan: entered promiscuous mode [ 280.712294][T10174] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 280.725902][T10174] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.800389][ T9935] veth0_macvtap: entered promiscuous mode [ 280.829241][ T9935] veth1_macvtap: entered promiscuous mode [ 280.957436][ T9935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 280.983843][ T9935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 280.998137][ T9935] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.007661][ T9935] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.054260][ T9935] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.085843][ T9935] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.502624][ T5824] libceph: connect (1)[c::]:6789 error -101 [ 281.510224][ T5824] libceph: mon0 (1)[c::]:6789 connect error [ 281.581183][ T9] libceph: connect (1)[b::]:6789 error -101 [ 281.596068][ T9] libceph: mon0 (1)[b::]:6789 connect error [ 281.651444][T10174] netdevsim netdevsim7 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.667260][T10174] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.769145][T10174] netdevsim netdevsim7 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.780200][ T24] libceph: connect (1)[c::]:6789 error -101 [ 281.794666][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 281.801645][T10174] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.812290][ T1002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.837162][ T1002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 281.846023][T10174] netdevsim netdevsim7 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.855642][ T9] libceph: connect (1)[b::]:6789 error -101 [ 281.860099][T10174] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.861805][ T9] libceph: mon0 (1)[b::]:6789 connect error [ 281.921080][T10174] netdevsim netdevsim7 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 281.928844][ T5820] Bluetooth: hci4: command 0x0c1a tx timeout [ 281.935796][ T5828] Bluetooth: hci0: command 0x0406 tx timeout [ 281.947927][T10174] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 282.008161][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout [ 282.029003][ T1045] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 282.039523][ T1045] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.306048][ T43] libceph: connect (1)[c::]:6789 error -101 [ 282.312862][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 282.313464][T10195] ceph: No mds server is up or the cluster is laggy [ 282.319112][T10192] ceph: No mds server is up or the cluster is laggy [ 282.491111][ T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.653026][ T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.814022][ T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.976295][ T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.095553][ T49] bridge_slave_1: left allmulticast mode [ 283.101257][ T49] bridge_slave_1: left promiscuous mode [ 283.107045][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.116925][ T49] bridge_slave_0: left allmulticast mode [ 283.122621][ T49] bridge_slave_0: left promiscuous mode [ 283.130309][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.518634][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.533776][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.545578][ T49] bond0 (unregistering): Released all slaves [ 283.803313][ T49] hsr_slave_0: left promiscuous mode [ 283.809807][ T49] hsr_slave_1: left promiscuous mode [ 283.817976][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.825633][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.836767][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.844273][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.944498][ T49] veth1_macvtap: left promiscuous mode [ 283.961363][ T49] veth0_macvtap: left promiscuous mode [ 283.977863][ T49] veth1_vlan: left promiscuous mode [ 283.990599][ T49] veth0_vlan: left promiscuous mode [ 284.005936][ T5828] Bluetooth: hci4: command 0x0c1a tx timeout [ 284.289115][T10234] netlink: 'syz.7.1558': attribute type 4 has an invalid length. [ 284.342515][T10237] netlink: 'syz.7.1558': attribute type 4 has an invalid length. [ 284.634804][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 284.661821][ T5820] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 284.674899][ T5820] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 284.688905][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 284.698613][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 284.959382][T10252] overlayfs: failed to clone lowerpath [ 285.033173][ T5824] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 285.242425][ T5824] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 285.264138][ T5824] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 285.275524][ T5824] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 285.289605][ T49] team0 (unregistering): Port device team_slave_1 removed [ 285.295262][ T5824] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.328242][T10248] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 285.358645][ T5824] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 285.417659][ T49] team0 (unregistering): Port device team_slave_0 removed [ 285.573918][ T9] usb 7-1: USB disconnect, device number 14 [ 286.009477][T10235] syzkaller1: entered promiscuous mode [ 286.025402][T10235] syzkaller1: entered allmulticast mode [ 286.550203][T10244] chnl_net:caif_netlink_parms(): no params data found [ 286.788964][T10244] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.796748][T10244] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.804155][T10244] bridge_slave_0: entered allmulticast mode [ 286.810491][ T5820] Bluetooth: hci3: command tx timeout [ 286.821567][T10244] bridge_slave_0: entered promiscuous mode [ 286.831534][T10244] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.841611][T10244] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.849168][T10244] bridge_slave_1: entered allmulticast mode [ 286.857612][T10244] bridge_slave_1: entered promiscuous mode [ 286.942914][T10244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.971586][T10244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 287.100653][T10244] team0: Port device team_slave_0 added [ 287.114613][T10244] team0: Port device team_slave_1 added [ 287.194462][T10244] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.216624][T10244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.247541][T10244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.294948][T10244] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.323198][T10244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.406515][T10244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.445779][T10307] : entered promiscuous mode [ 287.681052][T10244] hsr_slave_0: entered promiscuous mode [ 287.701099][T10244] hsr_slave_1: entered promiscuous mode [ 288.135827][ T5910] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 288.305370][ T5910] usb 1-1: Using ep0 maxpacket: 32 [ 288.316121][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.331821][ T5910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 288.342827][ T5910] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 288.353481][ T5910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.364337][ T5910] usb 1-1: config 0 descriptor?? [ 288.636768][T10244] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 288.663700][T10244] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 288.680177][T10244] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 288.700146][T10244] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 288.808586][ T5910] ft260 0003:0403:6030.0009: unknown main item tag 0x0 [ 288.886172][ T5820] Bluetooth: hci3: command tx timeout [ 288.901579][T10244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.932266][T10244] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.949662][ T1002] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.956939][ T1002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.997631][ T5910] ft260 0003:0403:6030.0009: chip code: 6424 8183 [ 288.998521][ T1002] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.011350][ T1002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.198911][ T5910] ft260 0003:0403:6030.0009: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0 [ 289.595302][ T5824] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 289.603019][ T5910] ft260 0003:0403:6030.0009: failed to retrieve status: -71 [ 289.620065][T10244] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.628160][ T5910] ft260 0003:0403:6030.0009: failed to reset I2C controller: -71 [ 289.656532][ T5910] usb 1-1: USB disconnect, device number 20 [ 289.757796][ T5824] usb 7-1: Using ep0 maxpacket: 16 [ 289.798342][ T5824] usb 7-1: config 0 has an invalid interface number: 214 but max is 0 [ 289.806896][ T5824] usb 7-1: config 0 has no interface number 0 [ 289.813703][ T5824] usb 7-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 289.837500][ T5824] usb 7-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 289.858049][ T5824] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.869163][ T5824] usb 7-1: Product: syz [ 289.873411][ T5824] usb 7-1: Manufacturer: syz [ 289.879711][ T5824] usb 7-1: SerialNumber: syz [ 289.902352][ T5824] usb 7-1: config 0 descriptor?? [ 290.253386][T10244] veth0_vlan: entered promiscuous mode [ 290.304070][T10244] veth1_vlan: entered promiscuous mode [ 290.394812][T10244] veth0_macvtap: entered promiscuous mode [ 290.418810][T10244] veth1_macvtap: entered promiscuous mode [ 290.463763][T10244] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 290.562341][T10244] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 290.577583][ T5824] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.214/input/input18 [ 