last executing test programs: 58.169063845s ago: executing program 4 (id=550): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x3}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000440)="97713b46fb"}) 58.01163186s ago: executing program 4 (id=553): syz_io_uring_setup(0x4b6, &(0x7f0000000080)={0x0, 0x2361, 0x0, 0x2}, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYBLOB="e4fb070008000700080001"], 0x16) r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000480), &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000000580)="ed", 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r0}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={'blake2b-256\x00'}}) 57.323227286s ago: executing program 4 (id=554): r0 = io_uring_setup(0x662, &(0x7f0000001740)={0x0, 0x0, 0x0, 0x4000000}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) io_uring_register$IORING_UNREGISTER_RING_FDS(r0, 0x15, &(0x7f00000010c0)=[{0x0, 0x0, 0x0, 0x0, 0x0}], 0x1) 56.489265637s ago: executing program 4 (id=562): r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x20, 0x0, &(0x7f0000000040)=0xfffffffffffffd9a) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat(0xffffffffffffffff, 0x0, 0xd40, 0x100) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x200000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) socket$packet(0x11, 0x2, 0x300) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) listen(r4, 0x3) accept4(r4, 0x0, 0x0, 0x0) getsockopt$netlink(r3, 0x10e, 0x5, 0x0, &(0x7f0000000100)) 52.381773749s ago: executing program 4 (id=577): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201500219107908e8048968cd2b01020301090212000101ff10020904418b80ffffff04"], &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x22, 0x2, 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f7", 0xf4240}], 0x1}], 0x1, 0xf0ff) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r3) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b0000000904000002"], 0x0) syz_open_dev$midi(0x0, 0x500, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYRES64=r1], 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10) r5 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) pipe2$watch_queue(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f00000001c0)=0x2) ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x200, 0x2, {0x4, @pix={0x7, 0x8, 0x34565559, 0x5, 0x800000, 0xfffffff3, 0x5, 0x983e, 0x1, 0x3, 0x2}}, 0x9}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x802222, 0x0) read$FUSE(r6, &(0x7f00000006c0)={0x2020}, 0x2020) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r8, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000280), 0x0) 42.632484053s ago: executing program 4 (id=611): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) r1 = socket$rxrpc(0x21, 0x2, 0xa) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x11) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x100, @empty, 0xe}}, 0x24) r4 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) socket$rxrpc(0x21, 0x2, 0x2) r7 = syz_open_procfs(0x0, &(0x7f00000004c0)='mounts\x00') r8 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000500)={0x10000000}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) umount2(&(0x7f0000000400)='./file0\x00', 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000280)={0x401, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, &(0x7f0000000200)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280), 0x0, 0x0, '\x00', 0x4}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) 26.925900963s ago: executing program 32 (id=611): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) r1 = socket$rxrpc(0x21, 0x2, 0xa) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x11) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e23, 0x100, @empty, 0xe}}, 0x24) r4 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) socket$rxrpc(0x21, 0x2, 0x2) r7 = syz_open_procfs(0x0, &(0x7f00000004c0)='mounts\x00') r8 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000500)={0x10000000}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) umount2(&(0x7f0000000400)='./file0\x00', 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000280)={0x401, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, &(0x7f0000000200)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280), 0x0, 0x0, '\x00', 0x4}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) 13.38988343s ago: executing program 3 (id=670): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x10) 13.132106549s ago: executing program 3 (id=672): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4001, 0xb, @loopback, 0x9}, 0x1c) 13.066111275s ago: executing program 0 (id=673): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x8089, 0x1}, 0x50) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x400, 0x0) ioctl$COMEDI_INSNLIST(r3, 0x8010640b, &(0x7f00000be640)={0x829, &(0x7f00000be500)=[{0xa000006, 0x0, 0x0, 0x1, 0xfffffff8}]}) 12.792153094s ago: executing program 3 (id=674): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x400443c9, 0x20000002) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) close(0x3) r3 = socket(0x2, 0x80805, 0x0) shutdown(0xffffffffffffffff, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, &(0x7f0000000040)) sendmmsg$inet_sctp(r3, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[], 0x30}], 0x1, 0x0) getsockopt$bt_hci(r2, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b) 9.305772912s ago: executing program 3 (id=678): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pread64(r0, &(0x7f0000000440)=""/176, 0xb0, 0x200) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0xcc93f1266b77d0bf}, 0x8040) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) munmap(&(0x7f00006bb000/0x1000)=nil, 0x1000) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r5, &(0x7f0000005180)={0x2020}, 0x2020) socket(0x40000000015, 0x5, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000000340)={'gre0\x00', &(0x7f0000000200)=@ethtool_ringparam={0x10, 0x80000001, 0x3, 0x1, 0xd, 0xefe, 0x0, 0x0, 0x8}}) socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20008050) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = mq_open(&(0x7f0000000080)='$@\x00', 0x40, 0xb4, 0x0) fcntl$setlease(r8, 0x400, 0x0) mq_open(&(0x7f0000000140)='$@\x00', 0x1, 0x0, 0x0) mq_unlink(&(0x7f0000000000)='$@\x00') close_range(r7, 0xffffffffffffffff, 0x0) 9.276446414s ago: executing program 0 (id=679): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9.272617738s ago: executing program 2 (id=680): socket$inet(0x2, 0xa, 0x262) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x0, 0x4000000, 0x8, 0xd, 0x200, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_buf(r3, 0x11e, 0xd, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x3) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000000)="2e000000010002", 0x7) 7.97752001s ago: executing program 2 (id=681): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)={0x3c, 0x20, 0x1, 0x0, 0x25dfdbfb, "", [@nested={0x2c, 0x117, 0x0, 0x1, [@typed={0xc, 0x16, 0x0, 0x0, @u64=0xfac06}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}}, @typed={0x8, 0xeb, 0x0, 0x0, @u32=0x7}]}]}, 0x3c}], 0x1, 0x0, 0x0, 0x1}, 0x0) 7.891906913s ago: executing program 2 (id=682): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/address_bits', 0x0, 0x0) r1 = syz_usb_connect(0x2, 0x24, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000001300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000780)={0x1c, &(0x7f0000001040)=ANY=[@ANYBLOB="00170e000000caacd132575a242c756a8b991e"], 0x0, 0x0}) r2 = shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil) r3 = shmat(r2, &(0x7f0000ff9000/0x1000)=nil, 0x5000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) shmdt(r3) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3d8, 0x2f8, 0x1ec, 0x0, 0x2f8, 0x2f8, 0x2f8, 0x7fffffe, 0x0, {[{{@uncond, 0xbc, 0xe0}, @unspec=@STANDARD={0x24, '\x00', 0x0, 0xe0}}, {{@arp={@multicast2, @rand_addr=0x64010100, 0xff, 0xff000000, 0x10, 0x10, {@empty, {[0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0x0, 0xff, 0xff, 0xff]}}, 0x5, 0x6, 0x6, 0x40d, 0xf01, 0x5592, 'pim6reg0\x00', 'syz_tun\x00', {}, {0xff}, 0x0, 0x302}, 0xbc, 0x10c, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}, @mac=@link_local, @loopback, @empty, 0x7}}}, {{@arp={@rand_addr=0x64010100, @remote, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast, {[0x0, 0x0, 0x0, 0xff, 0xff]}}, {}, 0xe, 0x1, 0xfff8, 0x0, 0x0, 0xfff2, 'ip6_vti0\x00', 'netpci0\x00', {}, {}, 0x0, 0x84}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @empty, @multicast1, 0x1, 0x1}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x424) syz_usb_connect(0x0, 0x34, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000081bfe708460d1220577000000001090222002a0000000009040000011a137d00090500000000000000070567c7"], 0x0) symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r0, &(0x7f0000000040)='./file0\x00') ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000016000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b4ff010000000000000dd6e4edef3d93452a09004b43370e9703920723f97e46bb5c07540d3b", 0xd8}], 0x1}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000001040)={'ip_vti0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x3}}}}) 7.834584922s ago: executing program 0 (id=683): r0 = gettid() prctl$PR_SET_SECUREBITS(0x1c, 0x2c) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) setuid(0xee00) r1 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x1}, [{}], {0x4, 0x1}, [], {0x10, 0x6}}, 0x2c, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x40) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 6.137546339s ago: executing program 1 (id=685): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000080)={0x6, @private=0xa010102, 0x4c23, 0x2, 'lc\x00', 0x1d, 0x8, 0x1004002a}, 0x2c) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000440)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x6, 0xfe, 0x0, 0x7}]}, 0x8) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x4050}, 0x20000804) 5.987188858s ago: executing program 0 (id=686): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYBLOB, @ANYRES32, @ANYBLOB="0c002c80080000000800"], 0x28}, 0x1, 0x0, 0x0, 0x20000001}, 0x10) prlimit64(0x0, 0xe, &(0x7f00000002c0)={0xa, 0x4008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x84) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000040)='cgroup.max.depth\x00', 0x2, 0x0) sendfile(r8, r8, 0x0, 0x5) 5.778033002s ago: executing program 1 (id=687): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) close(0x3) r4 = socket(0x2, 0x80805, 0x0) shutdown(0xffffffffffffffff, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, &(0x7f0000000040)) sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[], 0x30}], 0x1, 0x0) getsockopt$bt_hci(r3, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b) 3.597065478s ago: executing program 0 (id=688): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x8089, 0x1}, 0x50) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r3}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x400, 0x0) ioctl$COMEDI_INSNLIST(r4, 0x8010640b, &(0x7f00000be640)={0x829, &(0x7f00000be500)=[{0xa000006, 0x0, 0x0, 0x1, 0xfffffff8}]}) 3.506614119s ago: executing program 1 (id=689): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) close(0x3) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socket$inet6(0xa, 0x2, 0x0) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x9) futex(0x0, 0xa, 0x0, 0x0, 0x0, 0xf2ffffff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.numa_stat\x00', 0x275a, 0x0) socket$caif_seqpacket(0x25, 0x5, 0x0) syz_open_dev$mouse(&(0x7f0000000180), 0x10, 0xc0000) mmap(&(0x7f0000315000/0x3000)=nil, 0x3000, 0x6, 0x30, r1, 0x68b2b000) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r2 = syz_open_dev$evdev(&(0x7f00000002c0), 0xc000, 