290.622517][T10244] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.655210][T10244] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.664001][T10244] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.700947][T10244] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.778599][ T5824] usb 7-1: USB disconnect, device number 15 [ 290.967999][ T5820] Bluetooth: hci3: command tx timeout [ 291.072040][ T1002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.122684][ T1002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.248228][ T1002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.272001][ T1002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.304425][ T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.539280][ T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.674460][ T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.742360][ T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.839425][ T13] bridge_slave_1: left allmulticast mode [ 292.845726][ T13] bridge_slave_1: left promiscuous mode [ 292.851473][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.861386][ T13] bridge_slave_0: left allmulticast mode [ 292.867630][ T13] bridge_slave_0: left promiscuous mode [ 292.873493][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.244645][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.259900][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.270690][ T13] bond0 (unregistering): Released all slaves [ 293.584323][ T13] hsr_slave_0: left promiscuous mode [ 293.592088][ T13] hsr_slave_1: left promiscuous mode [ 293.598452][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 293.606176][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 293.614144][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 293.622393][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 293.649843][ T13] veth1_macvtap: left promiscuous mode [ 293.655535][ T13] veth0_macvtap: left promiscuous mode [ 293.661182][ T13] veth1_vlan: left promiscuous mode [ 293.667185][ T13] veth0_vlan: left promiscuous mode [ 294.219870][ T30] kauditd_printk_skb: 108 callbacks suppressed [ 294.219891][ T30] audit: type=1326 audit(1751462045.798:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10418 comm="syz.7.1622" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3ce438e929 code=0x0 [ 294.251436][T10426] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1620'. [ 294.507313][ T5828] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 294.523484][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 294.545027][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 294.573806][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 294.592085][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 294.832592][ T13] team0 (unregistering): Port device team_slave_1 removed [ 294.879877][ T13] team0 (unregistering): Port device team_slave_0 removed [ 295.085755][T10442] 9pnet_fd: Insufficient options for proto=fd [ 295.782067][ T5910] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 295.945364][ T5910] usb 7-1: Using ep0 maxpacket: 8 [ 295.962752][ T5910] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 295.990103][ T5910] usb 7-1: config 179 has no interface number 0 [ 295.997067][ T5910] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 296.017959][ T30] audit: type=1326 audit(1751462047.588:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.027990][ T5910] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 296.067377][ T5910] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 296.069365][ T30] audit: type=1326 audit(1751462047.588:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.083516][ T5910] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 296.119526][ T30] audit: type=1326 audit(1751462047.628:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.131481][T10426] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.149696][ T30] audit: type=1326 audit(1751462047.628:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.151751][T10426] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.182029][T10426] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.191511][T10426] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 296.201297][ T5910] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 296.215133][T10426] vxlan0: entered promiscuous mode [ 296.221603][ T5910] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 296.230853][ T30] audit: type=1326 audit(1751462047.628:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.230906][ T30] audit: type=1326 audit(1751462047.648:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.230952][ T30] audit: type=1326 audit(1751462047.648:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.230996][ T30] audit: type=1326 audit(1751462047.648:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.231040][ T30] audit: type=1326 audit(1751462047.658:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10464 comm="syz.7.1639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3ce438e929 code=0x7ffc0000 [ 296.389104][ T5910] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.413231][T10467] macsec1: entered allmulticast mode [ 296.489303][T10453] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 296.646745][ T5820] Bluetooth: hci3: command tx timeout [ 296.783040][ T121] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input19 [ 297.027829][ T5896] usb 7-1: USB disconnect, device number 16 [ 297.029105][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 297.042215][ C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 297.050982][ T5896] xpad 7-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 297.259064][T10490] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1649'. [ 297.300012][T10433] chnl_net:caif_netlink_parms(): no params data found [ 297.323597][T10490] netlink: 'syz.7.1649': attribute type 1 has an invalid length. [ 297.355502][T10490] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1649'. [ 297.652795][T10506] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 297.667301][T10433] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.677816][T10505] loop4: detected capacity change from 0 to 7 [ 297.691303][T10433] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.712374][T10505] loop4: [POWERTEC] p1 p2 p3 [ 297.714000][T10433] bridge_slave_0: entered allmulticast mode [ 297.729268][T10505] loop4: p1 start 1600481121 is beyond EOD, truncated [ 297.737335][T10433] bridge_slave_0: entered promiscuous mode [ 297.746691][T10505] loop4: p2 start 33554432 is beyond EOD, truncated [ 297.756581][T10505] loop4: p3 start 131072 is beyond EOD, truncated [ 297.768241][T10433] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.785459][T10433] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.792822][T10433] bridge_slave_1: entered allmulticast mode [ 297.817203][T10433] bridge_slave_1: entered promiscuous mode [ 297.931696][T10433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.972018][T10433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 298.104792][T10433] team0: Port device team_slave_0 added [ 298.128411][T10433] team0: Port device team_slave_1 added [ 298.234347][T10433] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.241721][T10433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.274824][T10433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.291765][T10433] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.299169][T10433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.325295][ C0] vkms_vblank_simulate: vblank timer overrun [ 298.365238][T10433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.402601][T10524] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1663'. [ 298.446096][T10524] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1663'. [ 298.459041][T10433] hsr_slave_0: entered promiscuous mode [ 298.469963][T10433] hsr_slave_1: entered promiscuous mode [ 298.725509][ T5820] Bluetooth: hci3: command tx timeout [ 299.422175][T10433] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 299.461440][T10433] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 299.490909][T10433] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 299.520106][T10433] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 299.613049][T10557] vlan2: entered allmulticast mode [ 299.629169][T10563] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.1677'. [ 299.641407][T10557] vlan1: entered allmulticast mode [ 299.665299][T10557] veth0_vlan: entered allmulticast mode [ 299.989886][T10433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.020217][T10433] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.068020][ T4409] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.075280][ T4409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.118769][ T4409] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.126022][ T4409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.762452][T10433] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.815767][ T5820] Bluetooth: hci3: command tx timeout [ 301.520788][T10433] veth0_vlan: entered promiscuous mode [ 301.580403][T10433] veth1_vlan: entered promiscuous mode [ 301.646756][T10433] veth0_macvtap: entered promiscuous mode [ 301.681698][T10433] veth1_macvtap: entered promiscuous mode [ 301.761112][T10433] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 301.906034][T10433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 301.959262][T10433] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.009599][T10433] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.023849][T10433] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.039302][T10433] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.671282][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.703442][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.749229][T10659] kernel read not supported