0x142) write$evdev(r2, &(0x7f0000000640)=[{{0x77359400}, 0x1, 0x7f, 0x2}, {}], 0x30) 3.473160267s ago: executing program 2 (id=690): socket$inet(0x2, 0xa, 0x262) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x0, 0x4000000, 0x8, 0xd, 0x200, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_buf(r3, 0x11e, 0xd, 0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x3) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000000)="2e000000010002", 0x7) 2.004836839s ago: executing program 1 (id=691): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)={0x3c, 0x20, 0x1, 0x0, 0x25dfdbfb, "", [@nested={0x2c, 0x117, 0x0, 0x1, [@typed={0xc, 0x16, 0x0, 0x0, @u64=0xfac06}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}}, @typed={0x8, 0xeb, 0x0, 0x0, @u32=0x7}]}]}, 0x3c}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.546171888s ago: executing program 2 (id=692): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.329964949s ago: executing program 3 (id=693): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000050) bind$tipc(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6(0xa, 0x3, 0xff) sendto(r2, 0x0, 0xa00, 0x810, &(0x7f00000008c0)=@nl=@unspec={0x0, 0x700, 0x0, 0x80fe}, 0x80) sendmsg$netlink(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b"], 0x20}], 0x1}, 0x0) 1.260570222s ago: executing program 0 (id=694): openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_80211_inject_frame(&(0x7f00000000c0), 0x0, 0x36) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000001a00), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r3, &(0x7f0000001b40)={0x0, 0x0, &(0x7f0000001b00)={&(0x7f0000001a40)={0x14, r4, 0x528ea124191aeb57, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000084}, 0x48044) 1.258958355s ago: executing program 1 (id=695): r0 = gettid() prctl$PR_SET_SECUREBITS(0x1c, 0x2c) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) setuid(0xee00) r1 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x1}, [{}], {0x4, 0x1}, [], {0x10, 0x6}}, 0x2c, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x40) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 111.915888ms ago: executing program 3 (id=696): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080) r0 = socket$netlink(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4001, 0xb, @loopback, 0x9}, 0x1c) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r2, 0xfffffffc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 7.948061ms ago: executing program 1 (id=697): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000ffdb", @ANYRES32, @ANYBLOB="0c002c80080000000800"], 0x28}, 0x1, 0x0, 0x0, 0x20000001}, 0x10) prlimit64(0x0, 0xe, &(0x7f00000002c0)={0xa, 0x4008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x84) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000040)='cgroup.max.depth\x00', 0x2, 0x0) sendfile(r8, r8, 0x0, 0x5) 0s ago: executing program 2 (id=698): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) close(0x3) r4 = socket(0x2, 0x80805, 0x0) shutdown(0xffffffffffffffff, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, &(0x7f0000000040)) sendmmsg$inet_sctp(r4, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[], 0x30}], 0x1, 0x0) getsockopt$bt_hci(r3, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.202' (ED25519) to the list of known hosts. [ 74.377734][ T5788] cgroup: Unknown subsys name 'net' [ 74.619106][ T5788] cgroup: Unknown subsys name 'cpuset' [ 74.675291][ T5788] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.316266][ T5788] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.818468][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.820016][ T5799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.820774][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.821966][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.823146][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.890145][ T5118] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.904093][ T5118] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.914344][ T5118] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.923704][ T5118] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.933136][ T5118] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.069875][ T5799] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.085125][ T5804] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.085838][ T5804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.087370][ T5804] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.089868][ T5804] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.090376][ T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.093967][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.145809][ T5811] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.146960][ T5811] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.150753][ T5811] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.179835][ T5811] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.182716][ T5811] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.194858][ T5118] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.207895][ T5811] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.210113][ T5811] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.760823][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 80.060556][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 80.169144][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 80.347222][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 80.463336][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.464060][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.464405][ T5798] bridge_slave_0: entered allmulticast mode [ 80.486133][ T5798] bridge_slave_0: entered promiscuous mode [ 80.490867][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 80.601438][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.601524][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.601622][ T5798] bridge_slave_1: entered allmulticast mode [ 80.603284][ T5798] bridge_slave_1: entered promiscuous mode [ 80.925679][ T5799] Bluetooth: hci0: command tx timeout [ 81.005168][ T5799] Bluetooth: hci1: command tx timeout [ 81.162148][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.162221][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.162508][ T5802] bridge_slave_0: entered allmulticast mode [ 81.163955][ T5802] bridge_slave_0: entered promiscuous mode [ 81.181637][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.244753][ T5799] Bluetooth: hci3: command tx timeout [ 81.244762][ T5811] Bluetooth: hci2: command tx timeout [ 81.275878][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.276012][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.276294][ T5802] bridge_slave_1: entered allmulticast mode [ 81.277811][ T5802] bridge_slave_1: entered promiscuous mode [ 81.289557][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.325018][ T5799] Bluetooth: hci4: command tx timeout [ 81.577097][ T992] cfg80211: failed to load regulatory.db [ 81.627609][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.627681][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.627785][ T5807] bridge_slave_0: entered allmulticast mode [ 81.629219][ T5807] bridge_slave_0: entered promiscuous mode [ 81.925583][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.925673][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.925774][ T5807] bridge_slave_1: entered allmulticast mode [ 81.927234][ T5807] bridge_slave_1: entered promiscuous mode [ 81.930902][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.931116][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.931256][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.933219][ T5808] bridge_slave_0: entered allmulticast mode [ 81.936514][ T5808] bridge_slave_0: entered promiscuous mode [ 81.943207][ T5798] team0: Port device team_slave_0 added [ 82.267458][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.267681][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.267766][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.267873][ T5808] bridge_slave_1: entered allmulticast mode [ 82.269341][ T5808] bridge_slave_1: entered promiscuous mode [ 82.271712][ T5798] team0: Port device team_slave_1 added [ 82.272290][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.272371][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.272464][ T5812] bridge_slave_0: entered allmulticast mode [ 82.273906][ T5812] bridge_slave_0: entered promiscuous mode [ 82.585884][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.585997][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.586113][ T5812] bridge_slave_1: entered allmulticast mode [ 82.587580][ T5812] bridge_slave_1: entered promiscuous mode [ 82.590797][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.897333][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.898763][ T5802] team0: Port device team_slave_0 added [ 82.901913][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.903166][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.903175][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.903187][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.005123][ T5799] Bluetooth: hci0: command tx timeout [ 83.084839][ T5799] Bluetooth: hci1: command tx timeout [ 83.106842][ T5802] team0: Port device team_slave_1 added [ 83.109128][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.109746][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.109754][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.109767][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.324756][ T5799] Bluetooth: hci2: command tx timeout [ 83.331137][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.334903][ T5799] Bluetooth: hci3: command tx timeout [ 83.404770][ T5799] Bluetooth: hci4: command tx timeout [ 83.564073][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.566257][ T5807] team0: Port device team_slave_0 added [ 83.756853][ T5807] team0: Port device team_slave_1 added [ 83.757657][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.757665][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.757677][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.759815][ T5808] team0: Port device team_slave_0 added [ 83.897130][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.897145][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.897167][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.900769][ T5808] team0: Port device team_slave_1 added [ 83.976878][ T5812] team0: Port device team_slave_0 added [ 84.197027][ T5812] team0: Port device team_slave_1 added [ 84.197855][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.197864][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.197876][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.500964][ T5798] hsr_slave_0: entered promiscuous mode [ 84.501959][ T5798] hsr_slave_1: entered promiscuous mode [ 84.566034][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.566044][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.566057][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.567836][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.567844][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.567857][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.766752][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.766772][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.766785][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.768224][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.768231][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.768244][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.926577][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.926591][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.926613][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.933031][ T5802] hsr_slave_0: entered promiscuous mode [ 84.933770][ T5802] hsr_slave_1: entered promiscuous mode [ 84.934436][ T5802] debugfs: 'hsr0' already exists in 'hsr' [ 84.934517][ T5802] Cannot create hsr debugfs directory [ 85.084885][ T5799] Bluetooth: hci0: command tx timeout [ 85.165267][ T5799] Bluetooth: hci1: command tx timeout [ 85.388382][ T5807] hsr_slave_0: entered promiscuous mode [ 85.389170][ T5807] hsr_slave_1: entered promiscuous mode [ 85.389735][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 85.389752][ T5807] Cannot create hsr debugfs directory [ 85.405302][ T5811] Bluetooth: hci2: command tx timeout [ 85.405385][ T5799] Bluetooth: hci3: command tx timeout [ 85.484744][ T5799] Bluetooth: hci4: command tx timeout [ 85.701794][ T5808] hsr_slave_0: entered promiscuous mode [ 85.702580][ T5808] hsr_slave_1: entered promiscuous mode [ 85.703125][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 85.703143][ T5808] Cannot create hsr debugfs directory [ 85.831933][ T5812] hsr_slave_0: entered promiscuous mode [ 85.832703][ T5812] hsr_slave_1: entered promiscuous mode [ 85.833235][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 85.833253][ T5812] Cannot create hsr debugfs directory [ 87.034298][ T5798] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.057822][ T5798] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.088646][ T5798] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.118721][ T5798] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.165085][ T5799] Bluetooth: hci0: command tx timeout [ 87.223356][ T5802] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 87.244781][ T5799] Bluetooth: hci1: command tx timeout [ 87.250000][ T5802] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 87.278891][ T5802] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 87.338580][ T5802] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 87.427606][ T5807] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.463059][ T5807] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.479855][ T5807] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.484788][ T5811] Bluetooth: hci2: command tx timeout [ 87.484826][ T5799] Bluetooth: hci3: command tx timeout [ 87.541712][ T5807] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.564952][ T5799] Bluetooth: hci4: command tx timeout [ 87.650695][ T5808] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.695625][ T5808] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.722512][ T5808] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.772559][ T5808] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.883977][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.913383][ T5812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.941817][ T5812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.980722][ T5812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.026984][ T5812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.081196][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.117878][ T5091] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.118483][ T5091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.147109][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.163600][ T5091] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.163703][ T5091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.238349][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.268765][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.280313][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.280535][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.311013][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.311159][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.364045][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.397580][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.416629][ T1169] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.416896][ T1169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.461883][ T1169] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.462739][ T1169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.524530][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.562554][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.573493][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.573728][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.614157][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.622804][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.701148][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.740690][ T3623] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.741057][ T3623] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.804530][ T5091] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.807909][ T5091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.846441][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.046580][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.104993][ T5798] veth0_vlan: entered promiscuous mode [ 89.121481][ T5798] veth1_vlan: entered promiscuous mode [ 89.296938][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.346637][ T5798] veth0_macvtap: entered promiscuous mode [ 89.382427][ T5798] veth1_macvtap: entered promiscuous mode [ 89.497472][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.502147][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.546822][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.573615][ T5807] veth0_vlan: entered promiscuous mode [ 89.588578][ T66] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.592045][ T66] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.595650][ T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.601653][ T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.606431][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.622248][ T5807] veth1_vlan: entered promiscuous mode [ 89.870702][ T5808] veth0_vlan: entered promiscuous mode [ 89.926702][ T5802] veth0_vlan: entered promiscuous mode [ 89.941025][ T5807] veth0_macvtap: entered promiscuous mode [ 89.942329][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.942348][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.950974][ T5808] veth1_vlan: entered promiscuous mode [ 89.977035][ T5807] veth1_macvtap: entered promiscuous mode [ 90.001214][ T5812] veth0_vlan: entered promiscuous mode [ 90.002878][ T5802] veth1_vlan: entered promiscuous mode [ 90.042409][ T1169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.042425][ T1169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.062344][ T5812] veth1_vlan: entered promiscuous mode [ 90.076871][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.121408][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.149532][ T5808] veth0_macvtap: entered promiscuous mode [ 90.150473][ T1469] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.152810][ T1469] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.187726][ T1469] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.205133][ T1469] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.209127][ T5808] veth1_macvtap: entered promiscuous mode [ 90.220031][ T5802] veth0_macvtap: entered promiscuous mode [ 90.278575][ T5802] veth1_macvtap: entered promiscuous mode [ 90.369782][ T5812] veth0_macvtap: entered promiscuous mode [ 90.438673][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.455440][ T5812] veth1_macvtap: entered promiscuous mode [ 90.491970][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.494303][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.599211][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.599272][ T66] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.630261][ T66] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.633928][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.633944][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.636859][ T66] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.683314][ T66] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.709285][ T66] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.732647][ T5921] sctp: [Deprecated]: syz.0.6 (pid 5921) Use of struct sctp_assoc_value in delayed_ack socket option. [ 90.732647][ T5921] Use struct sctp_sack_info instead [ 90.761980][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.762058][ T66] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.785510][ T66] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.790972][ T66] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.791789][ T1469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.791804][ T1469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.858936][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.972309][ T3623] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.973925][ T3623] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.982209][ T3623] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.989247][ T3623] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.145484][ T1469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.145503][ T1469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.313259][ T1469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.313276][ T1469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.373462][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.373477][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.508900][ T1469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.508918][ T1469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.667258][ T1169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.667275][ T1169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.881461][ T1169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.881479][ T1169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.073537][ T5931] syz.0.9 (5931) used greatest stack depth: 17704 bytes left [ 92.241962][ T5874] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.724119][ T5874] usb 4-1: Using ep0 maxpacket: 8 [ 93.227309][ T5948] binder: 5941:5948 ioctl c018620c 200000000100 returned -1 [ 93.249638][ T5874] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 93.249664][ T5874] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 93.249682][ T5874] usb 4-1: Product: syz [ 93.249694][ T5874] usb 4-1: Manufacturer: syz [ 93.249706][ T5874] usb 4-1: SerialNumber: syz [ 93.309700][ T5874] usb 4-1: config 0 descriptor?? [ 93.361871][ T5874] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 93.921075][ T5874] gspca_zc3xx: reg_r err -71 [ 93.921164][ T5874] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 94.020912][ T5874] usb 4-1: USB disconnect, device number 2 [ 95.048528][ T5964] random: crng reseeded on system resumption [ 95.234848][ T5803] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 95.556232][ T5803] usb 5-1: Using ep0 maxpacket: 8 [ 95.563071][ T5803] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 95.563087][ T5803] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.563096][ T5803] usb 5-1: Product: syz [ 95.563103][ T5803] usb 5-1: Manufacturer: syz [ 95.563109][ T5803] usb 5-1: SerialNumber: syz [ 95.613991][ T5803] usb 5-1: config 0 descriptor?? [ 95.875488][ T5803] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 96.238657][ T37] audit: type=1326 audit(1761400561.954:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.238706][ T37] audit: type=1326 audit(1761400561.964:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.238744][ T37] audit: type=1326 audit(1761400561.964:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.239019][ T37] audit: type=1326 audit(1761400561.964:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.277370][ T37] audit: type=1326 audit(1761400561.994:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.293562][ T37] audit: type=1326 audit(1761400562.014:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.307319][ T37] audit: type=1326 