for file /!sel (pid: 10659 comm: syz.6.1713) [ 302.750701][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.771284][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.780518][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 302.780536][ T30] audit: type=1800 audit(1751462054.348:564): pid=10659 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.1713" name="!sel" dev="mqueue" ino=42271 res=0 errno=0 [ 302.895205][ C0] ------------[ cut here ]------------ [ 302.900980][ C0] workqueue: cannot queue hci_cmd_timeout on wq hci3 [ 302.907810][ C0] WARNING: CPU: 0 PID: 10660 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0 [ 302.916984][ C0] Modules linked in: [ 302.921226][ C0] CPU: 0 UID: 0 PID: 10660 Comm: syz.6.1714 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 302.933332][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.943439][ C0] RIP: 0010:__queue_work+0xd62/0xfe0 [ 302.948795][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 c9 e3 96 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 c0 e0 89 8b 4c 89 fa e8 5f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 90 8b 35 00 90 0f 0b 90 e9 dd fc ff [ 302.968458][ C0] RSP: 0018:ffffc90000007b08 EFLAGS: 00010046 [ 302.974599][ C0] RAX: 01afb49a5fcef400 RBX: 0000000000000100 RCX: ffff8880347c3c00 [ 302.982630][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 302.990648][ C0] RBP: 1ffff11004fec738 R08: 0000000000000003 R09: 0000000000000004 [ 302.998714][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa9fc R12: dffffc0000000000 [ 303.006912][ C0] R13: ffff8880216bc988 R14: 0000000000000008 R15: ffff888027f63978 [ 303.014932][ C0] FS: 0000555570b8b500(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000 [ 303.023927][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 303.030562][ C0] CR2: 0000200000000000 CR3: 00000000338d2000 CR4: 00000000003526f0 [ 303.038576][ C0] Call Trace: [ 303.041887][ C0] [ 303.044752][ C0] call_timer_fn+0x17e/0x5f0 [ 303.049374][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 303.055209][ C0] ? call_timer_fn+0xbe/0x5f0 [ 303.060046][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 303.065214][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 303.070445][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 303.076285][ C0] __run_timer_base+0x646/0x860 [ 303.081164][ C0] ? ktime_get+0x3e/0x1f0 [ 303.085527][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 303.090914][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 303.097278][ C0] run_timer_softirq+0xb7/0x180 [ 303.102239][ C0] handle_softirqs+0x283/0x870 [ 303.107033][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 303.111827][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 303.117143][ C0] __irq_exit_rcu+0xca/0x1f0 [ 303.121786][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 303.127034][ C0] irq_exit_rcu+0x9/0x30 [ 303.131301][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 303.136956][ C0] [ 303.139902][ C0] [ 303.142870][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 303.148868][ C0] RIP: 0010:__se_sys_futex+0xd7/0x400 [ 303.154265][ C0] Code: ff d0 6d 00 31 ff 4c 89 f6 e8 f5 7a 0c 00 4d 85 f6 74 49 4c 89 7c 24 08 4c 89 64 24 10 45 89 e7 41 81 e7 7f fe ff ff 45 89 fc <4c> 89 e7 48 c7 c6 50 fa 16 8e e8 6a 7b 0c 00 41 83 ff 08 7e 3b 41 [ 303.173887][ C0] RSP: 0018:ffffc9000458fde0 EFLAGS: 00000202 [ 303.179974][ C0] RAX: ffffffff81b3d77b RBX: dffffc0000000000 RCX: ffff8880347c3c00 [ 303.187987][ C0] RDX: 0000000000000000 RSI: 00007f600fdb5fa0 RDI: 0000000000000000 [ 303.195974][ C0] RBP: ffffc9000458fee0 R08: ffffc9000458fe6f R09: 0000000000000000 [ 303.203967][ C0] R10: ffffc9000458fe60 R11: fffff520008b1fce R12: 0000000000000001 [ 303.211988][ C0] R13: ffffc9000458fe60 R14: 00007f600fdb5fa0 R15: 0000000000000001 [ 303.219985][ C0] ? __se_sys_futex+0xbb/0x400 [ 303.224789][ C0] ? __pfx___se_sys_futex+0x10/0x10 [ 303.230013][ C0] ? rcu_is_watching+0x15/0xb0 [ 303.234806][ C0] ? __x64_sys_futex+0x21/0xf0 [ 303.239601][ C0] do_syscall_64+0xfa/0x3b0 [ 303.244132][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 303.249362][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.255451][ C0] ? clear_bhb_loop+0x60/0xb0 [ 303.260152][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.266068][ C0] RIP: 0033:0x7f600fb8e929 [ 303.270503][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.290131][ C0] RSP: 002b:00007ffd09304e38 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 303.298574][ C0] RAX: ffffffffffffffda RBX: 00007f600fdb5fa8 RCX: 00007f600fb8e929 [ 303.306567][ C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f600fdb5fa8 [ 303.314554][ C0] RBP: 0000000000000000 R08: 0000000000000038 R09: 000000030930512f [ 303.322544][ C0] R10: 00007f600fdb5fa0 R11: 0000000000000246 R12: 00007f600fdb5fac [ 303.330532][ C0] R13: 00007f600fdb5fa0 R14: 0000000000001a00 R15: 0000000000000006 [ 303.338545][ C0] [ 