audit(1761400562.024:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.310201][ T37] audit: type=1326 audit(1761400562.034:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.322305][ T37] audit: type=1326 audit(1761400562.044:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.329388][ T37] audit: type=1326 audit(1761400562.044:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5978 comm="syz.3.23" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff5c316efc9 code=0x7ffc0000 [ 96.588619][ T5979] syzkaller0: entered promiscuous mode [ 96.588643][ T5979] syzkaller0: entered allmulticast mode [ 96.754968][ T31] kernel write not supported for file /dsp (pid: 31 comm: kworker/1:0) [ 96.894479][ T5985] binder: 5984:5985 ioctl c0306201 0 returned -14 [ 97.605224][ T5803] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 97.633435][ T5803] usb 5-1: USB disconnect, device number 2 [ 97.994034][ T5998] pim6reg: entered allmulticast mode [ 97.999296][ T5996] pim6reg: left allmulticast mode [ 98.307267][ C1] vkms_vblank_simulate: vblank timer overrun [ 98.845517][ C1] vkms_vblank_simulate: vblank timer overrun [ 99.049765][ C1] vkms_vblank_simulate: vblank timer overrun [ 99.094806][ T6009] binder: 6004:6009 ioctl c018620c 200000000100 returned -1 [ 99.373144][ C1] vkms_vblank_simulate: vblank timer overrun [ 100.019262][ C1] vkms_vblank_simulate: vblank timer overrun [ 100.211695][ C1] vkms_vblank_simulate: vblank timer overrun [ 100.876079][ C1] vkms_vblank_simulate: vblank timer overrun [ 101.114432][ T6026] binder: 6025:6026 ioctl c0306201 0 returned -14 [ 101.566097][ T6031] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.002135][ T6046] netlink: 184 bytes leftover after parsing attributes in process `syz.0.42'. [ 103.439725][ T31] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 103.681917][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.681947][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.682182][ T31] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 103.682226][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.327307][ T31] usb 4-1: config 0 descriptor?? [ 104.892915][ T31] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 104.892951][ T31] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 104.892975][ T31] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 104.892998][ T31] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 104.893022][ T31] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 104.893045][ T31] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 104.893069][ T31] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 105.004672][ T31] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 105.067970][ T31] cp2112 0003:10C4:EA90.0001: Part Number: 0x00 Device Version: 0x00 [ 105.304656][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.305694][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.574656][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.584678][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.584797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 105.589381][ T6082] binder: 6077:6082 ioctl c018620c 200000000100 returned -1 [ 106.257253][ T31] cp2112 0003:10C4:EA90.0001: error reading lock byte: -71 [ 106.524638][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.968698][ T6076] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 106.969086][ T6076] block device autoloading is deprecated and will be removed. [ 107.191360][ T0] NOHZ tick-stop error: local softirq work is pending, handler #88!!! [ 107.191391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #88!!! [ 107.794644][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.829143][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 110.640183][ T31] usb 4-1: USB disconnect, device number 3 [ 111.506505][ T6109] Zero length message leads to an empty skb [ 116.031605][ T6159] netlink: 24 bytes leftover after parsing attributes in process `syz.2.79'. [ 117.313434][ T6178] binder: 6171:6178 ioctl c018620c 200000000100 returned -1 [ 119.234299][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.542933][ C0] vkms_vblank_simulate: vblank timer overrun [ 119.737995][ T6203] netlink: 24 bytes leftover after parsing attributes in process `syz.4.93'. [ 120.585803][ C0] vkms_vblank_simulate: vblank timer overrun [ 121.536593][ T6229] binder: 6221:6229 ioctl c018620c 200000000100 returned -1 [ 122.017874][ T6240] netlink: 24 bytes leftover after parsing attributes in process `syz.1.106'. [ 122.283174][ C0] vkms_vblank_simulate: vblank timer overrun [ 122.649730][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.154308][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.605757][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.905192][ C0] vkms_vblank_simulate: vblank timer overrun [ 123.982672][ C0] vkms_vblank_simulate: vblank timer overrun [ 124.354147][ T6257] syz.2.116 uses obsolete (PF_INET,SOCK_PACKET) [ 125.015077][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 125.334863][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 125.392482][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 125.392508][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.392525][ T10] usb 4-1: Product: syz [ 125.392537][ T10] usb 4-1: Manufacturer: syz [ 125.392550][ T10] usb 4-1: SerialNumber: syz [ 125.542980][ T10] usb 4-1: config 0 descriptor?? [ 126.412048][ T6281] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.413986][ T6281] batadv_slave_0: entered promiscuous mode [ 126.443103][ T10] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 126.585430][ T6282] binder: 6278:6282 ioctl c018620c 200000000100 returned -1 [ 127.884947][ T10] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 127.906804][ T10] usb 4-1: USB disconnect, device number 4 [ 129.681824][ T6312] netlink: 12 bytes leftover after parsing attributes in process `syz.1.133'. [ 131.313781][ T6325] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.322692][ T6325] batadv_slave_0: entered promiscuous mode [ 132.106694][ T6312] syz.1.133 (6312) used greatest stack depth: 17680 bytes left [ 132.390729][ T6329] binder: 6327:6329 ioctl c018620c 200000000100 returned -1 [ 132.775705][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.775791][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.144446][ T6339] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 133.707897][ C0] vkms_vblank_simulate: vblank timer overrun [ 134.580949][ C0] vkms_vblank_simulate: vblank timer overrun [ 135.344756][ C0] vkms_vblank_simulate: vblank timer overrun [ 135.479671][ C0] vkms_vblank_simulate: vblank timer overrun [ 139.588754][ T6396] binder: 6394:6396 ioctl c018620c 200000000100 returned -1 [ 142.088105][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.071519][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.298322][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.015626][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.146384][ T6430] netlink: 24 bytes leftover after parsing attributes in process `syz.4.160'. [ 144.647348][ T6435] binder: 6434:6435 ioctl c018620c 200000000100 returned -1 [ 145.133724][ C1] vkms_vblank_simulate: vblank timer overrun [ 145.720981][ C1] vkms_vblank_simulate: vblank timer overrun [ 145.911664][ C1] vkms_vblank_simulate: vblank timer overrun [ 146.584750][ T5845] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 146.595414][ C1] vkms_vblank_simulate: vblank timer overrun [ 147.186425][ T6459] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 147.194462][ T6459] batadv_slave_0: entered promiscuous mode [ 147.544946][ C1] vkms_vblank_simulate: vblank timer overrun [ 147.665469][ T5845] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 147.665499][ T5845] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 147.665538][ T5845] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 147.665558][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.672095][ T6452] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 147.724297][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.170539][ T5845] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 148.416606][ T5845] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input7 [ 148.750818][ T6464] Process accounting resumed [ 149.120615][ T5845] usb 1-1: USB disconnect, device number 2 [ 149.121317][ C0] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 149.235202][ T6478] mmap: syz.0.178 (6478) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 150.557512][ T6481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 153.217600][ T6499] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.218351][ T6499] batadv_slave_0: entered promiscuous mode [ 156.287181][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.194'. [ 156.305564][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.194'. [ 156.309569][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.194'. [ 156.315031][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.194'. [ 157.662176][ T6552] netlink: 24 bytes leftover after parsing attributes in process `syz.4.191'. [ 160.777336][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 161.533610][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 163.288231][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 163.288258][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.288275][ T10] usb 4-1: Product: syz [ 163.288286][ T10] usb 4-1: Manufacturer: syz [ 163.288298][ T10] usb 4-1: SerialNumber: syz [ 163.393667][ T10] usb 4-1: config 0 descriptor?? [ 163.509138][ T10] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71 [ 163.509238][ T10] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 163.553822][ T10] usb 4-1: USB disconnect, device number 5 [ 164.740437][ C0] vkms_vblank_simulate: vblank timer overrun [ 165.060728][ C0] vkms_vblank_simulate: vblank timer overrun [ 165.597160][ T5861] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 165.835420][ T5861] usb 5-1: Using ep0 maxpacket: 8 [ 166.193572][ T5861] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.296671][ T5861] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 166.296700][ T5861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 166.296721][ T5861] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 166.296740][ T5861] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 166.381358][ T5861] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 166.381384][ T5861] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 166.381402][ T5861] usb 5-1: Product: syz [ 166.381415][ T5861] usb 5-1: Manufacturer: syz [ 166.381427][ T5861] usb 5-1: SerialNumber: syz [ 166.427779][ T5861] usb 5-1: config 0 descriptor?? [ 166.433617][ C0] vkms_vblank_simulate: vblank timer overrun [ 166.634395][ T5861] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 166.645184][ T5861] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5 [ 166.924944][ T31] usb 5-1: USB disconnect, device number 3 [ 167.015656][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.095558][ T992] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 167.245585][ T992] usb 4-1: Using ep0 maxpacket: 8 [ 167.252661][ T992] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 167.252685][ T992] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.252702][ T992] usb 4-1: Product: syz [ 167.252714][ T992] usb 4-1: Manufacturer: syz [ 167.252726][ T992] usb 4-1: SerialNumber: syz [ 167.291204][ T992] usb 4-1: config 0 descriptor?? [ 167.304764][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 167.455024][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 167.458959][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 167.459360][ T10] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 167.459380][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.500203][ T992] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 167.531780][ T10] usb 1-1: config 0 descriptor?? [ 167.832709][ T6652] netlink: 24 bytes leftover after parsing attributes in process `syz.1.222'. [ 167.879247][ C0] vkms_vblank_simulate: vblank timer overrun [ 168.298678][ C0] vkms_vblank_simulate: vblank timer overrun [ 168.341185][ T10] corsair-cpro 0003:1B1C:0C10.0002: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.0-1/input0 [ 168.539738][ T10] corsair-cpro 0003:1B1C:0C10.0002: probe with driver corsair-cpro failed with error -71 [ 168.600232][ T10] usb 1-1: USB disconnect, device number 3 [ 169.022690][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.603288][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.738920][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.785225][ C0] vkms_vblank_simulate: vblank timer overrun [ 171.414762][ T31] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 171.525832][ T992] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 171.532467][ T992] usb 4-1: USB disconnect, device number 6 [ 171.569170][ T31] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 171.569194][ T31] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 171.569210][ T31] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 171.569226][ T31] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 171.572756][ T31] usb 1-1: string descriptor 0 read error: -22 [ 171.572905][ T31] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 171.572925][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.795021][ T31] usb 1-1: config 0 descriptor?? [ 171.802928][ T31] hub 1-1:0.0: bad descriptor, ignoring hub [ 171.802963][ T31] hub 1-1:0.0: probe with driver hub failed with error -5 [ 172.034864][ T1593] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 172.184713][ T1593] usb 2-1: Using ep0 maxpacket: 8 [ 172.187189][ T1593] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 172.187246][ T1593] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 172.187265][ T1593] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 172.187287][ T1593] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 172.187307][ T1593] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.187345][ T1593] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 172.187364][ T1593] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.528976][ T31] usb 1-1: USB disconnect, device number 4 [ 172.954870][ T1593] usb 2-1: GET_CAPABILITIES returned 0 [ 172.954919][ T1593] usbtmc 2-1:16.0: can't read capabilities [ 173.260712][ T5847] usb 2-1: USB disconnect, device number 2 [ 174.908557][ T6713] netlink: 24 bytes leftover after parsing attributes in process `syz.4.239'. [ 179.254708][ T1593] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 179.425370][ T1593] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 179.425395][ T1593] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 179.425412][ T1593] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.425428][ T1593] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 179.466818][ T1593] usb 2-1: string descriptor 0 read error: -22 [ 179.466962][ T1593] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 179.466983][ T1593] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.613672][ T1593] usb 2-1: config 0 descriptor?? [ 180.442677][ T1593] hub 2-1:0.0: bad descriptor, ignoring hub [ 180.442714][ T1593] hub 2-1:0.0: probe with driver hub failed with error -5 [ 182.668715][ T5861] usb 2-1: USB disconnect, device number 3 [ 183.937617][ T37] kauditd_printk_skb: 8 callbacks suppressed [ 183.937634][ T37] audit: type=1326 audit(1761400648.684:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6766 comm="syz.4.257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6dfe7fefc9 code=0x200000 [ 184.060261][ T6778] binder: BINDER_SET_CONTEXT_MGR already set [ 184.060275][ T6778] binder: 6775:6778 ioctl 4018620d 200000000040 returned -16 [ 184.061033][ T6778] binder: 6775:6778 ioctl c0306201 200000000500 returned -11 [ 184.183708][ T6781] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 187.222444][ T6809] tipc: Started in network mode [ 187.222475][ T6809] tipc: Node identity d239d8b0d07e, cluster identity 4711 [ 187.244685][ T6809] tipc: Enabled bearer , priority 0 [ 187.245745][ T6809] syzkaller0: entered promiscuous mode [ 187.245765][ T6809] syzkaller0: entered allmulticast mode [ 187.254893][ T5861] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 187.276862][ T6809] tipc: Resetting bearer [ 187.360687][ T6808] tipc: Resetting bearer [ 187.408907][ T5861] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 187.408932][ T5861] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 187.408950][ T5861] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.408966][ T5861] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 187.409003][ T5861] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 187.409039][ T5861] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 246 [ 187.423491][ T5861] usb 1-1: string descriptor 0 read error: -22 [ 187.423645][ T5861] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 187.423666][ T5861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.579373][ T5861] usb 1-1: config 0 descriptor?? [ 188.145530][ T5861] hub 1-1:0.0: bad descriptor, ignoring hub [ 188.146386][ T5861] hub 1-1:0.0: probe with driver hub failed with error -5 [ 188.343072][ T10] tipc: Node number set to 38262960 [ 188.395512][ T6808] tipc: Disabling bearer [ 188.515805][ T6801] netlink: 24 bytes leftover after parsing attributes in process `syz.3.267'. [ 188.585097][ T992] usb 1-1: USB disconnect, device number 5 [ 188.681333][ T6819] binder: 6815:6819 ioctl c018620c 200000000100 returned -1 [ 189.096366][ T6821] binder: 6820:6821 ioctl c0306201 0 returned -14 [ 189.111835][ T6821] binder: 6820:6821 ioctl c0306201 200000000500 returned -11 [ 189.889158][ T6832] Bluetooth: MGMT ver 1.23 [ 193.906547][ T5882] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 194.300332][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.301172][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.346477][ T5882] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 194.346503][ T5882] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 194.346520][ T5882] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.346537][ T5882] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 194.346571][ T5882] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 194.346607][ T5882] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 246 [ 194.416321][ T5882] usb 1-1: string descriptor 0 read error: -22 [ 194.416476][ T5882] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 194.416497][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.459689][ T5882] usb 1-1: config 0 descriptor?? [ 194.471721][ T5882] hub 1-1:0.0: bad descriptor, ignoring hub [ 194.471755][ T5882] hub 1-1:0.0: probe with driver hub failed with error -5 [ 194.597855][ T6859] binder: 6858:6859 ioctl c0306201 0 returned -14 [ 194.604214][ T6859] binder: BINDER_SET_CONTEXT_MGR already set [ 194.604226][ T6859] binder: 6858:6859 ioctl 4018620d 200000000040 returned -16 [ 194.605702][ T6859] binder: 6858:6859 ioctl c0306201 200000000500 returned -11 [ 194.843767][ T6870] binder: 6867:6870 ioctl c018620c 200000000100 returned -1 [ 194.845067][ T5882] usb 1-1: USB disconnect, device number 6 [ 195.859663][ T6893] netlink: 24 bytes leftover after parsing attributes in process `syz.3.290'. [ 196.566640][ T6899] binder: 6897:6899 ioctl c0306201 0 returned -14 [ 196.569369][ T6899] binder: 6897:6899 ioctl c0306201 200000000500 returned -11 [ 196.584761][ T1593] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 196.734703][ T1593] usb 1-1: Using ep0 maxpacket: 8 [ 196.742039][ T1593] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 196.742064][ T1593] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.742081][ T1593] usb 1-1: Product: syz [ 196.742093][ T1593] usb 1-1: Manufacturer: syz [ 196.742106][ T1593] usb 1-1: SerialNumber: syz [ 196.799214][ T1593] usb 1-1: config 0 descriptor?? [ 197.964322][ T1593] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 199.999304][ T1593] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 202.626353][ T5861] usb 1-1: USB disconnect, device number 7 [ 202.924869][ T10] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 203.868593][ T5799] Bluetooth: hci0: command 0x0406 tx timeout [ 203.868807][ T5799] Bluetooth: hci3: command 0x0406 tx timeout [ 203.868915][ T5799] Bluetooth: hci1: command 0x0406 tx timeout [ 203.868966][ T5799] Bluetooth: hci2: command 0x0406 tx timeout [ 203.869018][ T5799] Bluetooth: hci4: command tx timeout [ 203.960214][ T10] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 203.960231][ T10] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 203.960240][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 203.960249][ T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 203.960268][ T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 203.960288][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 246 [ 203.963807][ T10] usb 2-1: string descriptor 0 read error: -22 [ 203.963942][ T10] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 203.963963][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.988645][ T10] usb 2-1: config 0 descriptor?? [ 203.992798][ T10] hub 2-1:0.0: bad descriptor, ignoring hub [ 203.992833][ T10] hub 2-1:0.0: probe with driver hub failed with error -5 [ 204.099157][ T6935] binder: 6934:6935 ioctl c018620c 200000000100 returned -1 [ 204.103266][ T6938] binder: 6936:6938 ioctl c0306201 200000000500 returned -11 [ 205.669106][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.329068][ T5882] usb 2-1: USB disconnect, device number 4 [ 206.419114][ T6962] Set syz1 is full, maxelem 0 reached [ 206.650192][ T6966] bridge0: port 3(syz_tun) entered blocking state [ 206.650778][ T6966] bridge0: port 3(syz_tun) entered disabled state [ 206.651204][ T6966] syz_tun: entered allmulticast mode [ 206.764885][ T5882] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 206.854866][ T6966] syz_tun: entered promiscuous mode [ 206.856743][ T6966] bridge0: port 3(syz_tun) entered blocking state [ 206.856911][ T6966] bridge0: port 3(syz_tun) entered forwarding state [ 206.916055][ T5882] usb 5-1: Using ep0 maxpacket: 8 [ 206.921630][ T5882] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 206.921655][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.921672][ T5882] usb 5-1: Product: syz [ 206.921685][ T5882] usb 5-1: Manufacturer: syz [ 206.921697][ T5882] usb 5-1: SerialNumber: syz [ 206.928364][ C0] vkms_vblank_simulate: vblank timer overrun [ 207.106947][ C0] vkms_vblank_simulate: vblank timer overrun [ 207.606437][ T5882] usb 5-1: config 0 descriptor?? [ 207.616180][ C0] vkms_vblank_simulate: vblank timer overrun [ 207.886569][ C0] vkms_vblank_simulate: vblank timer overrun [ 208.153153][ T5882] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 208.457859][ C0] vkms_vblank_simulate: vblank timer overrun [ 208.587435][ C0] vkms_vblank_simulate: vblank timer overrun [ 208.664134][ C0] vkms_vblank_simulate: vblank timer overrun [ 208.707818][ C0] vkms_vblank_simulate: vblank timer overrun [ 208.767310][ T6978] binder: 6976:6978 ioctl c018620c 200000000100 returned -1 [ 210.124561][ T6993] netlink: 12 bytes leftover after parsing attributes in process `syz.3.326'. [ 210.677382][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.017866][ T5882] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 211.043946][ T5882] usb 5-1: USB disconnect, device number 4 [ 211.794735][ T5803] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 211.899567][ T7011] binder: 7010:7011 ioctl c018620c 200000000100 returned -1 [ 211.959248][ T5803] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 211.959265][ T5803] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 