303.341597][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 303.348892][ C0] CPU: 0 UID: 0 PID: 10660 Comm: syz.6.1714 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 303.360978][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 303.371057][ C0] Call Trace: [ 303.374347][ C0] [ 303.377206][ C0] dump_stack_lvl+0x99/0x250 [ 303.381822][ C0] ? __asan_memcpy+0x40/0x70 [ 303.386428][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.391651][ C0] ? __pfx__printk+0x10/0x10 [ 303.396271][ C0] panic+0x2db/0x790 [ 303.400208][ C0] ? __pfx_panic+0x10/0x10 [ 303.404648][ C0] ? show_trace_log_lvl+0x4fb/0x550 [ 303.409891][ C0] __warn+0x31b/0x4b0 [ 303.413893][ C0] ? __queue_work+0xd62/0xfe0 [ 303.418593][ C0] ? __queue_work+0xd62/0xfe0 [ 303.423290][ C0] report_bug+0x2be/0x4f0 [ 303.427641][ C0] ? __queue_work+0xd62/0xfe0 [ 303.432346][ C0] ? __queue_work+0xd62/0xfe0 [ 303.437040][ C0] ? __queue_work+0xd64/0xfe0 [ 303.441737][ C0] handle_bug+0x84/0x160 [ 303.445996][ C0] exc_invalid_op+0x1a/0x50 [ 303.450516][ C0] asm_exc_invalid_op+0x1a/0x20 [ 303.455414][ C0] RIP: 0010:__queue_work+0xd62/0xfe0 [ 303.460725][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 c9 e3 96 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 c0 e0 89 8b 4c 89 fa e8 5f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 90 8b 35 00 90 0f 0b 90 e9 dd fc ff [ 303.480386][ C0] RSP: 0018:ffffc90000007b08 EFLAGS: 00010046 [ 303.486483][ C0] RAX: 01afb49a5fcef400 RBX: 0000000000000100 RCX: ffff8880347c3c00 [ 303.494473][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 303.502462][ C0] RBP: 1ffff11004fec738 R08: 0000000000000003 R09: 0000000000000004 [ 303.510454][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa9fc R12: dffffc0000000000 [ 303.518710][ C0] R13: ffff8880216bc988 R14: 0000000000000008 R15: ffff888027f63978 [ 303.526722][ C0] ? __queue_work+0xd61/0xfe0 [ 303.531615][ C0] call_timer_fn+0x17e/0x5f0 [ 303.536239][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 303.542105][ C0] ? call_timer_fn+0xbe/0x5f0 [ 303.546803][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 303.551943][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 303.557160][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 303.562993][ C0] __run_timer_base+0x646/0x860 [ 303.567861][ C0] ? ktime_get+0x3e/0x1f0 [ 303.572239][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 303.577626][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 303.583893][ C0] run_timer_softirq+0xb7/0x180 [ 303.588761][ C0] handle_softirqs+0x283/0x870 [ 303.593554][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 303.598345][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 303.603662][ C0] __irq_exit_rcu+0xca/0x1f0 [ 303.608282][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 303.613533][ C0] irq_exit_rcu+0x9/0x30 [ 303.617799][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 303.623457][ C0] [ 303.626399][ C0] [ 303.629340][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 303.635351][ C0] RIP: 0010:__se_sys_futex+0xd7/0x400 [ 303.640751][ C0] Code: ff d0 6d 00 31 ff 4c 89 f6 e8 f5 7a 0c 00 4d 85 f6 74 49 4c 89 7c 24 08 4c 89 64 24 10 45 89 e7 41 81 e7 7f fe ff ff 45 89 fc <4c> 89 e7 48 c7 c6 50 fa 16 8e e8 6a 7b 0c 00 41 83 ff 08 7e 3b 41 [ 303.660394][ C0] RSP: 0018:ffffc9000458fde0 EFLAGS: 00000202 [ 303.666520][ C0] RAX: ffffffff81b3d77b RBX: dffffc0000000000 RCX: ffff8880347c3c00 [ 303.674515][ C0] RDX: 0000000000000000 RSI: 00007f600fdb5fa0 RDI: 0000000000000000 [ 303.682517][ C0] RBP: ffffc9000458fee0 R08: ffffc9000458fe6f R09: 0000000000000000 [ 303.690509][ C0] R10: ffffc9000458fe60 R11: fffff520008b1fce R12: 0000000000000001 [ 303.698498][ C0] R13: ffffc9000458fe60 R14: 00007f600fdb5fa0 R15: 0000000000000001 [ 303.706500][ C0] ? __se_sys_futex+0xbb/0x400 [ 303.711560][ C0] ? __pfx___se_sys_futex+0x10/0x10 [ 303.716803][ C0] ? rcu_is_watching+0x15/0xb0 [ 303.721599][ C0] ? __x64_sys_futex+0x21/0xf0 [ 303.726381][ C0] do_syscall_64+0xfa/0x3b0 [ 303.730909][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 303.736131][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.742210][ C0] ? clear_bhb_loop+0x60/0xb0 [ 303.746906][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.752820][ C0] RIP: 0033:0x7f600fb8e929 [ 303.757251][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.776872][ C0] RSP: 002b:00007ffd09304e38 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 303.785333][ C0] RAX: ffffffffffffffda RBX: 00007f600fdb5fa8 RCX: 00007f600fb8e929 [ 303.793350][ C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f600fdb5fa8 [ 303.801345][ C0] RBP: 0000000000000000 R08: 0000000000000038 R09: 000000030930512f [ 303.809350][ C0] R10: 00007f600fdb5fa0 R11: 0000000000000246 R12: 00007f600fdb5fac [ 303.817360][ C0] R13: 00007f600fdb5fa0 R14: 0000000000001a00 R15: 0000000000000006 [ 303.825369][ C0] [ 303.828738][ C0] Kernel Offset: disabled [ 303.833078][ C0] Rebooting in 86400 seconds..