211.959275][ T5803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 211.959294][ T5803] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 211.959319][ T5803] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 211.959329][ T5803] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 211.963104][ T5803] usb 1-1: string descriptor 0 read error: -22 [ 211.963188][ T5803] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 211.963199][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.169090][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.419962][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.472518][ T5803] usb 1-1: config 0 descriptor?? [ 212.484135][ T5803] hub 1-1:0.0: bad descriptor, ignoring hub [ 212.484156][ T5803] hub 1-1:0.0: probe with driver hub failed with error -5 [ 212.615771][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.692351][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.988563][ T5803] usb 1-1: USB disconnect, device number 8 [ 213.150098][ C0] vkms_vblank_simulate: vblank timer overrun [ 213.880728][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.181603][ T7036] netlink: 12 bytes leftover after parsing attributes in process `syz.0.340'. [ 214.840883][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.857183][ T7035] syz.0.340 (7035) used greatest stack depth: 16696 bytes left [ 215.084008][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.238037][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.050550][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.272513][ T7054] binder: 7053:7054 ioctl c018620c 200000000100 returned -1 [ 218.678790][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.799309][ C0] vkms_vblank_simulate: vblank timer overrun [ 219.294734][ T5803] usb 4-1: new low-speed USB device number 7 using dummy_hcd [ 219.597598][ T5803] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 219.597623][ T5803] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 219.597640][ T5803] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 219.597673][ T5803] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 219.597707][ T5803] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 219.597726][ T5803] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 219.612278][ T7079] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.683071][ T5803] usb 4-1: string descriptor 0 read error: -22 [ 219.683220][ T5803] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 219.683240][ T5803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.710771][ T5803] usb 4-1: config 0 descriptor?? [ 219.727135][ T5803] hub 4-1:0.0: bad descriptor, ignoring hub [ 219.727170][ T5803] hub 4-1:0.0: probe with driver hub failed with error -5 [ 221.021261][ T5803] usb 4-1: USB disconnect, device number 7 [ 222.875511][ T7100] binder: 7098:7100 ioctl c018620c 200000000100 returned -1 [ 224.072000][ T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 225.754700][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 225.757073][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.757123][ T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 225.757153][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 225.757175][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 225.757194][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 225.760493][ T10] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 225.760515][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 225.760532][ T10] usb 1-1: Product: syz [ 225.760544][ T10] usb 1-1: Manufacturer: syz [ 225.760556][ T10] usb 1-1: SerialNumber: syz [ 226.650202][ T10] usb 1-1: config 0 descriptor?? [ 226.665331][ T10] usb 1-1: can't set config #0, error -71 [ 226.667650][ T10] usb 1-1: USB disconnect, device number 9 [ 227.789955][ T7130] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.797611][ T7130] batadv_slave_0: entered promiscuous mode [ 230.815950][ T7146] random: crng reseeded on system resumption [ 230.843526][ T7148] binder: 7141:7148 ioctl c018620c 200000000100 returned -1 [ 232.045603][ T7150] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 232.274807][ T10] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 232.606852][ T10] usb 3-1: config index 0 descriptor too short (expected 1307, got 27) [ 232.606878][ T10] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 232.606904][ T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 232.606937][ T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 232.606977][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 232.606995][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 232.611088][ T10] usb 3-1: string descriptor 0 read error: -22 [ 232.611243][ T10] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 232.611264][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.719622][ T10] usb 3-1: config 0 descriptor?? [ 233.512718][ T10] hub 3-1:0.0: bad descriptor, ignoring hub [ 233.512755][ T10] hub 3-1:0.0: probe with driver hub failed with error -5 [ 233.645225][ T5847] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 233.740761][ T7167] netlink: 'syz.3.380': attribute type 1 has an invalid length. [ 233.740782][ T7167] netlink: 228 bytes leftover after parsing attributes in process `syz.3.380'. [ 233.810659][ T5847] usb 1-1: config 0 has no interfaces? [ 233.810690][ T5847] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 233.810708][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.843510][ T5847] usb 1-1: config 0 descriptor?? [ 234.136099][ T1593] usb 3-1: USB disconnect, device number 2 [ 234.797658][ T5889] usb 1-1: USB disconnect, device number 10 [ 237.904924][ T5803] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 239.188875][ T5803] usb 4-1: Using ep0 maxpacket: 8 [ 239.303557][ T5803] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.303610][ T5803] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 239.303632][ T5803] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 239.303653][ T5803] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 239.303671][ T5803] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 239.365090][ T5803] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 239.365111][ T5803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 239.365121][ T5803] usb 4-1: Product: syz [ 239.365128][ T5803] usb 4-1: Manufacturer: syz [ 239.365134][ T5803] usb 4-1: SerialNumber: syz [ 239.407545][ T7192] binder: 7191:7192 ioctl c018620c 200000000100 returned -1 [ 239.411559][ T5803] usb 4-1: config 0 descriptor?? [ 239.530392][ T7207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.393'. [ 239.530473][ T7207] netlink: 12 bytes leftover after parsing attributes in process `syz.0.393'. [ 239.530497][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.393'. [ 239.619675][ T5803] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 239.619971][ T5803] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5 [ 239.657645][ T12] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 239.657760][ T7207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.393'. [ 239.657776][ T7207] netlink: 12 bytes leftover after parsing attributes in process `syz.0.393'. [ 239.657800][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.393'. [ 239.662507][ T43] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 239.662547][ T43] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 239.662578][ T43] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 239.769776][ T7214] netlink: 'syz.1.395': attribute type 2 has an invalid length. [ 239.867655][ T31] usb 4-1: USB disconnect, device number 8 [ 239.965141][ T7220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.397'. [ 242.209392][ T7244] binder: 7243:7244 ioctl c018620c 200000000100 returned -1 [ 242.824538][ C0] vkms_vblank_simulate: vblank timer overrun [ 243.212675][ C0] vkms_vblank_simulate: vblank timer overrun [ 243.591354][ T7260] netlink: 'syz.0.407': attribute type 1 has an invalid length. [ 243.795007][ T7260] 8021q: adding VLAN 0 to HW filter on device bond1 [ 243.926528][ T7264] bond1: (slave geneve2): making interface the new active one [ 243.955898][ T7264] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 244.544309][ C0] vkms_vblank_simulate: vblank timer overrun [ 244.604781][ T31] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 244.736790][ C0] vkms_vblank_simulate: vblank timer overrun [ 244.985131][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 245.208514][ C0] vkms_vblank_simulate: vblank timer overrun [ 245.471177][ T31] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 245.472247][ T31] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 245.472272][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 245.472294][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 245.472314][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 245.530425][ T31] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 245.530450][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 245.530560][ T31] usb 5-1: Product: syz [ 245.530573][ T31] usb 5-1: Manufacturer: syz [ 245.530586][ T31] usb 5-1: SerialNumber: syz [ 245.547997][ T31] usb 5-1: config 0 descriptor?? [ 245.655045][ C0] vkms_vblank_simulate: vblank timer overrun [ 245.773194][ T31] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 245.773482][ T31] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5 [ 253.377149][ T5889] usb 5-1: USB disconnect, device number 5 [ 253.613506][ T7300] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 255.411033][ T7321] binder: 7320:7321 ioctl c018620c 200000000100 returned -1 [ 255.600983][ T7325] netlink: 12 bytes leftover after parsing attributes in process `syz.0.426'. [ 256.291306][ C0] vkms_vblank_simulate: vblank timer overrun [ 256.554523][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.554588][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.797156][ T7305] netlink: 10 bytes leftover after parsing attributes in process `syz.4.419'. [ 257.073787][ C0] vkms_vblank_simulate: vblank timer overrun [ 257.517723][ T5889] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 257.722025][ C0] vkms_vblank_simulate: vblank timer overrun [ 257.974532][ C0] vkms_vblank_simulate: vblank timer overrun [ 258.244801][ T5889] usb 1-1: Using ep0 maxpacket: 8 [ 258.271545][ T5889] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 258.271604][ T5889] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 258.271626][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 258.271647][ T5889] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 258.271666][ T5889] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 258.291855][ C0] vkms_vblank_simulate: vblank timer overrun [ 258.489152][ T5889] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 258.489179][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 258.489196][ T5889] usb 1-1: Product: syz [ 258.489208][ T5889] usb 1-1: Manufacturer: syz [ 258.489220][ T5889] usb 1-1: SerialNumber: syz [ 258.526057][ T5889] usb 1-1: config 0 descriptor?? [ 258.639000][ C0] vkms_vblank_simulate: vblank timer overrun [ 258.747462][ C0] vkms_vblank_simulate: vblank timer overrun [ 258.880643][ T5889] radio-si470x 1-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 258.882047][ T5889] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -5 [ 259.100968][ C0] vkms_vblank_simulate: vblank timer overrun [ 259.175686][ T5889] usb 1-1: USB disconnect, device number 11 [ 259.831911][ T7362] binder: 7359:7362 ioctl c018620c 200000000100 returned -1 [ 260.107728][ T7368] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 260.982060][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.072473][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.184156][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.261948][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.655947][ C0] vkms_vblank_simulate: vblank timer overrun [ 261.879863][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.533069][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.809347][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.946582][ T7388] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 263.066742][ T7396] veth0: entered promiscuous mode [ 263.067597][ T7396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.452'. [ 263.129819][ T7398] binder: 7393:7398 ioctl c018620c 200000000100 returned -1 [ 266.585210][ T7437] random: crng reseeded on system resumption [ 266.761292][ T5811] Bluetooth: hci0: unexpected event for opcode 0x2035 [ 270.890579][ T61] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 270.991694][ T61] Bluetooth: hci0: Injecting HCI hardware error event [ 271.020673][ T5811] Bluetooth: hci0: hardware error 0x00 [ 271.974746][ C0] vkms_vblank_simulate: vblank timer overrun [ 272.237850][ C0] vkms_vblank_simulate: vblank timer overrun [ 272.291581][ C0] vkms_vblank_simulate: vblank timer overrun [ 272.746281][ C0] vkms_vblank_simulate: vblank timer overrun [ 273.485960][ T5811] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 275.299744][ C0] vkms_vblank_simulate: vblank timer overrun [ 275.516877][ C0] vkms_vblank_simulate: vblank timer overrun [ 276.882604][ C0] vkms_vblank_simulate: vblank timer overrun [ 277.304781][ T5967] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 277.534304][ T5889] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 277.547312][ T5967] usb 4-1: config 0 has no interfaces? [ 277.547347][ T5967] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 277.547361][ T5967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.595733][ T5967] usb 4-1: config 0 descriptor?? [ 277.684779][ T5889] usb 2-1: Using ep0 maxpacket: 16 [ 277.688842][ T5889] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 277.688862][ T5889] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 277.688878][ T5889] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 277.745126][ T5889] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 277.745148][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.745162][ T5889] usb 2-1: Product: syz [ 277.745173][ T5889] usb 2-1: Manufacturer: syz [ 277.745183][ T5889] usb 2-1: SerialNumber: syz [ 277.865449][ T5967] usb 4-1: USB disconnect, device number 9 [ 278.231907][ T5889] usb 2-1: 0:2 : does not exist [ 278.434965][ T5967] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 278.598838][ T5967] usb 1-1: config 0 has no interfaces? [ 278.598874][ T5967] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 278.598895][ T5967] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.632632][ T5967] usb 1-1: config 0 descriptor?? [ 278.871060][ T5803] usb 2-1: USB disconnect, device number 5 [ 279.024264][ T5889] usb 1-1: USB disconnect, device number 12 [ 282.664727][ T5861] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 282.827487][ T5861] usb 1-1: config 0 has no interfaces? [ 282.827521][ T5861] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 282.827541][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.843469][ T5861] usb 1-1: config 0 descriptor?? [ 283.048564][ T5967] usb 1-1: USB disconnect, device number 13 [ 285.635635][ T7597] syz.0.518 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 286.174738][ T5967] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 286.337755][ T5967] usb 1-1: config 0 has no interfaces? [ 286.337791][ T5967] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 286.337811][ T5967] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.386838][ T5967] usb 1-1: config 0 descriptor?? [ 286.631763][ T5967] usb 1-1: USB disconnect, device number 14 [ 288.253725][ T7628] uprobe: syz.2.528:7628 failed to unregister, leaking uprobe [ 288.854866][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.892365][ T7624] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.912579][ T7624] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.066130][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.070598][ T7649] trusted_key: encrypted_key: insufficient parameters specified [ 289.290485][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.923766][ T7624] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 291.170465][ C1] vkms_vblank_simulate: vblank timer overrun [ 291.335352][ C1] vkms_vblank_simulate: vblank timer overrun [ 291.923613][ T3623] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.936051][ T3623] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.989021][ T3623] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.989067][ T3623] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.062884][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.428023][ C0] vkms_vblank_simulate: vblank timer overrun [ 295.136572][ C0] vkms_vblank_simulate: vblank timer overrun [ 296.073732][ C0] vkms_vblank_simulate: vblank timer overrun [ 296.377493][ T7730] trusted_key: encrypted_key: insufficient parameters specified [ 296.745110][ C0] vkms_vblank_simulate: vblank timer overrun [ 297.079935][ C0] vkms_vblank_simulate: vblank timer overrun [ 297.745062][ C0] vkms_vblank_simulate: vblank timer overrun [ 298.479496][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.139509][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.224736][ T7361] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 300.584694][ T7361] usb 5-1: Using ep0 maxpacket: 8 [ 300.587682][ T7361] usb 5-1: unable to get BOS descriptor or descriptor too short [ 300.590118][ T7361] usb 5-1: config 1 has an invalid interface number: 65 but max is 0 [ 300.590138][ T7361] usb 5-1: config 1 has no interface number 0 [ 300.590167][ T7361] usb 5-1: too many endpoints for config 1 interface 65 altsetting 139: 128, using maximum allowed: 30 [ 300.590203][ T7361] usb 5-1: config 1 interface 65 altsetting 139 has 0 endpoint descriptors, different from the interface descriptor's value: 128 [ 300.590226][ T7361] usb 5-1: config 1 interface 65 has no altsetting 0 [ 300.601437][ T7361] usb 5-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=2b.cd [ 300.601460][ T7361] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.601477][ T7361] usb 5-1: Product: syz [ 300.601488][ T7361] usb 5-1: Manufacturer: syz [ 300.601500][ T7361] usb 5-1: SerialNumber: syz [ 302.025483][ T7788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.026678][ T7788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 302.173467][ T7788] tipc: Started in network mode [ 302.173692][ T7788] tipc: Node identity ac14140f, cluster identity 4711 [ 302.202813][ T7788] tipc: New replicast peer: 255.255.255.255 [ 302.223494][ T7788] tipc: Enabled bearer , priority 10 [ 303.216008][ T5882] tipc: Node number set to 2886997007 [ 303.370902][ T7810] binder: 7809:7810 ioctl c018620c 200000000100 returned -1 [ 303.743642][ C0] vkms_vblank_simulate: vblank timer overrun [ 303.877894][ C0] vkms_vblank_simulate: vblank timer overrun [ 304.325272][ C0] vkms_vblank_simulate: vblank timer overrun [ 304.638383][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.674579][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.781333][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.856567][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.988653][ C0] vkms_vblank_simulate: vblank timer overrun [ 306.152099][ T7361] kalmia 5-1:1.65 (unnamed net_device) (uninitialized): Error sending init packet. Status -22 [ 306.152654][ T7361] kalmia 5-1:1.65: probe with driver kalmia failed with error -22 [ 306.814957][ T7849] binder: 7848:7849 ioctl c018620c 200000000100 returned -1 [ 307.024806][ T5967] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 307.407119][ T5967] usb 4-1: Using ep0 maxpacket: 8 [ 307.414369][ T5967] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 307.417828][ T5967] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 307.417851][ T5967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 307.417868][ T5967] usb 4-1: SerialNumber: syz [ 307.454366][ T5967] usb 4-1: config 0 descriptor?? [ 307.460953][ T5967] uvcvideo 4-1:0.0: Found UVC 0.00 device (05ac:8501) [ 307.462187][ T5967] uvcvideo 4-1:0.0: Failed to create links for entity 255 [ 307.462198][ T5967] uvcvideo 4-1:0.0: Failed to register entities (-22). [ 308.965815][ T7787] delete_channel: no stack [ 308.995177][ T5861] usb 5-1: USB disconnect, device number 6 [ 310.398369][ T7894] binder: 7893:7894 ioctl c018620c 200000000100 returned -1 [ 311.095847][ T5861] usb 4-1: USB disconnect, device number 10 [ 311.536554][ T7897] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.344981][ T7935] random: crng reseeded on system resumption [ 316.542201][ T7935] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 316.587015][ T5803] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 316.775001][ T5803] usb 4-1: Using ep0 maxpacket: 8 [ 316.825200][ T5803] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 316.825252][ T5803] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 316.825269][ T5803] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 316.883824][ T5803] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 316.883840][ T5803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.883849][ T5803] usb 4-1: Product: syz [ 316.883856][ T5803] usb 4-1: Manufacturer: syz [ 316.883862][ T5803] usb 4-1: SerialNumber: syz [ 316.981477][ T5803] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 316.995526][ T5803] usbtest 4-1:1.0: couldn't get endpoints, -22 [ 316.995609][ T5803] usbtest 4-1:1.0: probe with driver usbtest failed with error -22 [ 317.087629][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.087723][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.135693][ C0] vkms_vblank_simulate: vblank timer overrun [ 318.455118][ C0] vkms_vblank_simulate: vblank timer overrun [ 318.576214][ C0] vkms_vblank_simulate: vblank timer overrun [ 318.769498][ C0] vkms_vblank_simulate: vblank timer overrun [ 319.095362][ C0] vkms_vblank_simulate: vblank timer overrun [ 319.355445][ C0] vkms_vblank_simulate: vblank timer overrun [ 321.997941][ T5803] usb 4-1: USB disconnect, device number 11 [ 322.530949][ T7972] openvswitch: netlink: Flow actions attr not present in new flow. [ 322.984875][ T5861] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 323.040101][ C0] vkms_vblank_simulate: vblank timer overrun [ 324.289913][ T7973] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 325.400202][ C0] vkms_vblank_simulate: vblank timer overrun [ 325.504705][ T5861] usb 1-1: Using ep0 maxpacket: 8 [ 325.509129][ T5861] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 325.509172][ T5861] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 325.509192][ T5861] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.727462][ C0] vkms_vblank_simulate: vblank timer overrun [ 325.762364][ T5861] usb 1-1: config 0 descriptor?? [ 325.851170][ C0] vkms_vblank_simulate: vblank timer overrun [ 325.926097][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.017113][ T5861] usb 1-1: can't set config #0, error -71 [ 326.062730][ T5861] usb 1-1: USB disconnect, device number 15 [ 326.318014][ C0] vkms_vblank_simulate: vblank timer overrun [ 327.512973][ T8001] openvswitch: netlink: Flow actions attr not present in new flow. [ 327.564781][ T5967] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 328.026313][ T5967] usb 3-1: config 0 has no interfaces? [ 328.026335][ T5967] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 328.026346][ T5967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.033336][ T5967] usb 3-1: config 0 descriptor?? [ 328.241612][ T5967] usb 3-1: USB disconnect, device number 3 [ 328.391649][ T61] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 328.402101][ T61] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 328.403093][ T61] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 328.404174][ T61] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 328.408527][ T61] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 330.528592][ T61] Bluetooth: hci5: command tx timeout [ 332.605277][ T61] Bluetooth: hci5: command tx timeout [ 333.308819][ T8038] openvswitch: netlink: Flow actions attr not present in new flow. [ 333.555951][ T8008] chnl_net:caif_netlink_parms(): no params data found [ 333.869089][ T8042] netlink: 52 bytes leftover after parsing attributes in process `syz.2.662'. [ 334.684711][ T61] Bluetooth: hci5: command tx timeout [ 334.806415][ T8008] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.806621][ T8008] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.806748][ T8008] bridge_slave_0: entered allmulticast mode [ 334.808379][ T8008] bridge_slave_0: entered promiscuous mode [ 334.811921][ T8008] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.812036][ T8008] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.812149][ T8008] bridge_slave_1: entered allmulticast mode [ 334.813851][ T8008] bridge_slave_1: entered promiscuous mode [ 335.247642][ T8057] loop5: detected capacity change from 0 to 2287 [ 335.602444][ T8008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 335.623794][ T7292] Buffer I/O error on dev loop5, logical block 285, async page read [ 335.661045][ T8008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.170017][ T61] Bluetooth: hci5: command tx timeout [ 337.317004][ T8008] team0: Port device team_slave_0 added [ 337.320368][ T8008] team0: Port device team_slave_1 added [ 337.845594][ T8008] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 337.845609][ T8008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 337.845633][ T8008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 337.848109][ T8008] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 337.848123][ T8008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 337.848145][ T8008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 338.348501][ T8065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 338.406746][ T8008] hsr_slave_0: entered promiscuous mode [ 338.425798][ T8008] hsr_slave_1: entered promiscuous mode [ 338.430355][ T8008] debugfs: 'hsr0' already exists in 'hsr' [ 338.430380][ T8008] Cannot create hsr debugfs directory [ 340.173774][ T8008] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 340.210992][ T8008] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 340.333663][ T8008] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 340.457830][ T8008] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 340.833619][ T8100] syzkaller0: entered promiscuous mode [ 340.833642][ T8100] syzkaller0: entered allmulticast mode [ 341.069265][ C1] vkms_vblank_simulate: vblank timer overrun [ 341.253821][ C1] vkms_vblank_simulate: vblank timer overrun [ 341.818223][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.046754][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.915351][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.494075][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.643240][ C1] vkms_vblank_simulate: vblank timer overrun [ 344.058696][ T8008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.148678][ T7361] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 344.946015][ T8128] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 345.209183][ T7361] usb 3-1: Using ep0 maxpacket: 8 [ 345.352540][ T7361] usb 3-1: config 0 has too many interfaces: 42, using maximum allowed: 32 [ 345.352555][ T7361] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 42 [ 345.352582][ T7361] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 345.352593][ T7361] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x67, changing to 0x7 [ 345.352604][ T7361] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 345.352615][ T7361] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 345.352626][ T7361] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 345.352647][ T7361] usb 3-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=70.57 [ 345.352658][ T7361] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.439625][ T8008] 8021q: adding VLAN 0 to HW filter on device team0 [ 345.455554][ T7361] usb 3-1: config 0 descriptor?? [ 345.474465][ T7361] kobil_sct 3-1:0.0: KOBIL USB smart card terminal converter detected [ 345.519483][ T7361] usb 3-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 345.599916][ T6391] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.600274][ T6391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.613581][ T1469] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.615260][ T1469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.667877][ T8124] netlink: 'syz.2.682': attribute type 5 has an invalid length. [ 348.118658][ T5882] usb 3-1: USB disconnect, device number 4 [ 348.197174][ T5882] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 348.197728][ T5882] kobil_sct 3-1:0.0: device disconnected [ 350.266270][ T8008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.331971][ T8163] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.987225][ C0] ------------[ cut here ]------------ [ 352.987275][ C0] refcount_t: addition on 0; use-after-free. [ 352.987958][ C0] WARNING: CPU: 0 PID: 16 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 352.987998][ C0] Modules linked in: [ 352.988037][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 352.988062][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 352.988077][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 352.988102][ C0] Code: 00 00 e8 d9 66 45 fd 5b 41 5e c3 cc cc cc cc cc e8 cb 66 45 fd c6 05 e3 0e 47 0a 01 90 48 c7 c7 80 2b 3d 8b e8 57 ae 09 fd 90 <0f> 0b 90 90 eb d7 e8 ab 66 45 fd c6 05 c4 0e 47 0a 01 90 48 c7 c7 [ 352.988121][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 352.988139][ C0] RAX: ed53510687f64f00 RBX: 0000000000000002 RCX: ffff88801b2dda00 [ 352.988155][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 352.988168][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 352.988182][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 352.988197][ C0] R13: ffff888026639360 R14: ffff888026638f80 R15: dffffc0000000000 [ 352.988213][ C0] FS: 0000000000000000(0000) GS:ffff888126dfc000(0000) knlGS:0000000000000000 [ 352.988231][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 352.988246][ C0] CR2: 000000110c3f2e9f CR3: 000000002449a000 CR4: 00000000003526f0 [ 352.988264][ C0] Call Trace: [ 352.988276][ C0] [ 352.988287][ C0] mptcp_schedule_work+0x164/0x1a0 [ 352.988314][ C0] mptcp_tout_timer+0x21/0xa0 [ 352.988343][ C0] call_timer_fn+0x17e/0x5f0 [ 352.988372][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 352.988397][ C0] ? call_timer_fn+0xbe/0x5f0 [ 352.988431][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 352.988469][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 352.988496][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.988522][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 352.988549][ C0] __run_timer_base+0x648/0x970 [ 352.988594][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 352.988638][ C0] run_timer_softirq+0xb7/0x180 [ 352.988666][ C0] handle_softirqs+0x22f/0x710 [ 352.988714][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 352.988753][ C0] run_ktimerd+0xcf/0x190 [ 352.988780][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 352.988806][ C0] ? schedule+0x91/0x360 [ 352.988840][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 352.988865][ C0] smpboot_thread_fn+0x542/0xa60 [ 352.988894][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 352.988929][ C0] kthread+0x711/0x8a0 [ 352.988964][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 352.988990][ C0] ? __pfx_kthread+0x10/0x10 [ 352.989017][ C0] ? rt_spin_unlock+0x150/0x200 [ 352.989044][ C0] ? rt_spin_unlock+0x161/0x200 [ 352.989064][ C0] ? __pfx_kthread+0x10/0x10 [ 352.989095][ C0] ret_from_fork+0x4bc/0x870 [ 352.989124][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 352.989158][ C0] ? __switch_to_asm+0x39/0x70 [ 352.989179][ C0] ? __switch_to_asm+0x33/0x70 [ 352.989199][ C0] ? __pfx_kthread+0x10/0x10 [ 352.989231][ C0] ret_from_fork_asm+0x1a/0x30 [ 352.989273][ C0] [ 352.989288][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 352.989303][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 352.989329][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 352.989341][ C0] Call Trace: [ 352.989349][ C0] [ 352.989358][ C0] dump_stack_lvl+0x99/0x250 [ 352.989389][ C0] ? __asan_memcpy+0x40/0x70 [ 352.989415][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.989446][ C0] ? __pfx__printk+0x10/0x10 [ 352.989487][ C0] vpanic+0x237/0x6d0 [ 352.989508][ C0] ? __pfx_vpanic+0x10/0x10 [ 352.989541][ C0] panic+0xb9/0xc0 [ 352.989561][ C0] ? __pfx_panic+0x10/0x10 [ 352.989601][ C0] __warn+0x31b/0x4b0 [ 352.989620][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 352.989645][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 352.989668][ C0] report_bug+0x2be/0x4f0 [ 352.989699][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 352.989723][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 352.989746][ C0] ? refcount_warn_saturate+0xfc/0x1d0 [ 352.989769][ C0] handle_bug+0x84/0x160 [ 352.989799][ C0] exc_invalid_op+0x1a/0x50 [ 352.989829][ C0] asm_exc_invalid_op+0x1a/0x20 [ 352.989849][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 352.989872][ C0] Code: 00 00 e8 d9 66 45 fd 5b 41 5e c3 cc cc cc cc cc e8 cb 66 45 fd c6 05 e3 0e 47 0a 01 90 48 c7 c7 80 2b 3d 8b e8 57 ae 09 fd 90 <0f> 0b 90 90 eb d7 e8 ab 66 45 fd c6 05 c4 0e 47 0a 01 90 48 c7 c7 [ 352.989891][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 352.989910][ C0] RAX: ed53510687f64f00 RBX: 0000000000000002 RCX: ffff88801b2dda00 [ 352.989925][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 352.989939][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 352.989953][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 352.989970][ C0] R13: ffff888026639360 R14: ffff888026638f80 R15: dffffc0000000000 [ 352.990007][ C0] mptcp_schedule_work+0x164/0x1a0 [ 352.990032][ C0] mptcp_tout_timer+0x21/0xa0 [ 352.990059][ C0] call_timer_fn+0x17e/0x5f0 [ 352.990086][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 352.990110][ C0] ? call_timer_fn+0xbe/0x5f0 [ 352.990138][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 352.990177][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 352.990203][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.990227][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 352.990255][ C0] __run_timer_base+0x648/0x970 [ 352.990299][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 352.990344][ C0] run_timer_softirq+0xb7/0x180 [ 352.990372][ C0] handle_softirqs+0x22f/0x710 [ 352.990408][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 352.990446][ C0] run_ktimerd+0xcf/0x190 [ 352.990474][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 352.990499][ C0] ? schedule+0x91/0x360 [ 352.990533][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 352.990558][ C0] smpboot_thread_fn+0x542/0xa60 [ 352.990586][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 352.990622][ C0] kthread+0x711/0x8a0 [ 352.990656][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 352.990688][ C0] ? __pfx_kthread+0x10/0x10 [ 352.990715][ C0] ? rt_spin_unlock+0x150/0x200 [ 352.990742][ C0] ? rt_spin_unlock+0x161/0x200 [ 352.990762][ C0] ? __pfx_kthread+0x10/0x10 [ 352.990794][ C0] ret_from_fork+0x4bc/0x870 [ 352.990822][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 352.990856][ C0] ? __switch_to_asm+0x39/0x70 [ 352.990876][ C0] ? __switch_to_asm+0x33/0x70 [ 352.990897][ C0] ? __pfx_kthread+0x10/0x10 [ 352.990928][ C0] ret_from_fork_asm+0x1a/0x30 [ 352.990969][ C0] [ 352.991209][ C0] Kernel Offset: disabled